Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137372e302f32342d3234203d3e20323134363737.roa
File:                     352e3138312e3137372e302f32342d3234203d3e20323134363737.roa (raw, json)
Hash identifier:          vzxuG1+0kmB63/R/Nt/ZMIV9K/FLNdsayN5ApsSCS70=
Subject key identifier:   9E:0A:32:76:35:CE:10:73:8D:0B:BC:35:D1:31:49:FA:D6:13:73:FA
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       579DEBF34B26B157D2C49A6F7E787CB24E6897DD
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137372e302f32342d3234203d3e20323134363737.roa
Signing time:             Sat 04 Oct 2025 11:55:08 +0000
ROA not before:           Sat 04 Oct 2025 11:50:08 +0000
ROA not after:            Sat 03 Oct 2026 11:55:08 +0000
asID:                     214677
IP address blocks:        5.181.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:08:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:9d:eb:f3:4b:26:b1:57:d2:c4:9a:6f:7e:78:7c:b2:4e:68:97:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Oct  4 11:50:08 2025 GMT
            Not After : Oct  3 11:55:08 2026 GMT
        Subject: CN=9E0A327635CE10738D0BBC35D13149FAD61373FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a5:07:78:58:01:51:a0:87:94:17:6c:48:0d:
                    34:00:48:18:bf:1c:69:dc:55:d8:9f:57:83:68:9b:
                    ac:9e:40:35:06:38:23:85:38:4d:d8:5c:96:fb:b4:
                    b7:21:fc:8b:fa:fc:40:fd:d2:6b:b4:ff:30:29:ec:
                    5a:71:4b:f5:45:20:c7:e0:44:03:07:44:b2:7d:76:
                    5f:8f:f9:13:97:c0:b0:e4:d5:db:46:ec:4b:1e:56:
                    41:53:05:1f:b9:d8:36:4c:61:99:9f:5a:8b:36:8b:
                    69:4a:9c:5e:31:3f:4c:3b:1a:71:ca:3d:df:86:b9:
                    80:6a:c3:ee:00:cc:86:38:99:94:0a:e7:0a:ba:05:
                    4a:f3:5d:bb:ad:17:b8:50:f9:c0:b6:bd:1b:02:91:
                    22:01:36:f5:9d:67:62:e7:18:ca:c0:54:01:05:5f:
                    01:74:db:ef:d7:fe:68:93:f3:52:61:4a:d6:56:a8:
                    61:61:f3:fb:40:06:44:ff:f9:49:7e:57:83:ad:e4:
                    c8:80:d0:25:da:19:1a:29:97:ef:bb:77:ef:ea:09:
                    11:5d:03:d6:f3:5f:96:53:ae:c9:eb:56:45:63:ef:
                    d1:2e:d5:cb:37:ac:a5:02:e7:e2:06:38:f2:23:58:
                    fa:63:d3:fa:8f:9e:3d:eb:50:5b:30:7a:57:9c:16:
                    3e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:0A:32:76:35:CE:10:73:8D:0B:BC:35:D1:31:49:FA:D6:13:73:FA
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137372e302f32342d3234203d3e20323134363737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:85:f0:c5:a0:cf:4d:89:12:92:03:ff:e1:30:64:7d:b9:18:
         d0:df:88:66:5f:af:1f:96:79:25:68:0a:24:a5:64:d2:8e:da:
         79:ee:2c:04:d5:a3:99:2b:98:a1:90:88:00:54:71:79:7f:cc:
         eb:28:29:f0:c6:54:e6:1f:90:9d:7e:77:d4:53:da:59:b0:72:
         2e:d2:30:69:64:96:a7:c6:ce:34:bd:19:65:e0:aa:3f:58:99:
         6f:2b:51:37:7f:75:ed:12:f5:6a:7c:7d:10:42:a2:bc:10:55:
         e8:34:a1:bd:86:9d:2a:b0:3f:4d:21:c4:6a:3a:5f:06:9c:11:
         ea:53:ae:5b:59:d4:ec:0f:78:cd:62:b7:30:93:42:42:65:d5:
         c5:00:e4:2f:a4:f5:0d:5d:66:04:45:06:bf:c5:a1:44:94:06:
         da:03:02:71:43:18:ce:41:ed:9f:04:b4:d1:af:75:c7:d8:67:
         56:83:95:8d:22:54:8c:65:60:70:01:c0:54:0b:cc:2d:e7:b6:
         42:49:dd:b4:69:bd:df:73:68:8d:1b:53:e4:51:0f:42:af:28:
         2e:30:41:cf:28:12:c2:26:65:fb:c7:80:f9:fd:2e:8c:88:eb:
         74:42:4a:b2:8c:88:39:cb:d1:e4:45:5e:c7:38:00:d5:71:bf:
         6b:88:e4:d3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUV53r80smsVfSxJpvfnh8sk5ol90wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTEwMDQxMTUwMDhaFw0yNjEwMDMxMTU1MDhaMDMxMTAvBgNV
BAMTKDlFMEEzMjc2MzVDRTEwNzM4RDBCQkMzNUQxMzE0OUZBRDYxMzczRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEpQd4WAFRoIeUF2xIDTQASBi/
HGncVdifV4Nom6yeQDUGOCOFOE3YXJb7tLch/Iv6/ED90mu0/zAp7FpxS/VFIMfg
RAMHRLJ9dl+P+ROXwLDk1dtG7EseVkFTBR+52DZMYZmfWos2i2lKnF4xP0w7GnHK
Pd+GuYBqw+4AzIY4mZQK5wq6BUrzXbutF7hQ+cC2vRsCkSIBNvWdZ2LnGMrAVAEF
XwF02+/X/miT81JhStZWqGFh8/tABkT/+Ul+V4Ot5MiA0CXaGRopl++7d+/qCRFd
A9bzX5ZTrsnrVkVj79Eu1cs3rKUC5+IGOPIjWPpj0/qPnj3rUFswelecFj77AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUngoydjXOEHONC7w10TFJ+tYTc/owHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzUyZTMxMzgzMTJlMzEzNzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM0MzYzNzM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
BbWxMA0GCSqGSIb3DQEBCwUAA4IBAQBwhfDFoM9NiRKSA//hMGR9uRjQ34hmX68f
lnklaAokpWTSjtp57iwE1aOZK5ihkIgAVHF5f8zrKCnwxlTmH5CdfnfUU9pZsHIu
0jBpZJanxs40vRll4Ko/WJlvK1E3f3XtEvVqfH0QQqK8EFXoNKG9hp0qsD9NIcRq
Ol8GnBHqU65bWdTsD3jNYrcwk0JCZdXFAOQvpPUNXWYERQa/xaFElAbaAwJxQxjO
Qe2fBLTRr3XH2GdWg5WNIlSMZWBwAcBUC8wt57ZCSd20ab3fc2iNG1PkUQ9Crygu
MEHPKBLCJmX7x4D5/S6MiOt0QkqyjIg5y9HkRV7HOADVcb9riOTT
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:00:25 2025 by rpki-client