Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37362e34382e302f32302d3332203d3e203531313637.roa
File:                     3231372e37362e34382e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          fCFY3BKRuHvErVdE3SSCK7JReks1uzvk/3hTPIcSQqw=
Subject key identifier:   CB:49:3A:35:9A:7B:1C:AD:44:DF:03:41:80:DC:0D:E7:31:46:88:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7EEF07C39E5A7E263956B08619660D776911517B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37362e34382e302f32302d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:27 +0000
ROA not before:           Mon 26 Feb 2024 08:48:27 +0000
ROA not after:            Mon 24 Feb 2025 08:53:27 +0000
asID:                     51167
IP address blocks:        217.76.48.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:ef:07:c3:9e:5a:7e:26:39:56:b0:86:19:66:0d:77:69:11:51:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:27 2024 GMT
            Not After : Feb 24 08:53:27 2025 GMT
        Subject: CN=CB493A359A7B1CAD44DF034180DC0DE7314688BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:91:ee:c9:f7:df:47:0a:63:07:e6:5a:88:9a:
                    e6:2b:6b:f7:8c:15:07:44:78:fc:09:46:3c:c9:d6:
                    a0:74:eb:06:da:14:04:65:7e:87:59:a4:87:bb:4c:
                    10:b0:d5:fe:6d:36:10:96:e5:17:b2:01:c2:81:f0:
                    46:c5:91:96:5a:e2:17:28:67:9e:fc:3a:cb:bf:0d:
                    cd:71:2b:41:40:45:87:f6:a1:19:fa:4c:0d:ac:a5:
                    27:44:44:4d:43:f7:f5:5b:62:25:85:a0:c2:12:69:
                    3d:29:e1:6c:aa:e4:3e:6e:a7:1a:da:7f:2d:98:6c:
                    7c:60:cb:d5:b2:b0:57:57:f1:b6:f1:ee:b5:39:d4:
                    46:75:7a:9a:24:e4:d5:95:35:bb:9c:87:e6:24:c3:
                    96:b4:b1:6e:8e:6f:be:a9:f0:23:c9:25:17:1a:69:
                    b5:2b:ab:4d:b5:83:42:5e:82:fa:03:b3:df:2b:29:
                    ae:85:d2:2b:58:29:4c:3a:30:83:7a:f6:7d:54:71:
                    54:1c:15:fd:d1:77:70:56:34:57:5f:86:af:a8:5e:
                    8c:7b:26:a4:9a:83:68:f3:ff:3a:b9:5b:67:03:5b:
                    b4:15:b0:88:b8:e3:e0:5d:bd:9c:32:0c:d6:c8:94:
                    a3:ca:ab:30:5c:d1:c7:e4:2c:44:8b:f2:1d:8f:fa:
                    af:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:49:3A:35:9A:7B:1C:AD:44:DF:03:41:80:DC:0D:E7:31:46:88:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37362e34382e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         67:86:42:25:12:87:7c:36:a5:8e:c5:c9:8e:95:79:0b:80:ed:
         ba:d8:95:cb:95:96:e4:df:3a:5e:11:d0:38:8c:68:70:84:a4:
         e1:1e:76:97:04:bb:b0:ac:17:ce:44:57:5e:15:43:60:2d:70:
         dc:5a:39:a0:21:01:10:95:ed:a3:87:38:9f:b6:76:f8:7d:a9:
         56:e0:bd:23:42:11:2c:41:5f:31:e4:ca:35:45:9b:69:a0:b7:
         94:d1:f1:b3:71:5f:ad:9c:0c:ff:57:60:78:ba:f4:00:c8:f2:
         0e:00:fd:fa:f9:5a:72:13:f4:7f:0c:75:7e:3a:14:e5:03:6c:
         4e:77:bf:2a:24:37:3b:76:48:46:c7:f8:73:29:22:96:88:49:
         96:42:5d:47:34:c6:b9:ad:1b:9f:51:c7:8e:d9:d4:f0:9b:87:
         b8:04:cc:10:35:d7:58:c8:62:16:91:be:f0:04:7c:71:ba:ae:
         7e:49:94:e1:9d:a6:29:ff:65:74:ee:c8:bb:46:c6:f0:88:46:
         86:19:e9:7c:29:fb:7e:58:21:ae:b2:ff:fa:32:78:ff:14:bf:
         23:21:56:e8:c3:b4:b7:0d:a7:92:2b:cf:62:1b:82:c9:3c:b4:
         6d:6c:bb:33:1a:60:2f:a3:96:63:3a:15:96:50:9e:da:e0:44:
         6a:f2:47:55
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfu8Hw55afiY5VrCGGWYNd2kRUXswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjdaFw0yNTAyMjQwODUzMjdaMDMxMTAvBgNV
BAMTKENCNDkzQTM1OUE3QjFDQUQ0NERGMDM0MTgwREMwREU3MzE0Njg4QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDske7J999HCmMH5lqImuYra/eM
FQdEePwJRjzJ1qB06wbaFARlfodZpIe7TBCw1f5tNhCW5ReyAcKB8EbFkZZa4hco
Z578Osu/Dc1xK0FARYf2oRn6TA2spSdERE1D9/VbYiWFoMISaT0p4Wyq5D5upxra
fy2YbHxgy9WysFdX8bbx7rU51EZ1epok5NWVNbuch+Ykw5a0sW6Ob76p8CPJJRca
abUrq021g0JegvoDs98rKa6F0itYKUw6MIN69n1UcVQcFf3Rd3BWNFdfhq+oXox7
JqSag2jz/zq5W2cDW7QVsIi44+BdvZwyDNbIlKPKqzBc0cfkLESL8h2P+q8FAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUy0k6NZp7HK1E3wNBgNwN5zFGiLowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzNzM2MmUzNDM4
MmUzMDJmMzIzMDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNlM
MDANBgkqhkiG9w0BAQsFAAOCAQEAZ4ZCJRKHfDaljsXJjpV5C4DtutiVy5WW5N86
XhHQOIxocISk4R52lwS7sKwXzkRXXhVDYC1w3Fo5oCEBEJXto4c4n7Z2+H2pVuC9
I0IRLEFfMeTKNUWbaaC3lNHxs3FfrZwM/1dgeLr0AMjyDgD9+vlachP0fwx1fjoU
5QNsTne/KiQ3O3ZIRsf4cykilohJlkJdRzTGua0bn1HHjtnU8JuHuATMEDXXWMhi
FpG+8AR8cbqufkmU4Z2mKf9ldO7Iu0bG8IhGhhnpfCn7flghrrL/+jJ4/xS/IyFW
6MO0tw2nkivPYhuCyTy0bWy7MxpgL6OWYzoVllCe2uBEavJHVQ==
-----END CERTIFICATE-----