Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e20333936303733.roa
File:                     3137312e32322e37382e302f32342d3234203d3e20333936303733.roa (raw, json)
Hash identifier:          OK4nxjPIHdN/WkoajVJ/rWRpqYmudwowGO+SXUxharo=
Subject key identifier:   B8:C0:A8:8E:AF:7A:18:01:57:4B:0E:D5:7A:7B:23:27:6A:6F:85:18
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       08C5ECD2FF781F8A1585F961B03BC95C36FCFA79
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e20333936303733.roa
Signing time:             Wed 21 Feb 2024 19:05:12 +0000
ROA not before:           Wed 21 Feb 2024 19:00:12 +0000
ROA not after:            Wed 19 Feb 2025 19:05:12 +0000
asID:                     396073
IP address blocks:        171.22.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:c5:ec:d2:ff:78:1f:8a:15:85:f9:61:b0:3b:c9:5c:36:fc:fa:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:12 2024 GMT
            Not After : Feb 19 19:05:12 2025 GMT
        Subject: CN=B8C0A88EAF7A1801574B0ED57A7B23276A6F8518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cf:4c:ca:f5:96:6f:19:32:2f:9c:6e:c7:7c:
                    67:02:64:93:0f:38:86:c4:ba:be:19:36:8e:66:0c:
                    1e:ea:0c:62:dd:6b:87:12:a9:0c:86:e7:68:1f:53:
                    02:44:29:79:fb:a9:01:70:e5:03:1b:aa:f1:97:0b:
                    cf:98:3d:e6:c8:88:14:ce:59:d2:0d:6c:65:07:6b:
                    83:c6:b4:c5:b7:8e:20:2c:b5:29:7e:31:5a:5f:07:
                    79:b8:6b:21:3d:1d:2b:ca:27:bb:5b:cb:bf:3c:45:
                    84:75:fe:f1:76:1c:2b:bd:a9:53:9d:46:08:3c:8d:
                    89:18:41:b9:4e:29:62:ab:f0:87:b3:9c:b6:2b:8b:
                    2a:d2:37:ff:ab:ef:25:a1:37:09:3d:b6:2e:25:69:
                    ca:b5:9a:f2:09:3a:4a:38:c5:f2:48:cf:f7:dc:9f:
                    81:23:87:5b:18:4e:e6:6b:af:50:91:1a:4f:8c:b2:
                    4d:11:91:92:10:f9:63:0d:de:29:2f:e1:61:5b:86:
                    ea:25:19:3e:ef:78:9a:8a:3a:5e:ec:8a:81:57:a8:
                    e0:84:d2:4a:f9:e0:23:49:ef:4d:db:41:55:59:5b:
                    c4:10:c8:10:42:72:77:1c:a5:b0:06:71:20:08:93:
                    f0:8d:42:db:e4:da:a3:b0:a8:d9:e5:b8:39:13:08:
                    6e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:C0:A8:8E:AF:7A:18:01:57:4B:0E:D5:7A:7B:23:27:6A:6F:85:18
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e20333936303733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:b7:8f:c0:d8:47:86:fd:12:ba:06:55:c2:0d:f1:e7:b0:d2:
         d0:ef:1d:b4:a2:2d:13:85:57:a1:34:65:98:6f:1f:b1:a9:5c:
         9f:e1:83:dd:64:84:7e:d5:2f:66:9b:1c:2f:73:14:68:c0:02:
         36:25:52:b8:6d:ae:8f:62:2f:53:82:a9:19:3e:9b:c5:df:84:
         f7:9b:a9:88:cc:80:13:93:f8:a5:e4:d1:b8:24:b6:ad:2e:57:
         be:34:4c:ce:c9:fb:28:48:d0:96:d0:7d:16:b3:05:da:e1:62:
         b8:72:32:ee:46:69:0f:dc:5d:aa:72:b2:72:17:cc:0a:56:76:
         55:85:55:da:8f:27:cb:f7:31:a9:f6:d9:bf:7e:1b:72:ad:32:
         3c:66:41:15:00:46:a1:91:71:be:9c:e3:46:6d:74:59:92:70:
         1c:c9:aa:78:07:45:ec:b6:bb:30:bd:98:0c:f3:96:ad:d5:27:
         28:35:31:74:c5:68:16:c7:65:6e:99:23:2b:9e:cc:d0:31:70:
         0b:4c:60:e1:c4:cb:b9:1e:79:15:f2:94:0b:a2:26:d1:bb:d1:
         83:a1:d2:3f:81:ef:b5:f1:e9:5c:fa:a2:25:8e:ef:cf:e7:46:
         2d:f4:1c:9b:0e:08:6d:13:a2:65:5e:32:78:ff:9c:7d:1d:bb:
         a9:83:d2:d0
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUCMXs0v94H4oVhflhsDvJXDb8+nkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTJaFw0yNTAyMTkxOTA1MTJaMDMxMTAvBgNV
BAMTKEI4QzBBODhFQUY3QTE4MDE1NzRCMEVENTdBN0IyMzI3NkE2Rjg1MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFz0zK9ZZvGTIvnG7HfGcCZJMP
OIbEur4ZNo5mDB7qDGLda4cSqQyG52gfUwJEKXn7qQFw5QMbqvGXC8+YPebIiBTO
WdINbGUHa4PGtMW3jiAstSl+MVpfB3m4ayE9HSvKJ7tby788RYR1/vF2HCu9qVOd
Rgg8jYkYQblOKWKr8IeznLYriyrSN/+r7yWhNwk9ti4lacq1mvIJOko4xfJIz/fc
n4Ejh1sYTuZrr1CRGk+Msk0RkZIQ+WMN3ikv4WFbhuolGT7veJqKOl7sioFXqOCE
0kr54CNJ703bQVVZW8QQyBBCcnccpbAGcSAIk/CNQtvk2qOwqNnluDkTCG7dAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUuMCojq96GAFXSw7VensjJ2pvhRgwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzNzMxMmUzMjMyMmUzNzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzOTM2MzAzNzMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
qxZOMA0GCSqGSIb3DQEBCwUAA4IBAQAPt4/A2EeG/RK6BlXCDfHnsNLQ7x20oi0T
hVehNGWYbx+xqVyf4YPdZIR+1S9mmxwvcxRowAI2JVK4ba6PYi9TgqkZPpvF34T3
m6mIzIATk/il5NG4JLatLle+NEzOyfsoSNCW0H0WswXa4WK4cjLuRmkP3F2qcrJy
F8wKVnZVhVXajyfL9zGp9tm/fhtyrTI8ZkEVAEahkXG+nONGbXRZknAcyap4B0Xs
trswvZgM85at1ScoNTF0xWgWx2VumSMrnszQMXALTGDhxMu5HnkV8pQLoibRu9GD
odI/ge+18elc+qIlju/P50Yt9BybDghtE6JlXjJ4/5x9Hbupg9LQ
-----END CERTIFICATE-----
Generated at Thu Nov 21 14:22:20 2024 by rpki-client on console-ams.rpki-client.org