Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa
File:                     37372e38332e3235322e302f32342d3234203d3e203533313037.roa (raw, json)
Hash identifier:          z+gdtNeWYwGwr2RyXkZiuDH6ZBO7Ot6MTq0Sk4tdJZU=
Subject key identifier:   FE:55:97:E9:F9:6A:D1:44:F9:93:61:32:9D:B2:10:9C:89:E3:5D:39
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       43124E961F889A1426BFA38B871C414693710E1F
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa
Signing time:             Mon 13 Nov 2023 11:58:39 +0000
ROA not before:           Mon 13 Nov 2023 11:53:39 +0000
ROA not after:            Mon 11 Nov 2024 11:58:39 +0000
asID:                     53107
IP address blocks:        77.83.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:12:4e:96:1f:88:9a:14:26:bf:a3:8b:87:1c:41:46:93:71:0e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Nov 13 11:53:39 2023 GMT
            Not After : Nov 11 11:58:39 2024 GMT
        Subject: CN=FE5597E9F96AD144F99361329DB2109C89E35D39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ea:6a:fc:38:30:45:00:cf:cf:ce:c7:0a:08:
                    54:8c:b7:86:0a:91:ec:d1:38:a2:e9:f0:dc:bc:ff:
                    1c:6a:3c:25:69:a7:84:1d:fc:92:78:eb:89:f2:be:
                    ef:76:1f:80:cb:08:ad:ba:37:c0:24:00:9e:ca:d1:
                    b8:da:62:a3:ab:07:2a:c5:1e:e8:6b:fd:31:8f:3e:
                    e6:52:d7:ad:53:2a:23:e3:3f:75:66:c9:c5:f3:fe:
                    c0:3a:ed:b9:8d:be:73:4f:37:da:15:5b:09:0f:28:
                    12:fb:fd:40:dd:06:30:3d:31:03:92:35:87:9a:9a:
                    94:97:56:e1:e2:36:09:b6:11:50:b8:30:6a:93:c0:
                    c8:96:c4:aa:3a:79:aa:64:f5:c9:c0:23:87:7d:f3:
                    3b:94:f3:c9:2c:96:2e:84:de:91:1c:9c:d5:bc:45:
                    9c:37:a1:54:9a:16:bf:fb:35:0a:b0:19:d4:aa:6a:
                    f2:ac:cc:96:db:02:d2:0c:e4:74:4d:c9:6b:98:77:
                    89:60:19:d8:14:18:7f:b8:be:7a:8e:cb:b9:3d:1e:
                    ab:62:5d:5d:cc:50:36:05:d2:04:87:8e:5d:33:d4:
                    22:d5:9b:2c:d8:4a:16:7c:9c:c4:90:b3:85:ee:ba:
                    3e:bb:75:d6:08:f9:e5:6f:4e:39:c5:ad:2f:8d:d9:
                    d2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:55:97:E9:F9:6A:D1:44:F9:93:61:32:9D:B2:10:9C:89:E3:5D:39
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:e7:96:d2:9d:89:4a:67:bf:a5:85:28:fb:4e:67:94:72:e6:
         e8:64:70:55:46:bf:ef:2a:11:98:3a:6c:87:73:21:29:62:dc:
         22:6e:e9:7a:ad:de:d8:ac:bf:3e:e0:ed:93:ab:ad:1a:8d:2f:
         eb:de:73:c0:a3:40:7c:4f:d5:19:ad:ea:57:d4:0f:ac:ab:54:
         40:84:85:82:0d:4e:93:bf:3c:b7:4c:8b:36:e5:e3:07:83:57:
         a2:5d:47:f9:48:ba:b4:f5:64:f1:1f:89:d9:aa:47:e4:f5:9d:
         c6:3c:f1:fb:3d:5f:6f:04:8a:57:49:50:35:15:76:52:bc:08:
         02:f0:18:2f:6a:7e:e8:54:dd:68:20:82:7a:4e:1a:cd:50:53:
         90:2f:f0:37:22:b9:2a:e7:a2:b2:a8:f3:5e:34:0a:cc:f5:e1:
         73:2c:1b:e8:e5:91:9c:18:f7:ee:0c:92:ef:6b:d9:8d:ef:50:
         b4:be:6b:15:12:40:ba:bb:85:aa:c9:22:82:ee:c8:59:cf:14:
         a4:f5:07:d6:18:12:64:77:ff:28:b2:1e:e5:15:54:06:a8:be:
         5e:57:d9:5f:22:8a:b1:23:91:c1:9b:ad:8d:65:60:88:17:05:
         a4:c3:e0:1d:63:6c:f5:25:d6:7f:7a:01:62:6f:ad:dd:9c:f9:
         db:0e:ea:9c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQxJOlh+ImhQmv6OLhxxBRpNxDh8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yMzExMTMxMTUzMzlaFw0yNDExMTExMTU4MzlaMDMxMTAvBgNV
BAMTKEZFNTU5N0U5Rjk2QUQxNDRGOTkzNjEzMjlEQjIxMDlDODlFMzVEMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi6mr8ODBFAM/PzscKCFSMt4YK
kezROKLp8Ny8/xxqPCVpp4Qd/JJ464nyvu92H4DLCK26N8AkAJ7K0bjaYqOrByrF
Huhr/TGPPuZS161TKiPjP3VmycXz/sA67bmNvnNPN9oVWwkPKBL7/UDdBjA9MQOS
NYeampSXVuHiNgm2EVC4MGqTwMiWxKo6eapk9cnAI4d98zuU88ksli6E3pEcnNW8
RZw3oVSaFr/7NQqwGdSqavKszJbbAtIM5HRNyWuYd4lgGdgUGH+4vnqOy7k9Hqti
XV3MUDYF0gSHjl0z1CLVmyzYShZ8nMSQs4Xuuj67ddYI+eVvTjnFrS+N2dK1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/lWX6flq0UT5k2EynbIQnInjXTkwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzczNzJlMzgzMzJlMzIzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMzMxMzAzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
/DANBgkqhkiG9w0BAQsFAAOCAQEAnueW0p2JSme/pYUo+05nlHLm6GRwVUa/7yoR
mDpsh3MhKWLcIm7peq3e2Ky/PuDtk6utGo0v695zwKNAfE/VGa3qV9QPrKtUQISF
gg1Ok788t0yLNuXjB4NXol1H+Ui6tPVk8R+J2apH5PWdxjzx+z1fbwSKV0lQNRV2
UrwIAvAYL2p+6FTdaCCCek4azVBTkC/wNyK5KueisqjzXjQKzPXhcywb6OWRnBj3
7gyS72vZje9QtL5rFRJAuruFqskigu7IWc8UpPUH1hgSZHf/KLIe5RVUBqi+XlfZ
XyKKsSORwZutjWVgiBcFpMPgHWNs9SXWf3oBYm+t3Zz52w7qnA==
-----END CERTIFICATE-----