Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e37362e302f32322d3234203d3e203437353833.roa
File:                     3231372e32312e37362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          poUflIi6VfCxjSvdchAQCRmKcV5pJZVNxtQ1JutzdFw=
Subject key identifier:   6D:74:3E:1C:A7:C3:8D:5E:EF:88:6F:42:8B:27:F8:C1:07:BE:C6:58
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0C3248219D2FF9D650514E47FCC2A5DE1960B9CA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e37362e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:12 +0000
ROA not before:           Mon 26 Feb 2024 08:48:12 +0000
ROA not after:            Mon 24 Feb 2025 08:53:12 +0000
asID:                     47583
IP address blocks:        217.21.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:32:48:21:9d:2f:f9:d6:50:51:4e:47:fc:c2:a5:de:19:60:b9:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:12 2024 GMT
            Not After : Feb 24 08:53:12 2025 GMT
        Subject: CN=6D743E1CA7C38D5EEF886F428B27F8C107BEC658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:54:34:bd:d3:37:44:6f:2f:15:52:d1:3e:
                    7b:1e:4a:92:b0:a6:12:b0:e2:61:30:2b:84:d9:46:
                    ac:81:1d:22:f8:23:90:c9:fb:66:71:14:ec:14:e6:
                    a5:f6:4f:fc:5c:10:0b:a8:8c:f1:c6:74:5b:5d:11:
                    0a:da:aa:b5:8e:68:56:d3:76:ff:5f:b6:70:0e:f6:
                    16:a8:1b:38:83:dc:61:6d:d7:6a:ad:21:e8:bb:3b:
                    90:30:b6:b2:ce:90:38:2d:02:e1:2e:77:63:e5:15:
                    9d:d6:52:2f:c6:1b:44:0b:77:03:12:0a:3b:ff:06:
                    dc:8c:d6:92:46:a6:ec:77:83:fc:8f:e1:6f:cf:f7:
                    fc:c9:e1:61:04:b2:63:9d:80:1d:11:a8:10:55:14:
                    7e:97:53:d0:09:e7:81:86:d1:19:00:3e:a0:03:0e:
                    9f:15:6b:e4:04:af:68:a2:e5:2e:3f:32:59:a0:97:
                    76:84:a6:a4:6a:8d:37:11:0c:c0:25:84:ad:c8:80:
                    0d:af:53:53:94:a4:3f:6e:d6:42:c0:76:0b:2f:6c:
                    72:bc:c3:21:e3:07:35:65:bb:25:33:15:1a:c0:0e:
                    b1:30:98:6e:d2:f0:e0:dd:49:19:0f:15:7c:e2:3d:
                    23:f4:66:ff:99:10:84:14:ca:4b:e4:34:38:2a:37:
                    21:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:74:3E:1C:A7:C3:8D:5E:EF:88:6F:42:8B:27:F8:C1:07:BE:C6:58
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e37362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.21.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:35:71:ae:b0:aa:15:b8:4a:67:66:c7:9e:38:b7:5c:72:eb:
         81:91:f2:80:1b:0e:0c:1f:3f:04:8e:47:be:66:5e:48:41:70:
         a3:42:dd:59:cf:65:29:d4:36:ec:f0:a7:c2:b2:9b:71:f3:09:
         cb:e5:6a:5f:7c:00:23:1c:7c:50:75:91:ba:f1:72:51:c4:28:
         23:88:81:e5:2d:c5:ea:ac:59:d8:11:4e:92:f8:3a:0f:a9:29:
         ca:b0:4f:ba:40:c1:ff:de:4b:35:ba:96:60:05:54:c7:6d:bc:
         58:bb:f1:c8:8a:e8:0b:1c:7b:a2:bb:c2:6b:c3:f1:c5:af:a3:
         82:21:06:43:00:29:e6:e9:1e:5f:50:04:7c:7d:a7:63:c3:67:
         0f:73:76:87:2d:62:67:7d:63:db:35:84:f3:cc:3d:ad:4d:ce:
         c1:02:03:e4:6a:8e:25:a1:01:07:93:6e:9d:ef:7b:2e:ce:ba:
         d2:52:30:1b:55:f6:81:28:5b:60:62:b8:27:bd:3e:8c:24:fa:
         cc:fe:cd:95:ef:d0:f5:8c:f7:82:59:fe:f6:4d:80:e6:f0:44:
         8f:22:0d:e7:35:d1:58:b5:95:46:1a:89:70:73:2f:47:c2:29:
         db:5e:27:97:66:c0:1f:34:bf:d3:96:1d:ad:c9:9f:bf:8e:4a:
         f9:d4:c5:62
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDDJIIZ0v+dZQUU5H/MKl3hlgucowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTJaFw0yNTAyMjQwODUzMTJaMDMxMTAvBgNV
BAMTKDZENzQzRTFDQTdDMzhENUVFRjg4NkY0MjhCMjdGOEMxMDdCRUM2NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7R1Q0vdM3RG8vFVLRPnseSpKw
phKw4mEwK4TZRqyBHSL4I5DJ+2ZxFOwU5qX2T/xcEAuojPHGdFtdEQraqrWOaFbT
dv9ftnAO9haoGziD3GFt12qtIei7O5AwtrLOkDgtAuEud2PlFZ3WUi/GG0QLdwMS
Cjv/BtyM1pJGpux3g/yP4W/P9/zJ4WEEsmOdgB0RqBBVFH6XU9AJ54GG0RkAPqAD
Dp8Va+QEr2ii5S4/Mlmgl3aEpqRqjTcRDMAlhK3IgA2vU1OUpD9u1kLAdgsvbHK8
wyHjBzVluyUzFRrADrEwmG7S8ODdSRkPFXziPSP0Zv+ZEIQUykvkNDgqNyFTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbXQ+HKfDjV7viG9Ciyf4wQe+xlgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMmUzNzM2
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtkV
TDANBgkqhkiG9w0BAQsFAAOCAQEAjjVxrrCqFbhKZ2bHnji3XHLrgZHygBsODB8/
BI5HvmZeSEFwo0LdWc9lKdQ27PCnwrKbcfMJy+VqX3wAIxx8UHWRuvFyUcQoI4iB
5S3F6qxZ2BFOkvg6D6kpyrBPukDB/95LNbqWYAVUx228WLvxyIroCxx7orvCa8Px
xa+jgiEGQwAp5ukeX1AEfH2nY8NnD3N2hy1iZ31j2zWE88w9rU3OwQID5GqOJaEB
B5Nune97Ls660lIwG1X2gShbYGK4J70+jCT6zP7Nle/Q9Yz3gln+9k2A5vBEjyIN
5zXRWLWVRhqJcHMvR8Ip214nl2bAHzS/05Ydrcmfv45K+dTFYg==
-----END CERTIFICATE-----