Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3137362e3132362e36362e302f32342d3234203d3e2037393739.roa
File:                     3137362e3132362e36362e302f32342d3234203d3e2037393739.roa (raw, json)
Hash identifier:          +g39uNbpWFJKQ7l7CnAxjWZYbG0/w3AlgmoBb7VJ0TA=
Subject key identifier:   DD:0C:6F:A4:F6:0A:F5:FA:33:23:C7:8D:81:B5:0A:20:D7:37:0B:8A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0B995EB9C212A688CE71B287BD18166694D7FB96
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3137362e3132362e36362e302f32342d3234203d3e2037393739.roa
Signing time:             Mon 27 Jan 2025 09:45:14 +0000
ROA not before:           Mon 27 Jan 2025 09:40:14 +0000
ROA not after:            Mon 26 Jan 2026 09:45:14 +0000
asID:                     7979
IP address blocks:        176.126.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:99:5e:b9:c2:12:a6:88:ce:71:b2:87:bd:18:16:66:94:d7:fb:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:14 2025 GMT
            Not After : Jan 26 09:45:14 2026 GMT
        Subject: CN=DD0C6FA4F60AF5FA3323C78D81B50A20D7370B8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c6:8c:f0:c8:76:8e:14:e4:34:18:1e:f6:dc:
                    b2:07:77:b6:4f:e7:22:25:a0:77:96:37:99:6b:d0:
                    9d:bd:3d:70:f1:b2:7e:0d:1c:3c:69:98:ce:fc:d6:
                    03:e6:1d:2e:8a:3c:bf:de:8e:b4:b4:be:3e:2a:22:
                    ea:1a:51:d0:21:e4:c7:b6:83:e0:72:eb:1b:49:d4:
                    22:86:42:b3:79:5f:85:b3:7f:47:1c:80:0d:76:91:
                    a6:0b:3f:f6:74:f5:d0:71:63:9e:f7:a3:d1:ba:81:
                    14:6f:05:79:8a:ce:6d:a2:db:4e:79:e0:4c:83:9d:
                    19:02:34:80:62:bf:9f:7d:8e:50:ca:6d:8a:d5:6c:
                    d1:75:a3:59:30:a7:46:12:ca:ac:6a:97:60:d7:a3:
                    71:30:36:91:c6:f1:bf:02:b2:a6:8d:70:73:30:4a:
                    c9:eb:05:e3:10:05:19:b8:ea:e5:ab:3b:31:2b:6e:
                    58:78:e2:87:fe:3b:76:b8:af:6d:36:4e:5f:05:ed:
                    21:d2:22:ee:b6:ab:00:fc:0f:6d:a8:18:88:b0:5a:
                    8c:f0:1d:c9:a8:f0:f4:66:f5:69:f9:aa:35:f7:a4:
                    f4:9e:85:8a:07:3c:71:64:44:a2:04:fc:d0:1d:1d:
                    58:b6:f0:34:3c:f5:f7:b3:e1:68:d2:a3:53:bd:80:
                    a6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0C:6F:A4:F6:0A:F5:FA:33:23:C7:8D:81:B5:0A:20:D7:37:0B:8A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3137362e3132362e36362e302f32342d3234203d3e2037393739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:97:d2:8c:6e:34:3d:ce:0d:87:26:34:d3:7d:bf:10:0b:b8:
         e0:1e:0d:38:c3:45:67:83:ab:3e:da:dc:f1:28:d9:24:7b:5e:
         08:59:c6:b8:d0:df:63:90:f8:57:69:66:24:8b:2b:98:2a:9d:
         ad:bf:6b:ab:f5:59:e7:19:ae:7c:65:27:65:02:38:a8:c4:82:
         03:cd:b8:ed:d7:67:50:5b:e6:01:ad:f4:7b:16:b2:65:ae:d1:
         b9:a3:2f:61:b3:b3:47:4d:73:bf:25:0f:19:95:be:37:20:53:
         c1:b0:a4:26:a0:3e:27:80:b1:af:58:49:8a:22:45:e7:19:9e:
         56:83:45:2c:0d:2e:ab:cc:70:de:d4:36:76:1a:df:0a:46:4d:
         39:12:02:de:d3:ea:c3:05:96:e2:33:f8:8b:6f:b0:6f:3a:a8:
         94:be:ee:e6:95:db:78:87:84:56:03:9a:3b:db:d8:09:85:9f:
         7f:b3:6d:4d:b8:d8:ed:20:df:1d:b8:72:30:36:7e:8c:c0:70:
         4b:99:4d:10:ed:77:7c:65:0e:98:f4:9d:b2:57:22:28:aa:b5:
         53:48:18:41:53:f2:16:d4:13:3a:da:47:54:d6:b6:83:47:9e:
         13:f0:5d:2e:a1:00:fd:4f:8b:43:62:41:41:3e:f0:da:3f:e3:
         f3:0e:83:0d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUC5leucISpojOcbKHvRgWZpTX+5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMTRaFw0yNjAxMjYwOTQ1MTRaMDMxMTAvBgNV
BAMTKEREMEM2RkE0RjYwQUY1RkEzMzIzQzc4RDgxQjUwQTIwRDczNzBCOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/xozwyHaOFOQ0GB723LIHd7ZP
5yIloHeWN5lr0J29PXDxsn4NHDxpmM781gPmHS6KPL/ejrS0vj4qIuoaUdAh5Me2
g+By6xtJ1CKGQrN5X4Wzf0ccgA12kaYLP/Z09dBxY573o9G6gRRvBXmKzm2i2055
4EyDnRkCNIBiv599jlDKbYrVbNF1o1kwp0YSyqxql2DXo3EwNpHG8b8CsqaNcHMw
SsnrBeMQBRm46uWrOzErblh44of+O3a4r202Tl8F7SHSIu62qwD8D22oGIiwWozw
Hcmo8PRm9Wn5qjX3pPSehYoHPHFkRKIE/NAdHVi28DQ89fez4WjSo1O9gKbjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3QxvpPYK9fozI8eNgbUKINc3C4owHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNzM2MmUzMTMyMzYyZTM2
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzM5MzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALB+
QjANBgkqhkiG9w0BAQsFAAOCAQEAI5fSjG40Pc4NhyY0032/EAu44B4NOMNFZ4Or
Ptrc8SjZJHteCFnGuNDfY5D4V2lmJIsrmCqdrb9rq/VZ5xmufGUnZQI4qMSCA824
7ddnUFvmAa30exayZa7RuaMvYbOzR01zvyUPGZW+NyBTwbCkJqA+J4Cxr1hJiiJF
5xmeVoNFLA0uq8xw3tQ2dhrfCkZNORIC3tPqwwWW4jP4i2+wbzqolL7u5pXbeIeE
VgOaO9vYCYWff7NtTbjY7SDfHbhyMDZ+jMBwS5lNEO13fGUOmPSdslciKKq1U0gY
QVPyFtQTOtpHVNa2g0eeE/BdLqEA/U+LQ2JBQT7w2j/j8w6DDQ==
-----END CERTIFICATE-----