Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3131322e302f32312d3332203d3e203531313637.roa
File:                     3139382e372e3131322e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          b1Tl3vOc1s+754ase1ly5tlRFl6pPJXamDSNFK0Ftgk=
Subject key identifier:   24:D2:1C:D9:96:0C:3E:3B:BB:76:1F:12:7C:5C:2C:65:13:31:34:F0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       20705F92A456168EF3BCCCC074CCB9B692A698B7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3131322e302f32312d3332203d3e203531313637.roa
Signing time:             Wed 12 Jun 2024 10:15:32 +0000
ROA not before:           Wed 12 Jun 2024 10:10:32 +0000
ROA not after:            Wed 11 Jun 2025 10:15:32 +0000
asID:                     51167
IP address blocks:        198.7.112.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:70:5f:92:a4:56:16:8e:f3:bc:cc:c0:74:cc:b9:b6:92:a6:98:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 12 10:10:32 2024 GMT
            Not After : Jun 11 10:15:32 2025 GMT
        Subject: CN=24D21CD9960C3E3BBB761F127C5C2C65133134F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:59:3d:70:3c:7e:dc:22:19:e7:39:e0:23:d3:
                    48:ea:50:15:96:92:91:c6:e9:60:41:ac:63:e3:f6:
                    7f:03:45:35:a9:14:34:f4:dd:2e:34:bf:64:99:ec:
                    a0:92:54:be:21:7b:07:7c:80:34:b4:3a:d5:67:87:
                    1c:24:ee:e4:31:b3:e4:b5:78:d8:a0:19:28:f6:8a:
                    2a:e5:bf:91:8d:0c:a7:ed:68:94:a2:27:11:67:46:
                    00:7c:da:32:1e:ea:fd:e3:f9:9d:e7:d2:bc:c8:60:
                    08:f7:d8:cb:46:6a:dc:62:c9:97:c8:57:df:fb:00:
                    51:93:d4:86:88:b4:c0:39:b8:fa:3a:6c:12:12:78:
                    3e:29:26:c9:4f:64:7e:ff:33:50:fb:13:60:3c:78:
                    b8:bb:aa:26:30:a0:21:5f:0f:ef:b1:7b:de:fa:dd:
                    cc:5b:d0:e8:c1:f4:fc:ea:46:f4:4d:cf:f1:0a:fe:
                    5e:50:8b:51:5e:78:64:51:35:3b:32:56:4b:62:73:
                    7f:5c:6d:09:58:3b:2a:cc:9b:8f:17:30:a8:72:8f:
                    a5:26:6f:a4:6f:84:40:00:4e:f8:64:40:14:a2:38:
                    0a:b7:69:8e:60:ad:24:dd:3a:a3:37:ed:3c:6f:76:
                    1e:3b:bd:c1:56:78:32:c4:96:29:1a:6f:21:f2:99:
                    ae:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D2:1C:D9:96:0C:3E:3B:BB:76:1F:12:7C:5C:2C:65:13:31:34:F0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3131322e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.7.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3e:52:eb:d4:86:7a:2f:dd:03:6e:ee:db:fe:40:c7:e0:76:c1:
         8c:e5:f1:73:2f:9d:d8:2a:b5:b4:f3:26:87:86:55:76:fe:eb:
         4e:9d:b0:9e:ed:6a:59:ae:a8:26:9e:a8:34:e4:76:a9:95:6b:
         7e:f2:dc:4a:8a:d7:81:ab:da:49:98:a3:63:fd:b2:5e:3b:55:
         ad:a2:3d:11:68:69:c5:57:5e:8e:f7:1a:1a:83:5b:51:0c:75:
         8b:e0:42:2d:dc:4c:23:28:78:df:86:ed:2b:28:3d:c8:e6:30:
         2b:e0:9a:a1:74:ea:83:2a:47:3c:48:78:48:f5:e8:1e:77:4f:
         5f:11:90:89:5c:82:67:04:2d:60:f6:f3:c1:38:44:3f:41:ba:
         48:a4:b9:12:c2:4f:87:81:dc:1f:e6:0d:f0:ad:81:7d:6f:d3:
         91:65:65:5c:57:70:fe:42:98:58:36:22:8b:0f:04:80:3c:16:
         e7:6f:e5:e8:74:48:75:3c:54:3f:62:8d:a0:d3:a3:bc:5f:71:
         ae:ef:32:55:35:17:d4:81:8e:a8:8d:c2:61:da:cb:32:b5:fc:
         50:f8:61:19:18:e3:d1:9f:0d:5d:10:f1:e6:af:26:5b:a5:11:
         f1:a3:2e:e7:3b:87:cd:bb:9b:04:9e:58:69:70:68:5c:57:e3:
         03:f3:3e:65
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIHBfkqRWFo7zvMzAdMy5tpKmmLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTIxMDEwMzJaFw0yNTA2MTExMDE1MzJaMDMxMTAvBgNV
BAMTKDI0RDIxQ0Q5OTYwQzNFM0JCQjc2MUYxMjdDNUMyQzY1MTMzMTM0RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDWT1wPH7cIhnnOeAj00jqUBWW
kpHG6WBBrGPj9n8DRTWpFDT03S40v2SZ7KCSVL4hewd8gDS0OtVnhxwk7uQxs+S1
eNigGSj2iirlv5GNDKftaJSiJxFnRgB82jIe6v3j+Z3n0rzIYAj32MtGatxiyZfI
V9/7AFGT1IaItMA5uPo6bBISeD4pJslPZH7/M1D7E2A8eLi7qiYwoCFfD++xe976
3cxb0OjB9PzqRvRNz/EK/l5Qi1FeeGRRNTsyVktic39cbQlYOyrMm48XMKhyj6Um
b6RvhEAATvhkQBSiOAq3aY5grSTdOqM37Txvdh47vcFWeDLElikabyHyma5RAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJNIc2ZYMPju7dh8SfFwsZRMxNPAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM4MmUzNzJlMzEzMTMy
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA8YH
cDANBgkqhkiG9w0BAQsFAAOCAQEAPlLr1IZ6L90Dbu7b/kDH4HbBjOXxcy+d2Cq1
tPMmh4ZVdv7rTp2wnu1qWa6oJp6oNOR2qZVrfvLcSorXgavaSZijY/2yXjtVraI9
EWhpxVdejvcaGoNbUQx1i+BCLdxMIyh434btKyg9yOYwK+CaoXTqgypHPEh4SPXo
HndPXxGQiVyCZwQtYPbzwThEP0G6SKS5EsJPh4HcH+YN8K2BfW/TkWVlXFdw/kKY
WDYiiw8EgDwW52/l6HRIdTxUP2KNoNOjvF9xru8yVTUX1IGOqI3CYdrLMrX8UPhh
GRjj0Z8NXRDx5q8mW6UR8aMu5zuHzbubBJ5YaXBoXFfjA/M+ZQ==
-----END CERTIFICATE-----