Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37392e302f32342d3234203d3e2037303138.roa
File:                     37372e38312e37392e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          QouC5FWUBHtZ4E7QwYAk/YLY1LKZrC4sUpRgQ8vSbSQ=
Subject key identifier:   D9:57:BE:BC:AD:7F:3B:BD:E7:CE:F6:9E:96:A5:E0:B7:D4:FD:6F:28
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       39EA8051877310353880F349418ACB952179CAFC
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37392e302f32342d3234203d3e2037303138.roa
Signing time:             Tue 24 Feb 2026 06:55:39 +0000
ROA not before:           Tue 24 Feb 2026 06:50:39 +0000
ROA not after:            Tue 23 Feb 2027 06:55:39 +0000
asID:                     7018
IP address blocks:        77.81.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:ea:80:51:87:73:10:35:38:80:f3:49:41:8a:cb:95:21:79:ca:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Feb 24 06:50:39 2026 GMT
            Not After : Feb 23 06:55:39 2027 GMT
        Subject: CN=D957BEBCAD7F3BBDE7CEF69E96A5E0B7D4FD6F28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1a:8c:d4:60:06:67:74:0c:2f:0d:00:51:73:
                    a2:33:b1:cf:18:27:97:65:12:79:ea:f9:eb:66:e7:
                    6d:88:a6:d1:aa:cb:71:66:c9:fb:0b:1a:9e:86:49:
                    d6:cf:cf:2e:da:50:4a:56:f6:8d:a3:5a:54:72:45:
                    88:37:84:19:cd:d5:e1:f7:84:33:38:b4:57:06:8b:
                    9f:b7:0b:37:a1:98:9c:01:eb:85:81:14:7b:a2:ee:
                    00:18:81:2c:6c:29:0e:9f:a8:2d:4e:0e:19:36:27:
                    33:69:b2:ca:ce:b7:d0:73:20:8d:43:f8:29:b7:2a:
                    5d:9e:b0:b5:21:2b:af:e5:fb:10:3b:92:8f:57:98:
                    73:e8:d1:c4:cc:bc:fb:0f:92:dd:a7:78:06:4f:66:
                    f2:86:83:74:e2:9f:a8:89:4a:98:47:9c:70:05:19:
                    3c:f1:6d:1a:9f:ec:f8:6b:2c:2e:e2:f9:3f:2b:62:
                    41:03:27:5c:6d:52:d0:82:08:95:da:fe:bc:a2:c1:
                    fe:99:e0:66:d3:0f:d3:90:cf:60:ad:81:a9:36:15:
                    b7:f0:e7:c6:be:7f:52:59:f5:b7:c6:12:42:86:b4:
                    53:ee:99:d9:e1:0b:eb:30:4f:6f:d0:da:bf:da:12:
                    f2:c9:82:23:9e:aa:eb:e7:b4:07:23:96:66:af:62:
                    55:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:57:BE:BC:AD:7F:3B:BD:E7:CE:F6:9E:96:A5:E0:B7:D4:FD:6F:28
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37392e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:67:6e:1f:33:41:f4:79:b7:15:08:4d:eb:fd:c1:6f:be:fc:
         9f:7a:3b:64:95:86:53:5b:ee:ef:18:f9:fb:3f:68:2f:36:d4:
         ed:5e:fc:81:e3:da:7b:c6:9d:82:7f:b1:43:32:5b:03:57:74:
         d3:0c:fb:10:53:3e:fb:35:14:a1:52:95:f5:71:b4:b8:36:a9:
         40:2f:6b:c9:c4:12:39:81:0f:73:9f:b6:37:0c:4d:62:ef:e3:
         af:f8:a0:4f:59:a5:6d:dc:59:63:c9:58:8b:31:64:6e:a3:8b:
         3a:9d:3c:24:74:18:9b:74:cd:00:97:cd:2a:95:bc:6a:fd:2f:
         e1:3e:32:d2:c6:de:3e:ae:83:ba:b8:36:47:c3:08:63:66:05:
         c0:74:8d:a0:ed:ae:ab:a5:53:57:70:54:4a:03:18:e0:4e:07:
         3c:c2:c2:a5:1e:3f:38:48:21:ae:27:db:8c:57:09:a3:5e:ca:
         7e:21:4f:af:7c:bc:30:8e:d3:d4:ea:92:25:ea:cd:c1:17:b4:
         d1:0f:af:9d:e3:bb:84:7d:60:37:4a:71:bc:63:6a:53:86:b7:
         1d:60:62:14:4f:56:b5:51:ea:2c:7b:69:43:83:b3:60:fd:c6:
         97:a5:44:b7:76:a6:e9:6a:68:2d:12:61:a9:0f:cc:c5:44:02:
         59:a7:fc:2f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUOeqAUYdzEDU4gPNJQYrLlSF5yvwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAyMjQwNjUwMzlaFw0yNzAyMjMwNjU1MzlaMDMxMTAvBgNV
BAMTKEQ5NTdCRUJDQUQ3RjNCQkRFN0NFRjY5RTk2QTVFMEI3RDRGRDZGMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvGozUYAZndAwvDQBRc6Izsc8Y
J5dlEnnq+etm522IptGqy3FmyfsLGp6GSdbPzy7aUEpW9o2jWlRyRYg3hBnN1eH3
hDM4tFcGi5+3CzehmJwB64WBFHui7gAYgSxsKQ6fqC1ODhk2JzNpssrOt9BzII1D
+Cm3Kl2esLUhK6/l+xA7ko9XmHPo0cTMvPsPkt2neAZPZvKGg3Tin6iJSphHnHAF
GTzxbRqf7PhrLC7i+T8rYkEDJ1xtUtCCCJXa/ryiwf6Z4GbTD9OQz2Ctgak2Fbfw
58a+f1JZ9bfGEkKGtFPumdnhC+swT2/Q2r/aEvLJgiOequvntAcjlmavYlVrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU2Ve+vK1/O73nzvaelqXgt9T9bygwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzczNzJlMzgzMTJlMzczOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzAzMTM4LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVFPMA0G
CSqGSIb3DQEBCwUAA4IBAQBwZ24fM0H0ebcVCE3r/cFvvvyfejtklYZTW+7vGPn7
P2gvNtTtXvyB49p7xp2Cf7FDMlsDV3TTDPsQUz77NRShUpX1cbS4NqlAL2vJxBI5
gQ9zn7Y3DE1i7+Ov+KBPWaVt3FljyViLMWRuo4s6nTwkdBibdM0Al80qlbxq/S/h
PjLSxt4+roO6uDZHwwhjZgXAdI2g7a6rpVNXcFRKAxjgTgc8wsKlHj84SCGuJ9uM
VwmjXsp+IU+vfLwwjtPU6pIl6s3BF7TRD6+d47uEfWA3SnG8Y2pThrcdYGIUT1a1
Ueose2lDg7Ng/caXpUS3dqbpamgtEmGpD8zFRAJZp/wv
-----END CERTIFICATE-----