Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37372e302f32342d3234203d3e203630373930.roa
File:                     3137312e32322e37372e302f32342d3234203d3e203630373930.roa (raw, json)
Hash identifier:          Dm9so/zqaZMhja+hivZQV8hYfYGGa2JeFLQ2AhQ/nnI=
Subject key identifier:   6C:1F:AA:31:8D:D6:6C:B8:B9:E1:36:15:26:AD:9B:CE:C2:37:09:C1
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       27A0B4F2D3E3DBB881CF8ACDAF29982E2B25CFBF
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37372e302f32342d3234203d3e203630373930.roa
Signing time:             Wed 02 Aug 2023 11:06:41 +0000
ROA not before:           Wed 02 Aug 2023 11:01:41 +0000
ROA not after:            Wed 31 Jul 2024 11:06:41 +0000
asID:                     60790
IP address blocks:        171.22.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 16:37:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:a0:b4:f2:d3:e3:db:b8:81:cf:8a:cd:af:29:98:2e:2b:25:cf:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Aug  2 11:01:41 2023 GMT
            Not After : Jul 31 11:06:41 2024 GMT
        Subject: CN=6C1FAA318DD66CB8B9E1361526AD9BCEC23709C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:14:90:4a:a2:7d:ce:2f:6c:45:5f:66:2a:4c:
                    f2:e2:3e:f8:d3:14:c0:b0:4f:19:e5:db:cc:a9:9b:
                    9f:11:8a:fc:17:9f:b5:8b:e2:d2:3a:92:f3:35:97:
                    2f:e9:17:15:16:77:f2:7b:16:5c:0d:e3:18:03:f7:
                    ba:11:19:0e:b8:4e:c4:10:9d:0c:0a:03:7e:18:54:
                    eb:3c:8f:e3:eb:47:73:3d:6b:0b:12:7a:22:e5:d2:
                    2e:b2:8f:1b:73:65:c3:3b:9b:88:56:24:5c:f5:f2:
                    22:f4:34:5b:6b:ca:7c:a0:cd:7d:f1:b3:c0:d8:4d:
                    85:eb:0c:22:5b:55:79:fe:69:7c:12:22:f8:8f:ef:
                    28:1f:6b:ff:3e:01:f5:f5:c8:93:be:b4:fc:8e:c1:
                    77:3b:92:d8:c2:38:0d:34:c1:3a:88:d5:17:cc:32:
                    86:84:0d:2e:19:09:d2:87:de:db:8d:f0:c9:e8:8b:
                    81:a3:5a:fe:5c:b4:8e:53:f2:74:0f:6d:60:0d:ae:
                    aa:6f:18:93:8f:7c:a0:dd:cd:54:1f:ee:26:3c:d7:
                    02:48:86:3a:67:46:d2:f1:44:d7:ca:72:82:0e:23:
                    a1:55:af:c4:80:6f:5e:45:17:68:6d:31:dd:c8:45:
                    20:e9:f6:b3:c2:f6:8b:6b:d4:d8:da:da:d7:4a:af:
                    bd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:1F:AA:31:8D:D6:6C:B8:B9:E1:36:15:26:AD:9B:CE:C2:37:09:C1
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37372e302f32342d3234203d3e203630373930.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:72:c4:09:97:92:ad:46:a8:95:c2:4d:42:0c:dc:aa:82:3d:
         b5:d0:fa:f6:be:1e:78:dc:dd:bb:65:19:cf:27:e8:39:12:d5:
         19:59:64:e0:04:42:86:41:96:ec:44:3f:ac:61:43:3a:50:59:
         e9:89:9f:cc:45:c5:28:f6:dc:20:15:59:73:c8:b3:81:e3:63:
         3d:36:59:c9:4f:3e:f3:75:79:13:cc:0d:84:cb:2f:9a:f0:93:
         e0:9a:fb:45:d9:80:79:19:c8:d0:7a:1e:e8:9a:d6:aa:f2:b1:
         94:13:36:73:0f:2b:6f:ff:78:f7:fa:29:04:31:1e:56:40:aa:
         e8:0f:27:1d:30:71:53:f4:6f:9a:57:b2:d9:38:b5:8e:aa:a4:
         22:70:5c:94:c7:a3:ab:04:55:68:2f:b0:6c:60:1c:cb:37:e8:
         81:43:5c:01:2d:b4:71:8a:cd:00:e2:53:db:fe:47:e5:8e:b7:
         44:5f:c5:41:a4:47:c5:08:12:16:c0:55:67:ea:cd:f1:c5:d5:
         43:31:df:b6:96:e6:19:2c:d6:ab:cf:ee:83:fb:41:51:e4:c8:
         ac:dc:10:11:23:a6:83:b1:bb:87:f7:45:18:67:9d:b6:f7:35:
         a2:92:6e:64:bc:ae:20:a3:6d:91:ef:de:02:6c:e9:5d:7e:b4:
         1b:da:fa:3d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ6C08tPj27iBz4rNrymYLislz78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzA4MDIxMTAxNDFaFw0yNDA3MzExMTA2NDFaMDMxMTAvBgNV
BAMTKDZDMUZBQTMxOERENjZDQjhCOUUxMzYxNTI2QUQ5QkNFQzIzNzA5QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLFJBKon3OL2xFX2YqTPLiPvjT
FMCwTxnl28ypm58RivwXn7WL4tI6kvM1ly/pFxUWd/J7FlwN4xgD97oRGQ64TsQQ
nQwKA34YVOs8j+PrR3M9awsSeiLl0i6yjxtzZcM7m4hWJFz18iL0NFtrynygzX3x
s8DYTYXrDCJbVXn+aXwSIviP7ygfa/8+AfX1yJO+tPyOwXc7ktjCOA00wTqI1RfM
MoaEDS4ZCdKH3tuN8Mnoi4GjWv5ctI5T8nQPbWANrqpvGJOPfKDdzVQf7iY81wJI
hjpnRtLxRNfKcoIOI6FVr8SAb15FF2htMd3IRSDp9rPC9otr1Nja2tdKr71jAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbB+qMY3WbLi54TYVJq2bzsI3CcEwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzNzMxMmUzMjMyMmUzNzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzkzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKsW
TTANBgkqhkiG9w0BAQsFAAOCAQEAOHLECZeSrUaolcJNQgzcqoI9tdD69r4eeNzd
u2UZzyfoORLVGVlk4ARChkGW7EQ/rGFDOlBZ6YmfzEXFKPbcIBVZc8izgeNjPTZZ
yU8+83V5E8wNhMsvmvCT4Jr7RdmAeRnI0Hoe6JrWqvKxlBM2cw8rb/949/opBDEe
VkCq6A8nHTBxU/Rvmley2Ti1jqqkInBclMejqwRVaC+wbGAcyzfogUNcAS20cYrN
AOJT2/5H5Y63RF/FQaRHxQgSFsBVZ+rN8cXVQzHftpbmGSzWq8/ug/tBUeTIrNwQ
ESOmg7G7h/dFGGedtvc1opJuZLyuIKNtke/eAmzpXX60G9r6PQ==
-----END CERTIFICATE-----