Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3132302e302f32312d3332203d3e203531313637.roa
File:                     3139382e372e3132302e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          XceijGXHU4QfFFBwo7bwPmHV2nNBm86qO3AD/gtcjNU=
Subject key identifier:   39:11:19:E0:56:14:4F:AF:CA:A2:1F:1A:AB:07:C7:C3:24:FC:2A:0E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       09EA2513AACE1A81D8A92F5E4096DE9CC5404818
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3132302e302f32312d3332203d3e203531313637.roa
Signing time:             Wed 12 Jun 2024 10:15:53 +0000
ROA not before:           Wed 12 Jun 2024 10:10:53 +0000
ROA not after:            Wed 11 Jun 2025 10:15:53 +0000
asID:                     51167
IP address blocks:        198.7.120.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:ea:25:13:aa:ce:1a:81:d8:a9:2f:5e:40:96:de:9c:c5:40:48:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 12 10:10:53 2024 GMT
            Not After : Jun 11 10:15:53 2025 GMT
        Subject: CN=391119E056144FAFCAA21F1AAB07C7C324FC2A0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:48:4e:37:57:cf:a5:82:b0:3a:32:04:44:89:
                    b3:08:a6:aa:bb:c8:a7:1a:ac:78:6d:16:58:60:91:
                    ff:7a:7e:09:3c:b4:e4:98:aa:79:03:34:00:94:9e:
                    4c:35:37:c3:21:36:be:15:ce:31:21:81:c9:96:4e:
                    57:d7:f2:21:2f:d7:b3:bb:a1:42:53:5c:9d:46:37:
                    6d:8f:1b:9e:ad:5f:a8:49:8b:c9:ff:cc:af:a0:c8:
                    83:6c:c9:26:d4:4e:f4:12:55:0e:d4:08:39:b0:06:
                    ef:9a:63:e8:11:b1:af:26:10:67:28:d0:5c:98:98:
                    72:f3:d6:91:46:50:3f:d8:71:d9:99:d3:68:82:22:
                    40:87:2c:be:5b:18:39:4b:cc:1a:1d:7a:48:44:ce:
                    a5:13:43:ac:36:f9:f7:c3:99:3f:1e:02:9b:c1:6b:
                    ab:62:ae:ad:0c:cb:d0:5b:b9:36:82:b7:53:a5:8d:
                    b5:45:be:71:e7:ce:af:48:79:3d:49:fa:09:f9:d0:
                    a2:a9:39:9c:54:e2:7b:b6:cd:c4:92:e3:82:78:61:
                    61:d4:b6:1a:b5:c2:38:9c:b3:8b:cd:91:59:3a:b8:
                    b1:2d:d7:85:04:6f:1c:a7:bf:c5:91:54:2e:8e:c6:
                    41:03:e5:79:eb:a4:5b:72:70:53:f0:24:c5:62:8d:
                    50:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:11:19:E0:56:14:4F:AF:CA:A2:1F:1A:AB:07:C7:C3:24:FC:2A:0E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139382e372e3132302e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.7.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3a:74:78:42:32:03:67:58:a8:5c:86:48:5a:6f:de:0f:68:42:
         6c:9b:4d:a0:45:48:bb:59:87:ba:92:10:7e:30:48:35:23:54:
         b4:c0:b6:6e:74:1c:e8:9f:4f:74:60:7d:b7:b0:39:a5:93:18:
         d0:dd:76:ce:a0:1c:49:e5:0b:6e:39:18:56:12:91:86:f3:8b:
         df:53:ac:ef:45:ad:1e:fa:96:ba:bc:76:bc:c7:f1:4f:d8:d5:
         c3:09:95:13:ea:b9:18:f3:af:d7:d1:18:87:9b:72:78:54:c6:
         ca:5a:4b:62:be:30:e9:18:f1:3b:05:a4:fd:5d:2b:eb:23:0c:
         47:b2:dc:44:4c:78:9a:48:33:f2:40:f3:db:f7:d6:66:e9:4b:
         77:e9:59:06:bc:b0:85:0f:70:0c:95:24:4b:cc:f2:72:23:c0:
         6f:29:9e:b8:53:81:aa:e8:d7:34:78:1c:b9:da:d7:b8:ad:d6:
         9b:8d:d0:30:78:90:fe:55:39:5b:2a:4b:f9:88:07:ad:e1:62:
         8c:b4:8f:68:94:31:80:2b:6e:57:98:bb:c8:64:5f:45:85:c3:
         63:fc:09:32:35:dc:f8:b4:0f:bc:14:58:59:eb:f9:bc:45:b7:
         25:53:43:ef:87:12:8d:2e:39:d6:bc:5c:c6:7a:40:eb:32:08:
         ff:69:04:9f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCeolE6rOGoHYqS9eQJbenMVASBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTIxMDEwNTNaFw0yNTA2MTExMDE1NTNaMDMxMTAvBgNV
BAMTKDM5MTExOUUwNTYxNDRGQUZDQUEyMUYxQUFCMDdDN0MzMjRGQzJBMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNSE43V8+lgrA6MgREibMIpqq7
yKcarHhtFlhgkf96fgk8tOSYqnkDNACUnkw1N8MhNr4VzjEhgcmWTlfX8iEv17O7
oUJTXJ1GN22PG56tX6hJi8n/zK+gyINsySbUTvQSVQ7UCDmwBu+aY+gRsa8mEGco
0FyYmHLz1pFGUD/YcdmZ02iCIkCHLL5bGDlLzBodekhEzqUTQ6w2+ffDmT8eApvB
a6tirq0My9BbuTaCt1OljbVFvnHnzq9IeT1J+gn50KKpOZxU4nu2zcSS44J4YWHU
thq1wjics4vNkVk6uLEt14UEbxynv8WRVC6OxkED5XnrpFtycFPwJMVijVD1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUOREZ4FYUT6/Koh8aqwfHwyT8Kg4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM4MmUzNzJlMzEzMjMw
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA8YH
eDANBgkqhkiG9w0BAQsFAAOCAQEAOnR4QjIDZ1ioXIZIWm/eD2hCbJtNoEVIu1mH
upIQfjBINSNUtMC2bnQc6J9PdGB9t7A5pZMY0N12zqAcSeULbjkYVhKRhvOL31Os
70WtHvqWurx2vMfxT9jVwwmVE+q5GPOv19EYh5tyeFTGylpLYr4w6RjxOwWk/V0r
6yMMR7LcREx4mkgz8kDz2/fWZulLd+lZBrywhQ9wDJUkS8zyciPAbymeuFOBqujX
NHgcudrXuK3Wm43QMHiQ/lU5WypL+YgHreFijLSPaJQxgCtuV5i7yGRfRYXDY/wJ
MjXc+LQPvBRYWev5vEW3JVND74cSjS451rxcxnpA6zII/2kEnw==
-----END CERTIFICATE-----