Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3131322e302f32312d3332203d3e203531313637.roa
File:                     3139382e372e3131322e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          PoPk+XjlrZj+AdOl1+ADuvZ6d8ueqrr0Hobk4JZT6B8=
Subject key identifier:   33:69:50:20:8A:2E:0F:2D:F9:BF:35:9E:E2:FF:23:3F:4B:DF:A6:F9
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7CF6F62ED46D2B741AE47BAC040A76BACD539AC4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3131322e302f32312d3332203d3e203531313637.roa
Signing time:             Wed 14 May 2025 10:46:15 +0000
ROA not before:           Wed 14 May 2025 10:41:15 +0000
ROA not after:            Wed 13 May 2026 10:46:15 +0000
asID:                     51167
IP address blocks:        198.7.112.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 17:19:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f6:f6:2e:d4:6d:2b:74:1a:e4:7b:ac:04:0a:76:ba:cd:53:9a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 14 10:41:15 2025 GMT
            Not After : May 13 10:46:15 2026 GMT
        Subject: CN=336950208A2E0F2DF9BF359EE2FF233F4BDFA6F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:04:11:1c:c7:3b:59:b6:e3:12:aa:90:7b:7d:
                    4c:23:dc:cf:0e:d7:aa:42:9d:1e:08:ee:5a:5d:22:
                    11:68:58:63:bb:35:6e:71:66:57:4c:ac:b7:d4:8c:
                    3e:e6:1e:31:df:00:06:70:55:87:2f:b0:42:94:6d:
                    b4:a0:7d:0c:06:ff:12:2e:6a:4d:59:fb:f4:f2:14:
                    a2:7b:a8:2c:13:e0:b6:e8:e3:fd:5d:e7:63:cb:59:
                    1d:5d:c9:fc:db:24:ed:7d:f0:6d:12:1d:c7:84:2c:
                    6e:07:9c:bf:6f:b1:2e:c6:a1:08:35:69:91:27:ad:
                    77:fa:b4:a9:9b:58:73:f9:0e:76:5d:79:16:38:fb:
                    29:db:0a:3c:28:50:55:40:c6:42:23:9a:d4:2b:cb:
                    5a:15:b3:ee:64:9c:6c:ea:14:55:96:7e:e6:df:84:
                    c6:a0:c8:a8:92:7b:e8:71:f9:cd:7d:2e:42:ed:2c:
                    e3:1d:c0:3e:13:1d:e1:2d:0c:72:82:7d:53:20:54:
                    92:27:b1:64:10:7b:98:8b:76:cb:4b:cc:80:21:e0:
                    92:02:c8:d7:50:51:ca:09:9b:4b:c9:56:3c:33:99:
                    fc:4c:06:ac:dc:3d:95:b1:3c:6d:a2:86:dc:c1:a0:
                    86:2a:30:80:01:2c:75:a0:a8:fe:09:b1:81:4f:2d:
                    06:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:69:50:20:8A:2E:0F:2D:F9:BF:35:9E:E2:FF:23:3F:4B:DF:A6:F9
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3131322e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.7.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:90:d2:6f:00:25:2c:fc:b7:66:7a:bf:19:5f:41:14:a5:a4:
         01:41:7c:95:ec:4d:72:55:98:59:3d:24:a0:7f:7b:bf:55:7f:
         4c:00:42:10:14:78:9c:fb:3c:f6:dc:a2:a8:3f:37:73:3c:58:
         80:51:cc:0e:49:5b:1a:44:e4:bc:fa:17:e3:18:eb:5b:1d:ed:
         9b:e0:3b:05:6e:43:0f:08:dc:05:3e:55:3b:e3:19:b9:04:02:
         9e:5a:72:39:26:1d:59:12:79:ef:72:29:e0:ae:61:1a:49:83:
         90:1d:da:7d:cb:cc:b9:dd:26:88:5c:3d:ea:4d:4d:03:8b:08:
         d6:e7:ad:c2:49:95:7d:99:b8:23:07:18:2e:4a:4a:e7:87:41:
         50:45:de:f2:f8:c0:32:1f:c3:5f:44:67:9a:62:1b:0b:b6:85:
         47:ba:5d:46:97:9d:f8:ef:bd:da:7b:97:77:ec:9b:fd:bc:76:
         e3:4d:db:0c:0b:91:e1:46:76:22:8f:0c:25:2f:7a:b6:cc:3c:
         ce:bd:33:99:f6:b5:32:44:26:2f:06:38:3a:da:ee:ac:6e:6a:
         42:78:0a:18:f6:88:2d:8f:9c:3a:b8:14:7c:5f:ca:31:fe:0d:
         74:57:a2:b5:2e:40:34:46:fb:f5:0c:83:85:6d:19:8e:4b:26:
         18:85:f7:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfPb2LtRtK3Qa5HusBAp2us1TmsQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTQxMDQxMTVaFw0yNjA1MTMxMDQ2MTVaMDMxMTAvBgNV
BAMTKDMzNjk1MDIwOEEyRTBGMkRGOUJGMzU5RUUyRkYyMzNGNEJERkE2RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6BBEcxztZtuMSqpB7fUwj3M8O
16pCnR4I7lpdIhFoWGO7NW5xZldMrLfUjD7mHjHfAAZwVYcvsEKUbbSgfQwG/xIu
ak1Z+/TyFKJ7qCwT4Lbo4/1d52PLWR1dyfzbJO198G0SHceELG4HnL9vsS7GoQg1
aZEnrXf6tKmbWHP5DnZdeRY4+ynbCjwoUFVAxkIjmtQry1oVs+5knGzqFFWWfubf
hMagyKiSe+hx+c19LkLtLOMdwD4THeEtDHKCfVMgVJInsWQQe5iLdstLzIAh4JIC
yNdQUcoJm0vJVjwzmfxMBqzcPZWxPG2ihtzBoIYqMIABLHWgqP4JsYFPLQahAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUM2lQIIouDy35vzWe4v8jP0vfpvkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM4MmUzNzJlMzEzMTMy
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA8YH
cDANBgkqhkiG9w0BAQsFAAOCAQEAlZDSbwAlLPy3Znq/GV9BFKWkAUF8lexNclWY
WT0koH97v1V/TABCEBR4nPs89tyiqD83czxYgFHMDklbGkTkvPoX4xjrWx3tm+A7
BW5DDwjcBT5VO+MZuQQCnlpyOSYdWRJ573Ip4K5hGkmDkB3afcvMud0miFw96k1N
A4sI1uetwkmVfZm4IwcYLkpK54dBUEXe8vjAMh/DX0RnmmIbC7aFR7pdRped+O+9
2nuXd+yb/bx2403bDAuR4UZ2Io8MJS96tsw8zr0zmfa1MkQmLwY4OtrurG5qQngK
GPaILY+cOrgUfF/KMf4NdFeitS5ANEb79QyDhW0ZjksmGIX31g==
-----END CERTIFICATE-----