Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3232342e302f32302d3332203d3e203531313637.roa
File:                     33372e36302e3232342e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          E0m1v/rqNZZf6XeMFoQO8BEO3a6aImaq7rc43U0ke1M=
Subject key identifier:   1B:95:8A:46:57:E5:A4:10:55:97:A3:F6:6E:D7:FD:34:1B:28:68:E7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       39705B98BBCFBAC20CDC420FEAB827186E05ED3A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3232342e302f32302d3332203d3e203531313637.roa
Signing time:             Thu 25 Jan 2024 10:02:06 +0000
ROA not before:           Thu 25 Jan 2024 09:57:06 +0000
ROA not after:            Thu 23 Jan 2025 10:02:06 +0000
asID:                     51167
IP address blocks:        37.60.224.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:70:5b:98:bb:cf:ba:c2:0c:dc:42:0f:ea:b8:27:18:6e:05:ed:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 25 09:57:06 2024 GMT
            Not After : Jan 23 10:02:06 2025 GMT
        Subject: CN=1B958A4657E5A4105597A3F66ED7FD341B2868E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c7:ba:16:34:00:71:d7:98:22:a3:59:63:47:
                    fd:dc:cc:bd:9e:42:12:6c:f1:ee:9d:f0:4c:aa:cd:
                    8a:28:b8:da:ae:cc:0b:15:27:e8:2e:35:d6:02:d6:
                    bc:be:35:e4:1b:c1:fb:8c:46:ea:75:54:4e:b4:cf:
                    66:a5:45:9f:1c:23:90:59:ab:33:fc:a7:cf:16:0c:
                    54:dd:4d:7a:10:7b:02:50:fb:60:f2:9a:1b:68:82:
                    4d:ce:79:fe:1c:c1:75:74:be:79:56:48:1e:54:6f:
                    61:30:0a:7b:ed:b6:99:a2:7b:21:e2:94:c2:2e:da:
                    70:a9:c6:eb:ac:b1:72:8e:66:c4:36:60:87:10:c8:
                    73:1f:b2:66:1a:9d:ae:bc:6e:48:cf:a3:68:a7:81:
                    e7:6b:b1:5b:3f:4d:c7:68:49:07:38:2b:bc:9d:bf:
                    b6:70:14:f4:7b:7d:21:c6:e7:56:fe:67:23:ea:6e:
                    d9:86:44:9a:8a:6e:ed:62:62:8e:cf:76:51:10:74:
                    64:87:bf:ef:40:c2:d9:85:14:c6:76:10:1f:50:a3:
                    b0:59:51:7d:d8:6f:7a:bd:c1:b2:dc:7c:c1:1e:be:
                    42:1d:3b:13:5c:58:91:03:3e:0c:15:cf:74:76:7f:
                    71:db:8d:42:cd:79:35:42:9c:63:29:65:4c:79:f7:
                    de:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:95:8A:46:57:E5:A4:10:55:97:A3:F6:6E:D7:FD:34:1B:28:68:E7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3232342e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3d:d6:22:6f:3f:22:a9:6f:bf:a1:dd:42:1d:6d:a7:84:52:9f:
         ff:48:78:64:57:52:2f:3a:30:bb:74:65:76:27:12:5e:0e:b8:
         fa:96:bd:da:36:6f:ca:fc:f9:92:2f:2c:1a:22:27:19:91:fd:
         93:f9:95:55:58:09:d2:76:40:df:09:c2:2f:5a:25:06:f0:54:
         b6:a0:f6:d5:9a:ce:6d:9b:04:93:dc:6c:5c:f9:87:03:df:da:
         1b:07:7f:6c:95:59:89:2e:de:ad:39:b8:76:ca:37:ac:f3:68:
         0d:d9:96:84:17:77:92:9f:9d:d4:ea:8e:b9:84:5a:25:62:b4:
         d7:6e:28:e9:b5:eb:88:42:f6:5a:e4:88:be:b4:51:d4:c8:16:
         99:02:63:84:39:b4:44:84:6a:5f:2b:f6:4a:db:c7:9c:fc:06:
         3f:ef:6f:95:58:58:ae:ef:68:9c:4f:cd:0d:54:4b:aa:86:ab:
         20:cd:e8:03:33:3f:30:10:dc:0e:87:cf:ba:d4:3e:77:af:b2:
         32:c4:fd:57:15:73:50:57:f0:b9:62:9b:82:43:3c:60:92:2a:
         33:3b:7f:c8:46:2d:88:e7:ea:ae:26:9f:cd:65:70:3c:df:9f:
         e9:4f:47:fd:8c:bf:c4:a2:d1:14:51:3b:93:87:fd:ad:00:82:
         0e:2f:63:bd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOXBbmLvPusIM3EIP6rgnGG4F7TowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjUwOTU3MDZaFw0yNTAxMjMxMDAyMDZaMDMxMTAvBgNV
BAMTKDFCOTU4QTQ2NTdFNUE0MTA1NTk3QTNGNjZFRDdGRDM0MUIyODY4RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChx7oWNABx15gio1ljR/3czL2e
QhJs8e6d8EyqzYoouNquzAsVJ+guNdYC1ry+NeQbwfuMRup1VE60z2alRZ8cI5BZ
qzP8p88WDFTdTXoQewJQ+2Dymhtogk3Oef4cwXV0vnlWSB5Ub2EwCnvttpmieyHi
lMIu2nCpxuussXKOZsQ2YIcQyHMfsmYana68bkjPo2ingedrsVs/TcdoSQc4K7yd
v7ZwFPR7fSHG51b+ZyPqbtmGRJqKbu1iYo7PdlEQdGSHv+9AwtmFFMZ2EB9Qo7BZ
UX3Yb3q9wbLcfMEevkIdOxNcWJEDPgwVz3R2f3HbjULNeTVCnGMpZUx5997nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUG5WKRlflpBBVl6P2btf9NBsoaOcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzNzJlMzYzMDJlMzIzMjM0
MmUzMDJmMzIzMDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBCU8
4DANBgkqhkiG9w0BAQsFAAOCAQEAPdYibz8iqW+/od1CHW2nhFKf/0h4ZFdSLzow
u3RldicSXg64+pa92jZvyvz5ki8sGiInGZH9k/mVVVgJ0nZA3wnCL1olBvBUtqD2
1ZrObZsEk9xsXPmHA9/aGwd/bJVZiS7erTm4dso3rPNoDdmWhBd3kp+d1OqOuYRa
JWK0124o6bXriEL2WuSIvrRR1MgWmQJjhDm0RIRqXyv2StvHnPwGP+9vlVhYru9o
nE/NDVRLqoarIM3oAzM/MBDcDofPutQ+d6+yMsT9VxVzUFfwuWKbgkM8YJIqMzt/
yEYtiOfqriafzWVwPN+f6U9H/Yy/xKLRFFE7k4f9rQCCDi9jvQ==
-----END CERTIFICATE-----