Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa
File:                     37372e38332e3235322e302f32342d3234203d3e203533313037.roa (raw, json)
Hash identifier:          kVRW91gUQQJKDevSNusyEaCMFEQt6idZ9U9pUTvlEwg=
Subject key identifier:   33:DD:21:C0:F9:DE:DC:C0:26:1E:EE:4C:49:90:1F:3F:77:4E:BA:BF
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       4B34AF83C1AEDF7B56F7DED411AD8A4429810BB7
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa
Signing time:             Mon 14 Oct 2024 12:43:25 +0000
ROA not before:           Mon 14 Oct 2024 12:38:25 +0000
ROA not after:            Mon 13 Oct 2025 12:43:25 +0000
asID:                     53107
IP address blocks:        77.83.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:34:af:83:c1:ae:df:7b:56:f7:de:d4:11:ad:8a:44:29:81:0b:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Oct 14 12:38:25 2024 GMT
            Not After : Oct 13 12:43:25 2025 GMT
        Subject: CN=33DD21C0F9DEDCC0261EEE4C49901F3F774EBABF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:26:17:80:3d:f3:21:41:83:98:28:cd:ce:d3:
                    14:1c:bd:b4:c9:b7:9f:2e:5a:18:63:68:29:4f:e5:
                    33:f3:4d:67:94:2b:7f:6a:c4:9c:10:a1:75:16:5b:
                    17:f0:85:2c:72:11:e4:aa:49:a5:18:5c:0f:df:86:
                    fd:ee:ae:f4:70:1c:7b:bc:89:a9:09:c1:10:d3:da:
                    29:23:d7:fe:72:17:2f:33:15:44:0b:c9:7f:46:29:
                    22:16:e4:0d:4b:22:c9:13:22:d1:3c:7a:1f:cf:41:
                    c5:91:bf:cf:62:42:f2:df:19:c6:f7:5e:90:77:b0:
                    0e:c6:3c:a3:61:8e:57:7e:e4:a4:2d:f0:92:1d:86:
                    db:a0:6e:9a:64:81:bc:8d:7e:35:68:ce:2a:ba:71:
                    a3:6e:d6:27:67:a7:3a:c9:80:af:c2:42:38:6f:63:
                    2e:2f:f7:1c:61:26:9b:20:6c:cc:3d:2b:1b:7f:5b:
                    bf:79:58:8d:18:36:92:3a:35:54:52:47:17:50:d3:
                    77:28:1d:09:06:43:3f:02:e0:42:f4:2d:79:d1:ff:
                    10:20:b3:63:76:9b:c9:0d:23:5a:2e:e1:0e:9d:9f:
                    ac:a7:fb:1f:15:e7:ad:e6:16:9a:26:27:a3:79:a6:
                    d9:1b:3a:7b:a0:d3:5b:1f:27:e6:2b:fd:41:1f:7c:
                    5c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DD:21:C0:F9:DE:DC:C0:26:1E:EE:4C:49:90:1F:3F:77:4E:BA:BF
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:b5:c6:49:94:23:1f:c7:3f:c0:37:b7:ab:f2:07:ce:1a:49:
         61:40:13:4c:7c:ca:e6:4c:58:bb:80:49:4d:cd:9f:ae:6a:fd:
         34:0b:7c:e7:99:27:d8:d7:fd:51:15:6a:48:f0:4f:13:10:0a:
         95:b9:48:81:30:c8:58:8f:1c:4a:5a:c9:0a:17:b0:36:73:47:
         72:16:c8:89:e7:29:e6:56:f7:ae:0d:86:b4:dd:66:ce:d2:82:
         ba:d6:26:15:6d:22:bb:37:f5:c2:b0:8b:ce:5c:99:2e:54:79:
         a4:40:b5:b9:4f:87:a8:f9:52:2f:e6:0c:42:35:83:36:d3:42:
         96:a7:c9:b4:8d:46:a4:72:93:49:91:dd:c1:57:68:ca:15:d6:
         c8:da:34:9e:8d:77:ca:ea:62:34:b1:69:27:2f:2b:f3:d1:50:
         e8:7d:96:51:6b:65:99:04:c0:3e:3c:1f:d1:1a:00:25:11:c4:
         d4:9e:c4:8a:9e:7a:8a:18:20:44:dc:e0:3c:f3:08:1a:53:ec:
         38:91:75:5b:e0:60:a2:f4:ca:38:b8:ff:0b:85:0d:2e:b7:f5:
         d8:ff:cf:a6:d1:2a:da:50:f9:0f:00:8b:52:98:45:7a:0a:4b:
         eb:1f:3f:22:1a:b4:ac:bd:53:ac:22:f4:8d:93:2c:1f:7c:3f:
         30:e0:78:49
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSzSvg8Gu33tW997UEa2KRCmBC7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDEwMTQxMjM4MjVaFw0yNTEwMTMxMjQzMjVaMDMxMTAvBgNV
BAMTKDMzREQyMUMwRjlERURDQzAyNjFFRUU0QzQ5OTAxRjNGNzc0RUJBQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7JheAPfMhQYOYKM3O0xQcvbTJ
t58uWhhjaClP5TPzTWeUK39qxJwQoXUWWxfwhSxyEeSqSaUYXA/fhv3urvRwHHu8
iakJwRDT2ikj1/5yFy8zFUQLyX9GKSIW5A1LIskTItE8eh/PQcWRv89iQvLfGcb3
XpB3sA7GPKNhjld+5KQt8JIdhtugbppkgbyNfjVoziq6caNu1idnpzrJgK/CQjhv
Yy4v9xxhJpsgbMw9Kxt/W795WI0YNpI6NVRSRxdQ03coHQkGQz8C4EL0LXnR/xAg
s2N2m8kNI1ou4Q6dn6yn+x8V563mFpomJ6N5ptkbOnug01sfJ+Yr/UEffFzDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUM90hwPne3MAmHu5MSZAfP3dOur8wHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzczNzJlMzgzMzJlMzIzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMzMxMzAzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
/DANBgkqhkiG9w0BAQsFAAOCAQEAC7XGSZQjH8c/wDe3q/IHzhpJYUATTHzK5kxY
u4BJTc2frmr9NAt855kn2Nf9URVqSPBPExAKlblIgTDIWI8cSlrJChewNnNHchbI
iecp5lb3rg2GtN1mztKCutYmFW0iuzf1wrCLzlyZLlR5pEC1uU+HqPlSL+YMQjWD
NtNClqfJtI1GpHKTSZHdwVdoyhXWyNo0no13yupiNLFpJy8r89FQ6H2WUWtlmQTA
Pjwf0RoAJRHE1J7Eip56ihggRNzgPPMIGlPsOJF1W+BgovTKOLj/C4UNLrf12P/P
ptEq2lD5DwCLUphFegpL6x8/Ihq0rL1TrCL0jZMsH3w/MOB4SQ==
-----END CERTIFICATE-----