Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37362e34382e302f32302d3332203d3e203531313637.roa
File:                     3231372e37362e34382e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          B877N2Vk4EpmlANV6M/Sbg59Bp5ULWztWOqY+kSesOs=
Subject key identifier:   37:90:A0:04:C8:1B:72:9E:85:F7:77:D7:4A:4C:40:03:72:47:BB:8E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       19AD9B0796042CBA56610799B5AF783883051515
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37362e34382e302f32302d3332203d3e203531313637.roa
Signing time:             Mon 27 Jan 2025 09:45:07 +0000
ROA not before:           Mon 27 Jan 2025 09:40:07 +0000
ROA not after:            Mon 26 Jan 2026 09:45:07 +0000
asID:                     51167
IP address blocks:        217.76.48.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:ad:9b:07:96:04:2c:ba:56:61:07:99:b5:af:78:38:83:05:15:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:07 2025 GMT
            Not After : Jan 26 09:45:07 2026 GMT
        Subject: CN=3790A004C81B729E85F777D74A4C40037247BB8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6c:d6:ce:8d:06:a3:5e:ef:e5:f5:96:e7:cf:
                    30:82:ad:b9:90:cf:a4:18:c6:ba:f4:8c:57:2d:a1:
                    d5:40:2e:8e:f7:1f:5c:4d:3f:4e:ca:9c:e6:5a:5a:
                    37:e9:7c:f5:7f:67:01:36:cc:b2:82:1a:df:74:c2:
                    3c:d7:31:7a:6e:68:6b:cf:f4:1a:0c:85:14:f0:58:
                    4c:eb:97:12:12:18:4c:2a:cc:e6:eb:7d:cb:a6:45:
                    de:e0:4b:5e:b4:06:c5:9b:c1:7e:67:96:38:0a:9b:
                    1a:60:d4:7c:f0:ea:1f:3b:4b:63:6f:74:07:d3:ab:
                    7f:64:08:68:ef:d6:05:1a:c5:b8:48:b5:da:e9:f3:
                    bc:8c:d9:90:70:ae:20:00:95:86:b5:f4:7f:c6:e7:
                    65:27:8a:fb:9e:be:3c:c2:ad:2a:c0:70:4b:15:b9:
                    91:6a:41:2c:1d:8d:40:6e:6a:af:00:f3:31:b9:88:
                    29:eb:45:00:90:6d:77:2d:61:a5:3b:7e:13:b7:24:
                    29:b4:0e:51:fd:e1:37:a2:93:be:97:91:2f:61:80:
                    cd:e8:9c:51:54:89:14:c5:c0:8b:a2:ed:23:a2:ff:
                    6e:eb:0b:bf:d8:ba:5e:9b:45:5c:93:6b:ee:a7:a4:
                    df:a0:03:0e:33:e9:ab:7a:e1:47:9c:6c:f0:46:b0:
                    d2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:90:A0:04:C8:1B:72:9E:85:F7:77:D7:4A:4C:40:03:72:47:BB:8E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37362e34382e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         95:2e:e3:a3:2e:4a:75:9a:36:9d:0b:1d:24:81:b3:7a:c1:51:
         ff:21:bc:56:3b:cd:e7:c6:02:e0:46:e5:d8:2e:7a:4f:3a:ac:
         a0:63:c6:b6:6d:ef:d6:2e:bd:c7:3b:8e:3e:df:cb:94:8e:fd:
         a7:5b:c8:6b:bd:43:97:05:c7:56:97:94:a9:b5:4a:b8:b0:c8:
         f4:10:50:0e:8c:b4:5f:7f:f8:46:a0:4e:02:70:ca:4e:47:0c:
         b5:c3:4c:25:ac:03:8d:8d:a0:6b:11:a8:15:a2:ab:99:51:99:
         30:bb:1d:cb:66:08:8d:1d:7c:b7:6e:c0:d0:f8:3c:76:c2:ef:
         74:b6:0b:6d:6c:75:9d:f4:c3:32:ef:03:6e:ce:b3:94:34:aa:
         82:c1:1c:ea:b8:53:3a:4c:f2:07:d5:ae:b5:e2:5f:36:b8:ee:
         85:96:f2:58:66:06:ea:31:bf:bf:7e:38:d4:21:31:c4:d3:da:
         c0:bd:22:3f:24:c6:bb:f8:40:b8:f0:85:68:90:7f:57:ae:08:
         25:64:65:42:05:83:b4:f6:71:50:77:b4:53:12:90:3d:f3:3e:
         9d:fd:69:ae:40:0c:2c:ee:e1:00:db:a5:7c:e6:0f:bf:62:bb:
         cb:34:9e:f1:49:40:fc:8a:d9:b1:17:e6:99:5f:76:70:a6:a1:
         f6:34:7a:83
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGa2bB5YELLpWYQeZta94OIMFFRUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMDdaFw0yNjAxMjYwOTQ1MDdaMDMxMTAvBgNV
BAMTKDM3OTBBMDA0QzgxQjcyOUU4NUY3NzdENzRBNEM0MDAzNzI0N0JCOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5bNbOjQajXu/l9ZbnzzCCrbmQ
z6QYxrr0jFctodVALo73H1xNP07KnOZaWjfpfPV/ZwE2zLKCGt90wjzXMXpuaGvP
9BoMhRTwWEzrlxISGEwqzObrfcumRd7gS160BsWbwX5nljgKmxpg1Hzw6h87S2Nv
dAfTq39kCGjv1gUaxbhItdrp87yM2ZBwriAAlYa19H/G52UnivuevjzCrSrAcEsV
uZFqQSwdjUBuaq8A8zG5iCnrRQCQbXctYaU7fhO3JCm0DlH94Teik76XkS9hgM3o
nFFUiRTFwIui7SOi/27rC7/Yul6bRVyTa+6npN+gAw4z6at64UecbPBGsNKXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUN5CgBMgbcp6F93fXSkxAA3JHu44wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzNzM2MmUzNDM4
MmUzMDJmMzIzMDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNlM
MDANBgkqhkiG9w0BAQsFAAOCAQEAlS7joy5KdZo2nQsdJIGzesFR/yG8VjvN58YC
4Ebl2C56TzqsoGPGtm3v1i69xzuOPt/LlI79p1vIa71DlwXHVpeUqbVKuLDI9BBQ
Doy0X3/4RqBOAnDKTkcMtcNMJawDjY2gaxGoFaKrmVGZMLsdy2YIjR18t27A0Pg8
dsLvdLYLbWx1nfTDMu8Dbs6zlDSqgsEc6rhTOkzyB9WuteJfNrjuhZbyWGYG6jG/
v3441CExxNPawL0iPyTGu/hAuPCFaJB/V64IJWRlQgWDtPZxUHe0UxKQPfM+nf1p
rkAMLO7hANulfOYPv2K7yzSe8UlA/IrZsRfmmV92cKah9jR6gw==
-----END CERTIFICATE-----