Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e38302e302f32302d3234203d3e203437353833.roa
File:                     3231372e32312e38302e302f32302d3234203d3e203437353833.roa (raw, json)
Hash identifier:          0ORZXcaBLYXDUZ/Yhtl6rIt0UWlu37dpke0E8C39Jwo=
Subject key identifier:   42:3D:21:CA:61:D8:22:A8:53:62:7F:D5:32:7C:02:96:1D:0D:F2:A5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7FB5DAE7A714FAFD227AF54A7988FB43EF1F85E7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e38302e302f32302d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:23 +0000
ROA not before:           Mon 26 Feb 2024 08:48:23 +0000
ROA not after:            Mon 24 Feb 2025 08:53:23 +0000
asID:                     47583
IP address blocks:        217.21.80.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:b5:da:e7:a7:14:fa:fd:22:7a:f5:4a:79:88:fb:43:ef:1f:85:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:23 2024 GMT
            Not After : Feb 24 08:53:23 2025 GMT
        Subject: CN=423D21CA61D822A853627FD5327C02961D0DF2A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:55:1e:68:a9:49:a6:78:09:c4:61:b6:69:28:
                    08:32:f7:74:e6:8a:e5:6d:cd:c6:c3:e2:6d:b2:6d:
                    c0:48:f9:53:d2:4f:61:72:45:a4:a2:63:d6:af:13:
                    6c:d6:fd:58:77:76:21:03:d5:b7:e9:6d:14:90:cc:
                    ee:f3:59:29:fa:c0:13:ac:18:c2:a9:cb:c1:fc:1f:
                    1a:4b:3e:2b:eb:90:21:3d:ea:67:0c:ec:77:e0:b2:
                    da:7a:06:2a:1c:a4:0e:9d:8f:d3:0a:d1:c4:9a:4e:
                    6d:18:38:df:e5:62:18:56:26:6b:01:c7:46:a0:0d:
                    b4:ca:23:0c:f6:4a:1e:42:87:6f:50:3e:e7:06:a1:
                    26:bd:7c:a2:ca:bb:9b:46:93:8a:b1:a8:75:16:08:
                    37:82:f1:5e:98:dd:df:db:51:2c:c7:3a:01:d8:1f:
                    5d:29:02:31:05:f4:13:b0:01:29:8b:72:fb:eb:a3:
                    5c:e3:47:e9:7e:df:de:2f:1f:56:48:15:3a:6f:9f:
                    6f:fe:06:44:98:aa:38:3a:df:5e:85:8e:24:39:5e:
                    61:09:b4:07:97:37:91:84:7e:ec:73:d2:a3:a8:a0:
                    af:a6:01:3e:bc:e9:fc:4a:96:9c:68:9c:a6:fd:db:
                    ba:4a:36:6f:d9:86:c9:d5:ce:a8:8a:12:1a:50:c8:
                    14:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3D:21:CA:61:D8:22:A8:53:62:7F:D5:32:7C:02:96:1D:0D:F2:A5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e38302e302f32302d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.21.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         40:45:bf:63:d8:d8:6d:b8:cb:bf:f6:5c:a9:01:25:45:72:0e:
         de:2a:f8:51:b1:9b:7c:69:f5:cc:5a:81:5e:d5:9e:c5:95:ab:
         01:2e:f8:a1:8d:5e:bb:2e:22:f8:ab:5e:4d:64:fa:31:49:bd:
         ff:e9:cb:93:0a:99:5c:51:8b:73:bb:59:97:0a:c1:86:b2:bd:
         8b:5b:80:b6:f0:d9:73:8c:8a:2c:e3:8a:1b:3e:00:c9:a5:3f:
         f7:dc:f7:57:1d:cb:0d:2d:b7:57:b3:83:6c:c4:a8:61:f8:17:
         99:9f:b8:32:9a:19:01:6a:9a:4f:be:55:19:b3:3e:5b:8e:2f:
         5a:8e:d4:d8:47:13:37:f6:26:4a:21:82:d2:fd:fc:0d:41:f2:
         f4:4f:b5:66:4c:19:0e:47:88:c5:49:46:d8:ff:e1:82:cd:3c:
         34:40:3e:03:31:d6:07:f2:0d:e9:17:27:ac:39:80:b1:c5:de:
         ae:d4:f4:07:ff:68:27:89:61:5c:c1:31:5b:68:56:fe:e8:50:
         1e:60:ec:2d:8a:7a:41:98:0e:b9:38:90:49:a3:d7:12:c5:d4:
         de:6a:cd:da:1c:02:06:e0:77:96:39:c2:10:7d:51:ab:25:df:
         2c:5f:c5:d6:b1:f9:02:8c:88:65:8a:03:57:78:68:f2:ac:d7:
         d9:82:28:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUf7Xa56cU+v0ievVKeYj7Q+8fhecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjNaFw0yNTAyMjQwODUzMjNaMDMxMTAvBgNV
BAMTKDQyM0QyMUNBNjFEODIyQTg1MzYyN0ZENTMyN0MwMjk2MUQwREYyQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVR5oqUmmeAnEYbZpKAgy93Tm
iuVtzcbD4m2ybcBI+VPST2FyRaSiY9avE2zW/Vh3diED1bfpbRSQzO7zWSn6wBOs
GMKpy8H8HxpLPivrkCE96mcM7Hfgstp6BiocpA6dj9MK0cSaTm0YON/lYhhWJmsB
x0agDbTKIwz2Sh5Ch29QPucGoSa9fKLKu5tGk4qxqHUWCDeC8V6Y3d/bUSzHOgHY
H10pAjEF9BOwASmLcvvro1zjR+l+394vH1ZIFTpvn2/+BkSYqjg6316FjiQ5XmEJ
tAeXN5GEfuxz0qOooK+mAT686fxKlpxonKb927pKNm/ZhsnVzqiKEhpQyBQfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQj0hymHYIqhTYn/VMnwClh0N8qUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMmUzODMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNkV
UDANBgkqhkiG9w0BAQsFAAOCAQEAQEW/Y9jYbbjLv/ZcqQElRXIO3ir4UbGbfGn1
zFqBXtWexZWrAS74oY1euy4i+KteTWT6MUm9/+nLkwqZXFGLc7tZlwrBhrK9i1uA
tvDZc4yKLOOKGz4AyaU/99z3Vx3LDS23V7ODbMSoYfgXmZ+4MpoZAWqaT75VGbM+
W44vWo7U2EcTN/YmSiGC0v38DUHy9E+1ZkwZDkeIxUlG2P/hgs08NEA+AzHWB/IN
6RcnrDmAscXertT0B/9oJ4lhXMExW2hW/uhQHmDsLYp6QZgOuTiQSaPXEsXU3mrN
2hwCBuB3ljnCEH1RqyXfLF/F1rH5AoyIZYoDV3ho8qzX2YIo4A==
-----END CERTIFICATE-----