Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37382e302f32342d3234203d3e203438353932.roa
File:                     37372e38312e37382e302f32342d3234203d3e203438353932.roa (raw, json)
Hash identifier:          5R59EysS9tL6UTIvemaJCrtszj6x6/cuKApXJ2KN9Lk=
Subject key identifier:   4E:AE:22:4B:C2:C5:D2:EB:5C:9D:F3:8B:32:43:1E:C5:29:6D:11:87
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       0DF7F1A278A55F7CB1114366BD41618AD5ECC822
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37382e302f32342d3234203d3e203438353932.roa
Signing time:             Tue 24 Feb 2026 06:55:39 +0000
ROA not before:           Tue 24 Feb 2026 06:50:39 +0000
ROA not after:            Tue 23 Feb 2027 06:55:39 +0000
asID:                     48592
IP address blocks:        77.81.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:09:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:f7:f1:a2:78:a5:5f:7c:b1:11:43:66:bd:41:61:8a:d5:ec:c8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Feb 24 06:50:39 2026 GMT
            Not After : Feb 23 06:55:39 2027 GMT
        Subject: CN=4EAE224BC2C5D2EB5C9DF38B32431EC5296D1187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c7:e0:fa:c4:3c:4f:3b:6f:76:24:5f:6d:f5:
                    fb:95:bc:8f:40:ad:3d:d4:bd:b6:d2:37:c2:b9:7a:
                    ec:71:b1:d9:3a:52:31:77:b5:b5:44:6a:61:09:79:
                    f2:20:fb:3c:c6:3b:98:14:b6:22:c8:d0:6a:7c:a9:
                    df:7c:8b:8c:a3:fa:0e:f9:a7:14:72:c1:51:3d:15:
                    c4:3d:6f:ae:94:e1:2c:b0:f1:b8:8e:8d:ba:6a:79:
                    3c:54:d4:c3:04:7a:e7:b4:e9:f9:f3:77:88:2d:9d:
                    38:2b:41:f3:0f:b7:1d:8d:7a:8f:2c:a3:f3:db:64:
                    70:dd:12:24:33:1f:b6:0c:91:30:05:25:e5:2d:22:
                    ab:45:ce:9c:22:69:b6:05:e6:24:68:da:59:22:79:
                    bb:22:42:7c:ab:b3:4d:55:8c:ec:d8:49:a2:02:9b:
                    8e:d0:1f:0e:45:c4:f6:4a:0e:15:4d:7d:4c:1b:1a:
                    f7:7b:72:77:24:8d:cc:16:e2:57:83:a4:0f:b1:1f:
                    9e:b8:d0:55:5c:18:d2:7e:41:43:f1:c1:02:ad:50:
                    b9:d0:cd:63:2b:f0:c4:b3:1a:7a:53:c4:24:44:af:
                    02:86:04:a3:52:33:db:b6:cc:ef:3d:27:eb:c3:9d:
                    52:60:88:02:2a:f3:91:31:05:26:a9:ec:56:5b:84:
                    c1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:AE:22:4B:C2:C5:D2:EB:5C:9D:F3:8B:32:43:1E:C5:29:6D:11:87
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37382e302f32342d3234203d3e203438353932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:5c:c9:f9:b7:70:3f:61:98:ca:31:19:3a:3b:c3:ed:be:27:
         0f:9c:fa:df:7d:b0:ab:0d:f3:72:35:72:7c:48:44:71:da:06:
         c5:73:d7:55:65:c9:32:e6:c9:f7:13:44:1b:77:f4:ce:c3:2b:
         1a:10:1d:b1:e5:da:1c:57:60:c1:2a:7b:eb:75:c3:2e:eb:c5:
         f0:fc:71:d0:17:d6:59:a6:84:34:f6:fa:10:74:fd:40:75:ee:
         30:fc:75:a5:81:e5:a5:d5:5a:25:77:b5:32:29:6f:6d:db:5a:
         fd:e8:99:b2:9e:53:04:1e:27:a1:6b:b7:8a:e5:b4:bf:3b:04:
         e2:bf:5c:29:3d:45:08:3a:61:5e:45:44:9d:d6:45:7f:22:2e:
         45:19:d1:3f:52:21:0f:21:db:ab:97:2d:51:88:81:21:7e:5c:
         93:bc:fe:11:cc:33:00:c3:b4:76:b6:69:4b:39:09:57:b7:c6:
         0e:06:14:6f:86:c0:a8:fb:65:e1:4a:93:72:92:05:35:c2:0c:
         bf:9f:47:c1:1c:df:04:94:d7:91:0d:9d:32:b3:44:2c:9c:f2:
         7b:3d:28:d6:38:9a:31:85:60:1d:8d:99:21:08:11:91:50:2f:
         72:93:91:72:8d:3a:24:ff:78:46:9d:7d:f6:99:11:c8:22:32:
         d7:92:65:03
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDffxonilX3yxEUNmvUFhitXsyCIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAyMjQwNjUwMzlaFw0yNzAyMjMwNjU1MzlaMDMxMTAvBgNV
BAMTKDRFQUUyMjRCQzJDNUQyRUI1QzlERjM4QjMyNDMxRUM1Mjk2RDExODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrx+D6xDxPO292JF9t9fuVvI9A
rT3UvbbSN8K5euxxsdk6UjF3tbVEamEJefIg+zzGO5gUtiLI0Gp8qd98i4yj+g75
pxRywVE9FcQ9b66U4Syw8biOjbpqeTxU1MMEeue06fnzd4gtnTgrQfMPtx2Neo8s
o/PbZHDdEiQzH7YMkTAFJeUtIqtFzpwiabYF5iRo2lkiebsiQnyrs01VjOzYSaIC
m47QHw5FxPZKDhVNfUwbGvd7cnckjcwW4leDpA+xH5640FVcGNJ+QUPxwQKtULnQ
zWMr8MSzGnpTxCRErwKGBKNSM9u2zO89J+vDnVJgiAIq85ExBSap7FZbhMGpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUTq4iS8LF0utcnfOLMkMexSltEYcwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzczNzJlMzgzMTJlMzczODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzgzNTM5MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABNUU4w
DQYJKoZIhvcNAQELBQADggEBAG1cyfm3cD9hmMoxGTo7w+2+Jw+c+t99sKsN83I1
cnxIRHHaBsVz11VlyTLmyfcTRBt39M7DKxoQHbHl2hxXYMEqe+t1wy7rxfD8cdAX
1lmmhDT2+hB0/UB17jD8daWB5aXVWiV3tTIpb23bWv3ombKeUwQeJ6Frt4rltL87
BOK/XCk9RQg6YV5FRJ3WRX8iLkUZ0T9SIQ8h26uXLVGIgSF+XJO8/hHMMwDDtHa2
aUs5CVe3xg4GFG+GwKj7ZeFKk3KSBTXCDL+fR8Ec3wSU15ENnTKzRCyc8ns9KNY4
mjGFYB2NmSEIEZFQL3KTkXKNOiT/eEadffaZEcgiMteSZQM=
-----END CERTIFICATE-----