Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235342e302f32342d3234203d3e203432383331.roa
File:                     37372e38332e3235342e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          B5BKp3Kt7IC0lBSFIyTVJVOYl/EnjscrkC95vEdRQdg=
Subject key identifier:   40:44:18:50:44:2F:9A:78:56:DF:3A:6A:B1:72:80:09:F4:06:F5:DD
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       1C90713676556DB6E276DCA86699A0BC8758CE62
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235342e302f32342d3234203d3e203432383331.roa
Signing time:             Mon 03 Nov 2025 16:16:33 +0000
ROA not before:           Mon 03 Nov 2025 16:11:33 +0000
ROA not after:            Mon 02 Nov 2026 16:16:33 +0000
asID:                     42831
IP address blocks:        77.83.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:90:71:36:76:55:6d:b6:e2:76:dc:a8:66:99:a0:bc:87:58:ce:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Nov  3 16:11:33 2025 GMT
            Not After : Nov  2 16:16:33 2026 GMT
        Subject: CN=40441850442F9A7856DF3A6AB1728009F406F5DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:05:49:77:87:eb:24:42:3a:03:d9:19:b2:df:
                    fd:c6:23:ce:d6:6a:cd:54:f3:d5:1e:19:33:d6:46:
                    3d:69:ab:6d:cc:cf:7c:06:a6:21:7e:56:b1:5d:a7:
                    99:86:a1:01:6e:21:ae:91:48:71:36:b7:24:a2:dd:
                    16:da:ce:14:36:fe:f3:ab:35:3a:d0:95:2a:86:6f:
                    6a:5e:9e:1e:cd:ea:cc:1c:72:44:da:74:64:5b:a7:
                    11:32:c1:9a:ff:10:93:59:bd:5c:96:41:ba:2f:c2:
                    34:93:39:6a:97:99:df:2d:3b:26:04:e5:b2:1e:08:
                    af:83:22:3f:fa:c7:64:cd:98:35:aa:12:c6:ce:ee:
                    0c:5b:7f:46:da:b3:49:63:8c:0d:db:bd:e3:57:fe:
                    26:b3:7e:c7:49:6e:4b:b7:fe:95:9f:bf:bb:4c:f8:
                    ed:e5:e0:0e:70:b9:66:b8:9a:18:91:a9:ae:03:2f:
                    c0:de:a0:b6:ca:68:a6:65:ed:2e:44:bc:8d:48:4b:
                    4e:a8:35:53:39:7a:a3:fb:98:89:ac:34:34:0f:4b:
                    dd:cf:97:2c:00:4b:91:be:e6:b8:24:4c:4d:59:d1:
                    e0:c8:45:06:5a:4f:11:73:65:8e:c2:12:fe:17:29:
                    1e:d4:b8:1c:2e:7b:c2:97:33:ed:ce:22:58:36:d1:
                    43:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:44:18:50:44:2F:9A:78:56:DF:3A:6A:B1:72:80:09:F4:06:F5:DD
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235342e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:02:e9:e6:de:a5:6b:34:6b:b4:87:ac:0c:26:91:02:f6:64:
         68:3b:2d:53:d7:76:84:c6:58:f9:94:6b:95:fb:14:44:74:ea:
         b3:ab:5c:cd:b3:85:48:00:fe:6d:68:74:c6:63:eb:f5:47:13:
         dd:46:c0:21:a7:c4:f5:13:35:e5:4e:36:43:81:2e:76:75:49:
         29:3b:d3:1f:77:16:4e:b1:07:89:c6:31:e0:48:d8:a9:4b:a1:
         f4:ec:a7:0e:68:1a:22:be:14:ac:74:b6:f2:2b:98:f3:22:6d:
         77:af:63:ea:58:0b:30:6f:5f:f6:ae:52:5d:ca:ed:aa:6c:7a:
         23:a5:fb:75:8a:d8:39:26:c9:58:64:29:33:90:6b:cd:a9:6c:
         f4:fb:53:c3:f8:6d:64:57:e7:27:29:59:eb:22:e2:e7:89:dc:
         4c:2b:c1:81:3f:40:b3:40:e6:ae:9e:07:5d:73:61:08:3b:c3:
         5f:b9:86:3e:78:47:08:0b:06:c4:1a:86:85:87:dc:b1:35:a0:
         3f:0b:07:85:8b:ea:ce:9e:92:4b:7f:34:77:3b:9b:32:7a:50:
         6f:25:41:99:47:72:4d:42:b7:16:ae:92:b3:a0:14:e2:7c:9f:
         38:ef:74:08:4c:32:df:b7:64:77:c5:b2:99:c5:c1:2d:38:01:
         b1:92:e0:70
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHJBxNnZVbbbidtyoZpmgvIdYzmIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNTExMDMxNjExMzNaFw0yNjExMDIxNjE2MzNaMDMxMTAvBgNV
BAMTKDQwNDQxODUwNDQyRjlBNzg1NkRGM0E2QUIxNzI4MDA5RjQwNkY1REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEBUl3h+skQjoD2Rmy3/3GI87W
as1U89UeGTPWRj1pq23Mz3wGpiF+VrFdp5mGoQFuIa6RSHE2tySi3RbazhQ2/vOr
NTrQlSqGb2penh7N6swcckTadGRbpxEywZr/EJNZvVyWQbovwjSTOWqXmd8tOyYE
5bIeCK+DIj/6x2TNmDWqEsbO7gxbf0bas0ljjA3bveNX/iazfsdJbku3/pWfv7tM
+O3l4A5wuWa4mhiRqa4DL8DeoLbKaKZl7S5EvI1IS06oNVM5eqP7mImsNDQPS93P
lywAS5G+5rgkTE1Z0eDIRQZaTxFzZY7CEv4XKR7UuBwue8KXM+3OIlg20UN3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQEQYUEQvmnhW3zpqsXKACfQG9d0wHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzczNzJlMzgzMzJlMzIzNTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
/jANBgkqhkiG9w0BAQsFAAOCAQEAvwLp5t6lazRrtIesDCaRAvZkaDstU9d2hMZY
+ZRrlfsURHTqs6tczbOFSAD+bWh0xmPr9UcT3UbAIafE9RM15U42Q4EudnVJKTvT
H3cWTrEHicYx4EjYqUuh9OynDmgaIr4UrHS28iuY8yJtd69j6lgLMG9f9q5SXcrt
qmx6I6X7dYrYOSbJWGQpM5Brzals9PtTw/htZFfnJylZ6yLi54ncTCvBgT9As0Dm
rp4HXXNhCDvDX7mGPnhHCAsGxBqGhYfcsTWgPwsHhYvqzp6SS380dzubMnpQbyVB
mUdyTUK3Fq6Ss6AU4nyfOO90CEwy37dkd8WymcXBLTgBsZLgcA==
-----END CERTIFICATE-----