Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e302e302f32322d3232203d3e20323031333431.roa
File:                     3135362e36372e302e302f32322d3232203d3e20323031333431.roa (raw, json)
Hash identifier:          PWs7Xjaw+FhPVazpnIt61qKtLUSj9rVfJnYWj/A2JJ4=
Subject key identifier:   5B:75:D7:15:A9:46:4A:0F:22:32:92:5D:02:AF:52:9E:39:20:51:3E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       43AF72F87E158ABC7B3408E8CE24106066245759
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e302e302f32322d3232203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:11 +0000
ROA not before:           Mon 26 Feb 2024 08:48:11 +0000
ROA not after:            Mon 24 Feb 2025 08:53:11 +0000
asID:                     201341
IP address blocks:        156.67.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:af:72:f8:7e:15:8a:bc:7b:34:08:e8:ce:24:10:60:66:24:57:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:11 2024 GMT
            Not After : Feb 24 08:53:11 2025 GMT
        Subject: CN=5B75D715A9464A0F2232925D02AF529E3920513E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a0:09:23:d1:3e:36:10:6b:1c:e6:3f:90:24:
                    7f:6a:8d:7b:8e:68:24:35:e0:96:30:8c:69:75:a3:
                    f6:d0:e1:70:d8:20:ba:b7:32:1b:ee:26:23:c2:ef:
                    b4:c1:1f:99:ff:8a:bd:48:75:68:86:2a:0e:87:ed:
                    05:7d:a4:bd:08:4a:3d:5f:b0:f6:03:19:9c:a4:33:
                    58:9e:a3:47:a9:7a:00:cf:b2:e0:d6:c3:0a:36:38:
                    08:ce:64:2a:96:8e:af:b1:55:22:5b:f5:d6:a7:de:
                    97:31:83:05:aa:41:8c:11:7b:b8:4b:53:1b:8b:0e:
                    ed:d0:75:b3:22:04:4f:d5:1e:99:fd:14:f8:d5:80:
                    cc:ac:0a:99:97:08:80:40:62:28:d6:7d:5f:a2:a5:
                    02:02:8c:25:3b:e5:7d:d3:4b:57:67:b1:fa:42:70:
                    1a:c8:39:fd:bc:12:90:4b:19:a4:0a:42:01:96:aa:
                    63:be:8e:a1:1f:3c:9a:44:99:da:6d:a1:16:a0:ea:
                    bc:b1:76:df:75:f7:fb:c8:d2:35:eb:10:63:bf:a4:
                    fd:99:2d:b8:74:27:d4:83:5b:ec:d1:4d:4d:d8:31:
                    93:1d:05:67:c4:66:27:a9:d4:41:2b:ac:c4:1b:f1:
                    ff:9e:ec:49:76:d2:91:3e:5c:34:95:97:8d:b9:58:
                    67:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:75:D7:15:A9:46:4A:0F:22:32:92:5D:02:AF:52:9E:39:20:51:3E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e302e302f32322d3232203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.67.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:55:0d:8e:1c:de:b8:ee:6c:65:2c:76:71:9d:ef:68:9e:42:
         5f:1e:06:80:23:3e:41:24:fc:91:a4:2a:be:bd:0c:1d:78:e3:
         69:b0:a1:b9:62:ba:21:70:2c:d1:ca:0a:cf:9e:86:1c:e6:e6:
         3f:4a:b1:ed:2d:e3:41:41:bd:ab:52:66:f4:32:89:b0:be:21:
         24:1d:b9:05:2d:8d:f6:44:43:00:93:d4:4b:d3:f1:97:c5:c7:
         70:cc:f0:01:ca:04:af:87:33:f7:24:a6:01:45:df:75:1b:19:
         dc:80:af:1c:ae:ad:cc:81:5f:95:06:70:86:a1:4f:6a:f8:d0:
         4a:ad:9f:c7:95:de:99:92:7b:05:a9:47:08:43:46:ad:c6:bb:
         b3:9d:60:e8:36:8f:5f:52:ee:1c:84:34:fd:16:4d:9c:e8:38:
         c2:a5:4c:77:30:82:cb:1a:bf:e6:d1:0b:27:4e:59:02:b0:d2:
         f3:b8:5b:15:29:37:07:48:c2:e1:0b:b1:03:2f:e1:86:b4:b0:
         3f:1c:5f:1d:3f:d5:8c:7f:46:53:e1:2f:f3:ed:3d:e0:65:75:
         fb:24:9b:05:79:24:53:09:c6:05:5a:d1:61:08:a7:35:28:f1:
         57:a3:34:b2:f7:c2:9f:d6:3c:08:21:c9:0c:72:07:ba:24:a2:
         01:64:74:28
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQ69y+H4Virx7NAjoziQQYGYkV1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTFaFw0yNTAyMjQwODUzMTFaMDMxMTAvBgNV
BAMTKDVCNzVENzE1QTk0NjRBMEYyMjMyOTI1RDAyQUY1MjlFMzkyMDUxM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBoAkj0T42EGsc5j+QJH9qjXuO
aCQ14JYwjGl1o/bQ4XDYILq3MhvuJiPC77TBH5n/ir1IdWiGKg6H7QV9pL0ISj1f
sPYDGZykM1ieo0epegDPsuDWwwo2OAjOZCqWjq+xVSJb9dan3pcxgwWqQYwRe7hL
UxuLDu3QdbMiBE/VHpn9FPjVgMysCpmXCIBAYijWfV+ipQICjCU75X3TS1dnsfpC
cBrIOf28EpBLGaQKQgGWqmO+jqEfPJpEmdptoRag6ryxdt919/vI0jXrEGO/pP2Z
Lbh0J9SDW+zRTU3YMZMdBWfEZiep1EErrMQb8f+e7El20pE+XDSVl425WGe1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW3XXFalGSg8iMpJdAq9SnjkgUT4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM2MmUzNjM3MmUzMDJl
MzAyZjMyMzIyZDMyMzIyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApxD
ADANBgkqhkiG9w0BAQsFAAOCAQEAb1UNjhzeuO5sZSx2cZ3vaJ5CXx4GgCM+QST8
kaQqvr0MHXjjabChuWK6IXAs0coKz56GHObmP0qx7S3jQUG9q1Jm9DKJsL4hJB25
BS2N9kRDAJPUS9Pxl8XHcMzwAcoEr4cz9ySmAUXfdRsZ3ICvHK6tzIFflQZwhqFP
avjQSq2fx5XemZJ7BalHCENGrca7s51g6DaPX1LuHIQ0/RZNnOg4wqVMdzCCyxq/
5tELJ05ZArDS87hbFSk3B0jC4QuxAy/hhrSwPxxfHT/VjH9GU+Ev8+094GV1+ySb
BXkkUwnGBVrRYQinNSjxV6M0svfCn9Y8CCHJDHIHuiSiAWR0KA==
-----END CERTIFICATE-----