Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e32342e302f32312d3332203d3e203531313637.roa
File:                     3135362e36372e32342e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          E2jV536IBqbGm5unU6xC6myPlCqqmsloRRwm+qEKVww=
Subject key identifier:   F1:A4:6F:FD:B3:BD:E3:41:8A:22:C2:9B:37:98:0B:16:EC:58:40:FC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       340BEC0076CD5E2C581914685A26BCAA66C86A27
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e32342e302f32312d3332203d3e203531313637.roa
Signing time:             Tue 11 Mar 2025 07:45:52 +0000
ROA not before:           Tue 11 Mar 2025 07:40:52 +0000
ROA not after:            Tue 10 Mar 2026 07:45:52 +0000
asID:                     51167
IP address blocks:        156.67.24.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 15:34:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:0b:ec:00:76:cd:5e:2c:58:19:14:68:5a:26:bc:aa:66:c8:6a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 11 07:40:52 2025 GMT
            Not After : Mar 10 07:45:52 2026 GMT
        Subject: CN=F1A46FFDB3BDE3418A22C29B37980B16EC5840FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:f6:cb:a5:33:d1:03:e7:7e:28:86:fd:5d:f2:
                    7d:38:88:4b:a7:d8:50:4a:e5:ae:1b:00:e4:f8:8c:
                    eb:29:80:c0:33:02:87:1e:93:bd:21:30:01:f0:b5:
                    82:e4:b5:1d:0c:f3:7a:c1:3a:06:4f:23:c0:10:8c:
                    b7:0a:b3:64:f3:30:23:58:7a:6d:01:94:c7:ee:44:
                    38:0e:b5:93:d7:a8:20:0d:f2:7a:6b:61:a4:60:d4:
                    f8:c4:46:cc:10:d6:a5:e8:a5:51:e4:bd:2b:a7:f1:
                    67:59:d4:cb:72:88:0a:7d:a7:0e:a1:ab:8d:f1:88:
                    a0:e4:71:f2:c3:f2:68:f9:e3:07:45:72:76:04:66:
                    68:98:18:43:ee:7e:20:08:80:1c:49:89:b0:de:84:
                    7d:8f:08:1c:a4:5e:75:03:15:3c:e0:24:1b:2f:f8:
                    25:ac:c0:57:ef:7f:bc:fd:9b:72:c9:bf:08:6d:bd:
                    b6:2e:8c:bb:fa:02:07:f5:2e:1b:6d:e0:d0:87:d3:
                    6d:69:d6:ea:06:19:2c:13:4b:04:13:f1:c7:a2:d5:
                    6d:27:62:f0:9c:ed:13:db:8c:7d:84:91:a9:28:99:
                    b7:6f:ed:5a:9f:00:22:8c:aa:d5:8b:c2:ab:95:76:
                    d7:8c:36:14:14:5c:44:6e:0c:fd:be:c1:ff:31:8a:
                    4e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A4:6F:FD:B3:BD:E3:41:8A:22:C2:9B:37:98:0B:16:EC:58:40:FC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135362e36372e32342e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.67.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:3d:29:2b:0e:7c:f0:02:52:3d:a6:42:82:03:82:b9:de:29:
         1a:63:b1:74:e8:bd:a5:92:4f:bb:a7:4f:5d:db:4f:8a:5a:ce:
         40:65:c8:e8:55:da:ab:87:c3:6b:c2:5b:95:6f:21:3f:fd:3d:
         95:d3:a0:1f:86:27:f8:08:25:78:73:dc:81:5a:c7:ae:e7:b4:
         73:3e:a3:fa:58:95:a0:72:6f:1f:3c:9f:50:ff:19:73:bb:c4:
         24:ab:fc:a6:a3:22:e6:0b:8e:7e:0e:a9:e3:7d:f0:4c:5a:da:
         39:ee:10:12:73:74:27:83:08:dc:7b:24:b5:5c:00:66:c9:54:
         c6:08:0e:e9:d7:05:03:b8:81:50:65:65:1f:41:b7:0e:71:46:
         f9:6b:41:97:2b:32:98:49:40:86:77:1b:23:60:cd:67:ea:51:
         9f:e0:0e:cf:07:67:7e:16:c7:d4:28:8f:4b:fd:2b:68:98:e4:
         22:d8:5a:a8:5f:b5:c7:d7:8d:a2:c8:cd:9e:00:f4:0a:7e:5a:
         63:87:db:21:ea:6b:f1:4c:12:da:ac:f5:9f:bb:a8:d5:4a:ff:
         53:7b:e3:b6:e1:0e:22:f7:7e:4e:f1:1e:a2:aa:e6:17:aa:a5:
         27:6f:d8:c2:f8:ca:35:fc:7e:1e:54:a6:b2:8d:70:96:e0:b0:
         82:50:7c:aa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNAvsAHbNXixYGRRoWia8qmbIaicwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAzMTEwNzQwNTJaFw0yNjAzMTAwNzQ1NTJaMDMxMTAvBgNV
BAMTKEYxQTQ2RkZEQjNCREUzNDE4QTIyQzI5QjM3OTgwQjE2RUM1ODQwRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm9sulM9ED534ohv1d8n04iEun
2FBK5a4bAOT4jOspgMAzAocek70hMAHwtYLktR0M83rBOgZPI8AQjLcKs2TzMCNY
em0BlMfuRDgOtZPXqCAN8nprYaRg1PjERswQ1qXopVHkvSun8WdZ1MtyiAp9pw6h
q43xiKDkcfLD8mj54wdFcnYEZmiYGEPufiAIgBxJibDehH2PCBykXnUDFTzgJBsv
+CWswFfvf7z9m3LJvwhtvbYujLv6Agf1Lhtt4NCH021p1uoGGSwTSwQT8cei1W0n
YvCc7RPbjH2Ekakombdv7VqfACKMqtWLwquVdteMNhQUXERuDP2+wf8xik73AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8aRv/bO940GKIsKbN5gLFuxYQPwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM2MmUzNjM3MmUzMjM0
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA5xD
GDANBgkqhkiG9w0BAQsFAAOCAQEAUj0pKw588AJSPaZCggOCud4pGmOxdOi9pZJP
u6dPXdtPilrOQGXI6FXaq4fDa8JblW8hP/09ldOgH4Yn+AgleHPcgVrHrue0cz6j
+liVoHJvHzyfUP8Zc7vEJKv8pqMi5guOfg6p433wTFraOe4QEnN0J4MI3HsktVwA
ZslUxggO6dcFA7iBUGVlH0G3DnFG+WtBlysymElAhncbI2DNZ+pRn+AOzwdnfhbH
1CiPS/0raJjkIthaqF+1x9eNosjNngD0Cn5aY4fbIepr8UwS2qz1n7uo1Ur/U3vj
tuEOIvd+TvEeoqrmF6qlJ2/YwvjKNfx+HlSmso1wluCwglB8qg==
-----END CERTIFICATE-----