Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3234302e302f32302d3332203d3e203531313637.roa
File:                     33372e36302e3234302e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          ZUrFoZMjn/BOFymkXcQHScH/eSk7GkARBWDE/ZXh0Bo=
Subject key identifier:   F7:FA:BC:B4:CF:2D:58:EE:87:E1:E8:3E:80:7E:75:39:24:E2:B2:40
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0883B98E305D83CAF1E6E8C60DF54A72B29FC7E0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3234302e302f32302d3332203d3e203531313637.roa
Signing time:             Thu 25 Jan 2024 10:02:21 +0000
ROA not before:           Thu 25 Jan 2024 09:57:21 +0000
ROA not after:            Thu 23 Jan 2025 10:02:21 +0000
asID:                     51167
IP address blocks:        37.60.240.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:83:b9:8e:30:5d:83:ca:f1:e6:e8:c6:0d:f5:4a:72:b2:9f:c7:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 25 09:57:21 2024 GMT
            Not After : Jan 23 10:02:21 2025 GMT
        Subject: CN=F7FABCB4CF2D58EE87E1E83E807E753924E2B240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bb:cb:3a:8f:6e:78:77:22:4d:24:dd:89:2d:
                    20:4a:3b:28:fa:57:f5:a6:93:40:ef:74:e8:e9:a7:
                    83:23:d1:8d:db:df:08:f1:94:70:d5:91:43:d3:a5:
                    07:eb:f5:97:ae:99:ed:9c:48:90:b7:87:ed:72:a4:
                    78:6d:0f:2c:cb:5e:7c:bb:c7:9a:f1:52:63:30:9e:
                    26:3c:b5:0f:bf:b1:61:95:3f:f4:3a:71:49:3e:fd:
                    62:7e:81:70:17:f0:9b:c7:ff:16:ab:74:70:5e:fb:
                    a9:64:ac:89:dc:06:a2:79:a7:95:90:77:79:9a:c8:
                    37:d5:00:04:c9:ea:09:20:bd:d7:44:89:f1:25:21:
                    54:4d:b7:42:a9:37:67:4d:7e:7f:b9:01:12:d1:57:
                    a8:f6:d2:4e:5d:9c:5c:70:71:8e:74:a0:eb:c3:97:
                    a0:c5:df:f6:96:c2:55:5f:f1:4c:a8:23:d0:15:24:
                    fe:0a:bb:d3:18:50:b5:c5:ac:ab:31:8b:6d:65:20:
                    f2:ad:be:8b:ca:a8:3d:22:e2:6b:6d:a0:d8:37:95:
                    cf:84:b8:4f:b9:6a:15:85:b4:42:58:8c:a6:c8:46:
                    5d:f6:57:ad:1f:85:c5:20:b8:b0:7e:ca:2c:48:60:
                    81:41:b3:48:26:29:8b:98:95:c9:0f:27:83:b2:d5:
                    30:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:FA:BC:B4:CF:2D:58:EE:87:E1:E8:3E:80:7E:75:39:24:E2:B2:40
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3234302e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:53:30:8e:17:50:22:db:aa:86:54:9f:8d:58:35:56:84:bc:
         44:43:e4:54:5d:5c:0f:eb:1f:eb:da:fb:c0:0e:66:e0:1d:09:
         60:c4:d8:f3:a2:16:5c:21:02:71:33:1d:99:7d:72:c9:ff:2e:
         3f:13:5b:f2:97:24:25:55:45:b0:71:81:26:ca:47:5f:56:4d:
         f4:32:43:f1:05:27:ad:15:b0:2c:49:8c:1a:56:4d:db:78:d4:
         bc:e8:ac:63:bf:6f:e1:78:64:3f:c8:28:b2:50:92:5e:6b:07:
         3d:78:eb:9d:cb:1e:48:b6:c9:d0:04:d9:44:74:87:3a:be:d7:
         8a:92:c1:40:20:57:31:e6:44:91:92:0e:f1:9e:4d:61:33:9b:
         58:da:02:67:a6:8f:c9:aa:21:cd:4b:5c:20:6f:49:0e:f4:6d:
         bd:98:04:fd:34:b0:1b:41:2e:c5:6a:85:80:15:98:43:4b:d3:
         ca:7c:28:54:dc:1e:f1:b8:a7:97:a4:a8:7d:8c:b5:9d:66:53:
         cc:e2:89:f2:68:f7:05:88:1c:a4:ac:1d:21:fc:d7:a6:89:1b:
         c1:34:05:ad:98:c5:3e:fa:22:9c:6d:95:c1:de:89:3e:74:c0:
         12:1c:af:f6:9c:a1:3f:2f:3f:d8:fa:04:32:93:8f:b5:21:70:
         c5:1d:dd:1e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCIO5jjBdg8rx5ujGDfVKcrKfx+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjUwOTU3MjFaFw0yNTAxMjMxMDAyMjFaMDMxMTAvBgNV
BAMTKEY3RkFCQ0I0Q0YyRDU4RUU4N0UxRTgzRTgwN0U3NTM5MjRFMkIyNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDju8s6j254dyJNJN2JLSBKOyj6
V/Wmk0DvdOjpp4Mj0Y3b3wjxlHDVkUPTpQfr9Zeume2cSJC3h+1ypHhtDyzLXny7
x5rxUmMwniY8tQ+/sWGVP/Q6cUk+/WJ+gXAX8JvH/xardHBe+6lkrIncBqJ5p5WQ
d3mayDfVAATJ6gkgvddEifElIVRNt0KpN2dNfn+5ARLRV6j20k5dnFxwcY50oOvD
l6DF3/aWwlVf8UyoI9AVJP4Ku9MYULXFrKsxi21lIPKtvovKqD0i4mttoNg3lc+E
uE+5ahWFtEJYjKbIRl32V60fhcUguLB+yixIYIFBs0gmKYuYlckPJ4Oy1TCjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9/q8tM8tWO6H4eg+gH51OSTiskAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzNzJlMzYzMDJlMzIzNDMw
MmUzMDJmMzIzMDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBCU8
8DANBgkqhkiG9w0BAQsFAAOCAQEAk1MwjhdQItuqhlSfjVg1VoS8REPkVF1cD+sf
69r7wA5m4B0JYMTY86IWXCECcTMdmX1yyf8uPxNb8pckJVVFsHGBJspHX1ZN9DJD
8QUnrRWwLEmMGlZN23jUvOisY79v4XhkP8goslCSXmsHPXjrncseSLbJ0ATZRHSH
Or7XipLBQCBXMeZEkZIO8Z5NYTObWNoCZ6aPyaohzUtcIG9JDvRtvZgE/TSwG0Eu
xWqFgBWYQ0vTynwoVNwe8binl6SofYy1nWZTzOKJ8mj3BYgcpKwdIfzXpokbwTQF
rZjFPvoinG2Vwd6JPnTAEhyv9pyhPy8/2PoEMpOPtSFwxR3dHg==
-----END CERTIFICATE-----