Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/37372e3234332e38352e302f32342d3234203d3e203437353833.roa
File:                     37372e3234332e38352e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          qbTQxQv3MlO1nAX+7Uc951wWs5WZWZTnb6a+TGYtdnc=
Subject key identifier:   13:FC:03:10:F7:3B:55:F4:ED:50:2C:80:E9:B3:39:90:3E:50:10:2D
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       254603B3B6B1F3B3E0BE35D1267E373AF6FA1CE7
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/37372e3234332e38352e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:50 +0000
ROA not before:           Mon 26 Feb 2024 08:47:50 +0000
ROA not after:            Mon 24 Feb 2025 08:52:50 +0000
asID:                     47583
IP address blocks:        77.243.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:46:03:b3:b6:b1:f3:b3:e0:be:35:d1:26:7e:37:3a:f6:fa:1c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:50 2024 GMT
            Not After : Feb 24 08:52:50 2025 GMT
        Subject: CN=13FC0310F73B55F4ED502C80E9B339903E50102D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4c:f9:14:4e:dd:2d:3d:e5:8d:ba:97:26:c2:
                    4a:bd:68:97:31:12:aa:bc:de:c3:38:f9:7d:56:db:
                    24:e9:0a:69:85:00:89:63:9a:0d:3f:1d:6f:f2:10:
                    85:ac:28:63:98:ed:f0:13:c1:b3:06:d9:60:db:2e:
                    f7:d0:ee:ae:1a:ec:31:c3:08:ea:8f:d8:c7:2f:c5:
                    2b:7b:fd:54:8e:fe:5b:a0:e4:59:4b:46:37:bb:83:
                    c8:08:51:ab:83:ad:33:1a:4a:98:e4:0a:2e:a8:7c:
                    7a:5f:5e:18:7a:78:f8:83:f5:6e:f8:db:29:83:f6:
                    fa:06:0f:11:e6:5c:16:a8:e7:61:17:7c:50:5a:93:
                    9f:18:47:b7:5e:e2:6f:d8:88:10:93:29:bc:9c:4d:
                    e5:4c:32:64:b7:25:4a:a0:cc:47:58:51:ca:62:66:
                    e3:c4:f5:72:4a:b9:43:72:12:7e:0f:d0:b0:08:2d:
                    5d:c0:da:98:88:1e:71:5a:92:6c:d9:44:1f:0e:c1:
                    24:cb:65:31:13:98:b6:95:48:65:5a:b7:11:b2:ae:
                    5e:c3:a8:64:91:48:56:0b:ea:f2:29:c0:72:29:c1:
                    d7:24:01:f3:c1:7c:5f:0a:9d:ed:ed:8f:d3:69:8e:
                    a1:77:85:97:38:9f:fd:d0:f8:68:80:b8:00:f6:01:
                    9a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:FC:03:10:F7:3B:55:F4:ED:50:2C:80:E9:B3:39:90:3E:50:10:2D
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/37372e3234332e38352e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:3a:e8:1b:60:ee:8f:fd:7b:2d:5c:67:ca:43:31:cf:f8:ac:
         7e:0d:19:da:2d:c8:f6:85:6e:4d:ec:c6:72:8a:e8:7a:dd:14:
         47:3d:8d:47:ee:c5:ff:e6:fb:01:16:03:32:84:a5:3d:7d:af:
         49:f3:25:01:43:8b:26:b0:b4:e9:49:92:9c:92:b6:51:0f:d1:
         57:d4:f5:d2:b8:ae:9a:55:0f:88:4e:79:4a:39:06:95:69:dc:
         a4:67:19:11:cf:5b:ee:f7:1d:99:a2:a4:c2:b4:73:99:c7:81:
         ab:99:f8:48:08:9d:20:89:39:2c:ec:06:b9:26:ac:3c:2d:e7:
         7c:46:bf:0c:90:e8:58:cd:e4:8b:6c:63:07:1f:83:64:5d:ae:
         f3:67:cd:52:f8:b8:1a:23:15:62:75:db:d6:26:f3:9e:e1:56:
         b5:69:62:83:99:bf:b5:cc:38:fb:4b:44:0f:f5:02:50:2c:f3:
         20:ab:d6:26:6e:90:3e:1a:59:d5:5b:e7:c5:17:fc:80:47:a2:
         9f:ba:df:0a:66:0f:17:aa:af:a2:76:55:c6:25:ee:f1:4a:77:
         29:2f:00:b8:0e:59:bd:37:0f:63:69:35:13:15:ce:5c:4a:43:
         cf:87:8a:f7:17:94:51:60:70:21:18:f4:e6:8e:b4:97:33:71:
         8d:28:d7:4a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJUYDs7ax87PgvjXRJn43Ovb6HOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTBaFw0yNTAyMjQwODUyNTBaMDMxMTAvBgNV
BAMTKDEzRkMwMzEwRjczQjU1RjRFRDUwMkM4MEU5QjMzOTkwM0U1MDEwMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZTPkUTt0tPeWNupcmwkq9aJcx
Eqq83sM4+X1W2yTpCmmFAIljmg0/HW/yEIWsKGOY7fATwbMG2WDbLvfQ7q4a7DHD
COqP2McvxSt7/VSO/lug5FlLRje7g8gIUauDrTMaSpjkCi6ofHpfXhh6ePiD9W74
2ymD9voGDxHmXBao52EXfFBak58YR7de4m/YiBCTKbycTeVMMmS3JUqgzEdYUcpi
ZuPE9XJKuUNyEn4P0LAILV3A2piIHnFakmzZRB8OwSTLZTETmLaVSGVatxGyrl7D
qGSRSFYL6vIpwHIpwdckAfPBfF8Kne3tj9NpjqF3hZc4n/3Q+GiAuAD2AZodAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUE/wDEPc7VfTtUCyA6bM5kD5QEC0wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzczNzJlMzIzNDMzMmUzODM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE3z
VTANBgkqhkiG9w0BAQsFAAOCAQEAKDroG2Duj/17LVxnykMxz/isfg0Z2i3I9oVu
TezGcoroet0URz2NR+7F/+b7ARYDMoSlPX2vSfMlAUOLJrC06UmSnJK2UQ/RV9T1
0riumlUPiE55SjkGlWncpGcZEc9b7vcdmaKkwrRzmceBq5n4SAidIIk5LOwGuSas
PC3nfEa/DJDoWM3ki2xjBx+DZF2u82fNUvi4GiMVYnXb1ibznuFWtWlig5m/tcw4
+0tED/UCUCzzIKvWJm6QPhpZ1VvnxRf8gEein7rfCmYPF6qvonZVxiXu8Up3KS8A
uA5ZvTcPY2k1ExXOXEpDz4eK9xeUUWBwIRj05o60lzNxjSjXSg==
-----END CERTIFICATE-----