Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33372e34342e3234342e302f32332d3234203d3e203437353833.roa
File:                     33372e34342e3234342e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          qALEb8Go5Af8upBK19uJTcE+2mMHxVLbUiF53B51wkA=
Subject key identifier:   DD:77:D7:F1:35:F5:39:26:01:55:A8:CB:44:07:58:57:81:FC:66:EB
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1E374B08D05C6B6BD218AC2C75E0124665EADE43
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33372e34342e3234342e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:45 +0000
ROA not before:           Mon 26 Feb 2024 08:47:45 +0000
ROA not after:            Mon 24 Feb 2025 08:52:45 +0000
asID:                     47583
IP address blocks:        37.44.244.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:37:4b:08:d0:5c:6b:6b:d2:18:ac:2c:75:e0:12:46:65:ea:de:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:45 2024 GMT
            Not After : Feb 24 08:52:45 2025 GMT
        Subject: CN=DD77D7F135F539260155A8CB4407585781FC66EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bf:04:8c:17:bf:97:b8:f5:31:b0:5c:cf:fa:
                    83:ba:95:7d:86:c4:93:08:98:3c:ad:95:1f:5a:ba:
                    81:fe:10:db:92:99:74:01:57:4d:73:75:50:09:d9:
                    f4:56:57:1a:e0:60:f9:c0:2a:9d:4e:7b:42:14:c2:
                    22:08:c5:b2:8a:a1:15:51:d0:2b:ba:63:fb:d3:f4:
                    57:4a:30:52:a7:7c:7a:4f:9a:01:f4:f0:58:75:ad:
                    1e:f1:a1:e4:f2:bb:0d:c6:0a:dd:61:af:96:a6:24:
                    ce:a7:1d:98:cc:81:70:7a:33:4a:48:57:57:09:b4:
                    6b:79:00:ee:da:ab:e1:70:ea:9b:9e:73:c3:a9:71:
                    b1:49:78:be:0a:52:7c:31:bf:16:51:35:6a:d8:d5:
                    a9:7d:dc:3e:e0:52:47:ee:8f:a7:4b:cc:5c:d2:4e:
                    e1:c8:3c:b1:1d:97:c7:c2:dd:3f:54:56:12:b5:90:
                    9a:e4:97:2b:53:70:11:a3:4c:e7:e8:ae:2a:58:9d:
                    c1:0e:b9:b4:0b:ad:fb:d2:66:0a:88:2e:5c:81:4d:
                    cb:5d:e8:3d:65:1c:d6:de:b3:b2:8e:3a:dd:47:22:
                    6b:15:cf:94:ec:fa:e6:02:e2:1f:93:8a:5a:42:2c:
                    da:d7:e8:8d:86:95:e0:20:c2:26:ed:7d:8a:ad:00:
                    51:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:77:D7:F1:35:F5:39:26:01:55:A8:CB:44:07:58:57:81:FC:66:EB
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33372e34342e3234342e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:a8:12:7b:96:ae:71:ce:53:3f:dd:c4:5e:3a:40:93:5e:45:
         03:4a:50:4d:c4:49:aa:d8:79:d1:80:fc:6d:a9:b2:e2:ed:d5:
         95:4f:e7:1b:9a:b7:a6:11:c7:25:01:71:70:f8:d8:74:15:82:
         4e:42:13:f9:a4:94:63:48:68:d5:49:c7:81:cb:2f:fe:db:3d:
         5e:a2:40:f4:7c:c5:5b:9e:45:27:73:f0:ba:3f:63:a8:c0:38:
         54:e3:9b:84:39:d0:49:45:16:75:93:74:41:8c:cf:5f:1e:b5:
         28:58:9a:c8:87:5c:d2:4e:7c:97:bb:89:ac:6a:71:7e:99:3f:
         ce:b2:cd:58:f3:d0:38:a7:ec:26:7b:52:b0:40:c1:da:20:6c:
         67:ea:12:08:25:f1:59:32:68:df:9e:9d:15:f3:98:b1:b7:db:
         83:d7:7b:69:d0:28:69:04:ff:67:16:ea:16:8d:47:17:45:1c:
         81:a1:b6:5c:c9:00:5e:8e:a5:94:e6:ef:9e:3c:7b:09:e9:ab:
         a0:76:01:56:69:72:c4:1a:e9:c1:41:c0:48:d1:55:5f:68:a2:
         d3:b6:02:09:1a:18:59:92:4f:e6:75:4a:77:b1:1d:4d:2d:c0:
         47:c7:d0:74:7c:ff:84:44:ca:62:28:83:74:b4:33:27:af:89:
         fa:0a:64:6c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHjdLCNBca2vSGKwsdeASRmXq3kMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDVaFw0yNTAyMjQwODUyNDVaMDMxMTAvBgNV
BAMTKERENzdEN0YxMzVGNTM5MjYwMTU1QThDQjQ0MDc1ODU3ODFGQzY2RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxvwSMF7+XuPUxsFzP+oO6lX2G
xJMImDytlR9auoH+ENuSmXQBV01zdVAJ2fRWVxrgYPnAKp1Oe0IUwiIIxbKKoRVR
0Cu6Y/vT9FdKMFKnfHpPmgH08Fh1rR7xoeTyuw3GCt1hr5amJM6nHZjMgXB6M0pI
V1cJtGt5AO7aq+Fw6puec8OpcbFJeL4KUnwxvxZRNWrY1al93D7gUkfuj6dLzFzS
TuHIPLEdl8fC3T9UVhK1kJrklytTcBGjTOforipYncEOubQLrfvSZgqILlyBTctd
6D1lHNbes7KOOt1HImsVz5Ts+uYC4h+TilpCLNrX6I2GleAgwibtfYqtAFFNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3XfX8TX1OSYBVajLRAdYV4H8ZuswHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzMzNzJlMzQzNDJlMzIzNDM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEASUs
9DANBgkqhkiG9w0BAQsFAAOCAQEAUagSe5aucc5TP93EXjpAk15FA0pQTcRJqth5
0YD8bamy4u3VlU/nG5q3phHHJQFxcPjYdBWCTkIT+aSUY0ho1UnHgcsv/ts9XqJA
9HzFW55FJ3Pwuj9jqMA4VOObhDnQSUUWdZN0QYzPXx61KFiayIdc0k58l7uJrGpx
fpk/zrLNWPPQOKfsJntSsEDB2iBsZ+oSCCXxWTJo356dFfOYsbfbg9d7adAoaQT/
ZxbqFo1HF0UcgaG2XMkAXo6llObvnjx7CemroHYBVmlyxBrpwUHASNFVX2ii07YC
CRoYWZJP5nVKd7EdTS3AR8fQdHz/hETKYiiDdLQzJ6+J+gpkbA==
-----END CERTIFICATE-----