Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3132302e302f32312d3332203d3e203531313637.roa
File:                     3139382e372e3132302e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          sLqLduBFp90arLvVHVnzZWmVxQlYV2yzZ4XmIl7I3fM=
Subject key identifier:   E5:C3:38:4F:1E:DB:23:D7:B7:15:15:46:E3:A7:1A:D3:B1:86:7B:85
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6E47A2B4ED844B971A0696B3E8AA0228828376F5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3132302e302f32312d3332203d3e203531313637.roa
Signing time:             Wed 14 May 2025 10:46:15 +0000
ROA not before:           Wed 14 May 2025 10:41:15 +0000
ROA not after:            Wed 13 May 2026 10:46:15 +0000
asID:                     51167
IP address blocks:        198.7.120.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:47:a2:b4:ed:84:4b:97:1a:06:96:b3:e8:aa:02:28:82:83:76:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 14 10:41:15 2025 GMT
            Not After : May 13 10:46:15 2026 GMT
        Subject: CN=E5C3384F1EDB23D7B7151546E3A71AD3B1867B85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6c:cd:75:6c:9d:a8:69:e5:65:a3:ea:ed:99:
                    e2:e9:84:1c:3e:93:76:3d:f6:a7:97:3c:39:ef:11:
                    4a:f0:4b:d1:41:7d:5c:03:03:59:f0:3c:06:6e:52:
                    79:ff:8f:3d:21:0f:ea:0e:cf:d4:56:5e:db:29:ac:
                    73:fa:49:56:db:82:e5:af:74:62:ed:a1:e4:07:50:
                    34:83:17:49:29:c6:e8:8c:ad:c5:f2:0f:a0:39:5b:
                    56:f0:0f:f4:b3:99:28:17:eb:ea:de:ee:f3:be:86:
                    30:f9:ea:46:f4:53:b3:15:55:50:a0:bf:5a:86:7e:
                    b7:85:66:3d:27:e2:ab:35:6d:dd:3d:d9:58:0c:a0:
                    3c:ad:3f:ba:27:15:e1:ab:bb:62:92:29:a4:6e:ff:
                    44:70:df:fe:01:41:00:16:ed:85:18:3c:37:67:88:
                    3f:59:ab:1d:05:ae:93:fd:a9:51:ee:a7:5b:03:49:
                    d2:95:df:09:0a:40:9b:b4:c7:67:1a:74:59:e4:02:
                    3d:0c:00:4d:97:6d:2f:dd:5e:a5:5e:59:d1:a6:5b:
                    c2:e1:88:e6:b0:1b:a0:f6:40:c2:5a:d4:d2:88:f5:
                    16:d8:ee:1a:cc:b4:e4:e7:37:b6:3d:f9:51:b8:d1:
                    54:ac:d2:56:04:cf:c8:a6:0f:a8:08:f4:a6:9f:a5:
                    76:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:C3:38:4F:1E:DB:23:D7:B7:15:15:46:E3:A7:1A:D3:B1:86:7B:85
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3132302e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.7.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:98:9e:ce:d2:d9:05:58:8e:ec:79:c1:67:28:78:31:4d:a0:
         dd:95:d3:54:a8:90:0b:cb:30:2e:c4:86:b1:ea:8f:aa:05:8a:
         86:50:08:1b:ad:14:62:da:55:f4:3e:ff:f6:5f:b1:10:01:fa:
         af:65:06:0e:84:94:08:ed:58:1d:4a:c0:42:23:9b:09:bb:4b:
         60:a3:cc:7c:e4:2a:32:3a:41:1c:23:8a:4c:a2:00:30:5b:17:
         3b:d9:d1:1c:a1:be:d9:54:1f:32:55:0c:36:1b:d0:d2:0f:07:
         e1:3c:0c:1a:64:3d:89:ea:1d:49:de:56:00:4f:5c:c2:eb:07:
         9d:a2:dc:ea:6b:66:0b:2a:2f:4f:a2:2e:b1:6e:79:73:4c:19:
         05:dc:0c:98:70:e0:ba:38:fa:da:44:61:3c:e7:45:d1:ec:04:
         f6:4b:39:23:53:da:73:a2:f9:2a:71:0f:bf:e3:7c:48:a8:40:
         2f:a9:0f:c3:53:d1:15:e7:a4:30:b0:d5:a3:ca:43:6f:88:e9:
         9e:4d:ab:cc:39:5d:35:66:27:21:e1:1e:dd:2f:bf:fb:80:8f:
         57:44:08:31:46:fa:f0:3a:11:e4:c7:c4:47:df:c2:1b:12:20:
         b0:64:b4:dc:d8:8d:55:af:78:32:dc:23:9e:42:2a:00:41:4d:
         66:ce:25:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbkeitO2ES5caBpaz6KoCKIKDdvUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTQxMDQxMTVaFw0yNjA1MTMxMDQ2MTVaMDMxMTAvBgNV
BAMTKEU1QzMzODRGMUVEQjIzRDdCNzE1MTU0NkUzQTcxQUQzQjE4NjdCODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMbM11bJ2oaeVlo+rtmeLphBw+
k3Y99qeXPDnvEUrwS9FBfVwDA1nwPAZuUnn/jz0hD+oOz9RWXtsprHP6SVbbguWv
dGLtoeQHUDSDF0kpxuiMrcXyD6A5W1bwD/SzmSgX6+re7vO+hjD56kb0U7MVVVCg
v1qGfreFZj0n4qs1bd092VgMoDytP7onFeGru2KSKaRu/0Rw3/4BQQAW7YUYPDdn
iD9Zqx0FrpP9qVHup1sDSdKV3wkKQJu0x2cadFnkAj0MAE2XbS/dXqVeWdGmW8Lh
iOawG6D2QMJa1NKI9RbY7hrMtOTnN7Y9+VG40VSs0lYEz8imD6gI9KafpXbtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5cM4Tx7bI9e3FRVG46ca07GGe4UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM4MmUzNzJlMzEzMjMw
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA8YH
eDANBgkqhkiG9w0BAQsFAAOCAQEAQpieztLZBViO7HnBZyh4MU2g3ZXTVKiQC8sw
LsSGseqPqgWKhlAIG60UYtpV9D7/9l+xEAH6r2UGDoSUCO1YHUrAQiObCbtLYKPM
fOQqMjpBHCOKTKIAMFsXO9nRHKG+2VQfMlUMNhvQ0g8H4TwMGmQ9ieodSd5WAE9c
wusHnaLc6mtmCyovT6IusW55c0wZBdwMmHDgujj62kRhPOdF0ewE9ks5I1Pac6L5
KnEPv+N8SKhAL6kPw1PRFeekMLDVo8pDb4jpnk2rzDldNWYnIeEe3S+/+4CPV0QI
MUb68DoR5MfER9/CGxIgsGS03NiNVa94MtwjnkIqAEFNZs4l4A==
-----END CERTIFICATE-----