Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e38302e302f32302d3234203d3e203437353833.roa
File:                     3231372e32312e38302e302f32302d3234203d3e203437353833.roa (raw, json)
Hash identifier:          SAAXFcCuvsYOa6zbiE6WyKpLocQ1t83SLY2gEv1QS+A=
Subject key identifier:   29:FB:71:2C:A5:36:B0:47:FA:FA:64:D0:25:81:63:5B:47:A5:F6:C7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5929C66CB687784110069C426F2BD93BF1BF4A44
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e38302e302f32302d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:45:12 +0000
ROA not before:           Mon 27 Jan 2025 09:40:12 +0000
ROA not after:            Mon 26 Jan 2026 09:45:12 +0000
asID:                     47583
IP address blocks:        217.21.80.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:29:c6:6c:b6:87:78:41:10:06:9c:42:6f:2b:d9:3b:f1:bf:4a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:12 2025 GMT
            Not After : Jan 26 09:45:12 2026 GMT
        Subject: CN=29FB712CA536B047FAFA64D02581635B47A5F6C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:31:25:ca:55:ba:54:df:5f:92:a7:ee:33:0e:
                    6c:0c:c2:92:9b:f5:b3:e3:99:09:2c:a0:94:e1:da:
                    9e:71:29:60:dc:bc:bc:55:ba:a4:89:d0:79:56:95:
                    9e:1e:bd:37:e0:75:cf:82:a9:24:a4:ee:1b:52:e3:
                    a0:c0:29:a4:b2:d7:d4:f2:5f:ac:69:40:51:e3:f8:
                    a5:40:d3:ca:20:18:f7:49:76:ce:0f:3b:77:a2:ae:
                    3c:39:f4:0f:64:4f:f7:78:8d:d4:02:d9:0f:50:db:
                    29:a9:bc:2d:8e:b0:a1:8f:eb:3a:c6:91:7c:6a:cd:
                    ce:bb:47:17:01:64:e5:2a:81:0d:cf:5d:9e:d1:01:
                    93:8f:51:53:b6:1c:ae:05:52:b7:08:27:81:48:c1:
                    a0:03:6e:28:90:79:18:5e:25:79:83:40:53:76:b4:
                    d9:d2:bb:f5:4f:2a:cb:cd:41:48:95:6e:7b:bb:35:
                    fa:58:90:ae:75:13:bb:79:ee:86:55:03:86:ad:87:
                    e6:9e:cb:54:0e:31:cb:78:af:28:aa:b3:7a:09:a3:
                    9a:52:69:7f:62:af:a0:03:8d:e1:04:a6:09:98:32:
                    54:d5:3d:ed:ce:1c:cf:90:0c:fb:21:8a:4a:6a:89:
                    09:f0:ae:f0:58:9d:37:7f:cb:f6:8c:28:fa:ea:ed:
                    c7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FB:71:2C:A5:36:B0:47:FA:FA:64:D0:25:81:63:5B:47:A5:F6:C7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e32312e38302e302f32302d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.21.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         30:30:b6:0e:29:ba:1b:98:e4:cf:2f:67:22:fe:af:3f:d9:38:
         27:65:d3:41:3d:7e:b7:a0:e3:d2:4d:b4:92:c5:45:9a:b2:fe:
         94:f6:27:b0:95:1f:94:74:c7:a5:a9:6d:54:19:01:f1:bc:18:
         b4:80:6e:25:83:41:00:86:57:b3:42:27:74:f0:ab:fa:75:71:
         14:1d:64:c7:43:9c:25:1e:75:52:65:85:8f:73:af:9d:89:33:
         01:b4:32:93:9e:d9:3d:a9:91:a8:a8:53:ea:10:4c:01:f7:61:
         4c:08:00:d9:3e:17:0b:fe:ce:23:71:d6:84:3a:fa:f1:96:90:
         5e:3f:57:8f:da:6d:94:12:44:61:96:2e:28:bb:9d:b4:35:68:
         b2:58:50:1e:55:b3:00:bf:76:de:2d:a6:f0:3c:51:c0:44:86:
         bd:e2:04:14:81:02:ba:28:49:e8:4d:5e:25:d5:97:d3:55:fa:
         52:5b:02:a4:43:2c:13:7e:22:7d:97:9f:af:fc:ad:8b:56:12:
         d0:75:11:52:dd:0a:a0:e8:43:23:c4:80:ed:00:ba:a4:73:1f:
         e4:13:73:14:c6:de:90:e8:f1:88:cc:e9:f0:80:20:15:c7:f7:
         92:8d:93:4c:53:7e:1c:b4:64:43:ba:5c:3a:2b:68:eb:90:c3:
         48:dd:31:50
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWSnGbLaHeEEQBpxCbyvZO/G/SkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMTJaFw0yNjAxMjYwOTQ1MTJaMDMxMTAvBgNV
BAMTKDI5RkI3MTJDQTUzNkIwNDdGQUZBNjREMDI1ODE2MzVCNDdBNUY2QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MSXKVbpU31+Sp+4zDmwMwpKb
9bPjmQksoJTh2p5xKWDcvLxVuqSJ0HlWlZ4evTfgdc+CqSSk7htS46DAKaSy19Ty
X6xpQFHj+KVA08ogGPdJds4PO3eirjw59A9kT/d4jdQC2Q9Q2ympvC2OsKGP6zrG
kXxqzc67RxcBZOUqgQ3PXZ7RAZOPUVO2HK4FUrcIJ4FIwaADbiiQeRheJXmDQFN2
tNnSu/VPKsvNQUiVbnu7NfpYkK51E7t57oZVA4ath+aey1QOMct4ryiqs3oJo5pS
aX9ir6ADjeEEpgmYMlTVPe3OHM+QDPshikpqiQnwrvBYnTd/y/aMKPrq7ccVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKftxLKU2sEf6+mTQJYFjW0el9scwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMmUzODMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNkV
UDANBgkqhkiG9w0BAQsFAAOCAQEAMDC2Dim6G5jkzy9nIv6vP9k4J2XTQT1+t6Dj
0k20ksVFmrL+lPYnsJUflHTHpaltVBkB8bwYtIBuJYNBAIZXs0IndPCr+nVxFB1k
x0OcJR51UmWFj3OvnYkzAbQyk57ZPamRqKhT6hBMAfdhTAgA2T4XC/7OI3HWhDr6
8ZaQXj9Xj9ptlBJEYZYuKLudtDVoslhQHlWzAL923i2m8DxRwESGveIEFIECuihJ
6E1eJdWX01X6UlsCpEMsE34ifZefr/yti1YS0HURUt0KoOhDI8SA7QC6pHMf5BNz
FMbekOjxiMzp8IAgFcf3ko2TTFN+HLRkQ7pcOito65DDSN0xUA==
-----END CERTIFICATE-----