Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3234302e302f32302d3332203d3e203531313637.roa
File:                     33372e36302e3234302e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          4ebUua4NyasZ23PviV29Co3Y1dwZQnpmCVuhbYjaj8c=
Subject key identifier:   A8:20:36:D8:23:B9:65:19:8E:C7:CE:BE:2A:4A:B5:1D:62:3D:19:94
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       222B0B8FDA6DAC22FB685535EC898B313B45EC53
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3234302e302f32302d3332203d3e203531313637.roa
Signing time:             Thu 26 Dec 2024 10:44:34 +0000
ROA not before:           Thu 26 Dec 2024 10:39:34 +0000
ROA not after:            Thu 25 Dec 2025 10:44:34 +0000
asID:                     51167
IP address blocks:        37.60.240.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:2b:0b:8f:da:6d:ac:22:fb:68:55:35:ec:89:8b:31:3b:45:ec:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Dec 26 10:39:34 2024 GMT
            Not After : Dec 25 10:44:34 2025 GMT
        Subject: CN=A82036D823B965198EC7CEBE2A4AB51D623D1994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:67:c0:2d:3d:e2:c1:01:9e:45:7b:07:86:18:
                    3e:c5:dd:98:1e:fa:8f:ac:a5:ce:5b:c8:87:5f:dc:
                    56:d5:03:e5:97:45:69:e3:52:b2:e3:b2:c3:3a:86:
                    34:e0:c3:26:b0:45:e2:46:4c:9b:a4:13:c0:c2:e1:
                    6f:f2:34:4a:8a:13:97:2d:55:e2:75:59:4d:73:96:
                    b5:f8:62:09:76:ed:71:b7:d7:7b:c2:55:28:c7:6c:
                    fc:89:f1:5f:c1:2f:c5:6a:ea:b4:85:39:01:f2:b8:
                    a8:b3:6a:6b:22:f0:cc:55:2f:e2:bf:2c:b3:6f:ac:
                    50:a7:59:6b:0b:b0:0b:f3:05:31:0a:be:cc:2a:b6:
                    ee:a7:0e:fb:f2:cf:b4:7b:87:71:fd:4e:cb:b6:47:
                    c2:a9:8b:e2:23:26:a0:bf:99:54:a3:66:92:3e:4d:
                    7e:38:94:12:d5:a4:66:1f:e9:14:4a:fa:42:d9:52:
                    1b:62:e9:4d:d6:ee:04:b4:ce:8c:4b:2e:c3:1a:2c:
                    27:d5:c0:26:56:7a:e1:07:71:4f:a9:fa:6d:e5:31:
                    0e:72:0b:c2:cf:b2:40:d8:29:c9:32:9e:3f:3f:e9:
                    c5:2a:19:31:4d:fa:e1:b9:62:8a:f7:31:b0:67:08:
                    99:bf:0a:34:7c:b7:c9:72:c3:38:fb:d4:6e:8f:19:
                    df:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:20:36:D8:23:B9:65:19:8E:C7:CE:BE:2A:4A:B5:1D:62:3D:19:94
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33372e36302e3234302e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3b:06:31:80:81:4a:cb:16:07:44:07:40:0d:c1:22:2f:74:3c:
         91:78:7f:ba:8b:6a:f6:2d:54:f2:d5:9c:ed:78:df:1a:1b:f5:
         6a:24:ee:1b:19:b0:ca:9e:c6:3a:c8:e9:57:7c:25:35:07:02:
         6b:db:cb:90:b9:21:95:1a:08:3a:b6:8f:6e:e3:86:f7:ce:6b:
         53:8b:8d:c4:f5:3e:0b:0b:9d:81:8a:37:56:e7:bb:55:df:eb:
         a3:f5:c3:7d:77:38:05:16:36:d1:3f:9b:0d:37:f4:6b:e1:26:
         3b:0f:d7:8c:59:32:d9:9a:b2:7a:c1:a0:69:57:b2:ea:4b:f0:
         5f:44:ed:5d:80:33:1a:bd:61:83:d8:d6:a2:0b:51:bb:35:17:
         ce:04:bd:af:26:bf:3a:ed:f5:79:90:56:5e:e9:bc:45:53:08:
         a9:09:a8:83:59:f8:94:ef:80:ec:64:25:3f:29:da:89:3f:61:
         7f:88:ef:d2:e3:f8:d5:cc:49:88:d4:88:20:a3:55:a8:72:85:
         d0:7e:97:92:c2:c9:a2:2d:8f:0a:f5:56:a5:18:70:36:a0:fe:
         0c:9d:81:cd:f8:fd:52:dd:69:97:a2:09:f2:5a:5b:14:6f:85:
         be:91:15:91:25:13:3e:cc:43:e1:a3:03:52:55:1a:ce:a0:80:
         4b:25:86:7f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIisLj9ptrCL7aFU17ImLMTtF7FMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEyMjYxMDM5MzRaFw0yNTEyMjUxMDQ0MzRaMDMxMTAvBgNV
BAMTKEE4MjAzNkQ4MjNCOTY1MTk4RUM3Q0VCRTJBNEFCNTFENjIzRDE5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCZ8AtPeLBAZ5FeweGGD7F3Zge
+o+spc5byIdf3FbVA+WXRWnjUrLjssM6hjTgwyawReJGTJukE8DC4W/yNEqKE5ct
VeJ1WU1zlrX4Ygl27XG313vCVSjHbPyJ8V/BL8Vq6rSFOQHyuKizamsi8MxVL+K/
LLNvrFCnWWsLsAvzBTEKvswqtu6nDvvyz7R7h3H9Tsu2R8Kpi+IjJqC/mVSjZpI+
TX44lBLVpGYf6RRK+kLZUhti6U3W7gS0zoxLLsMaLCfVwCZWeuEHcU+p+m3lMQ5y
C8LPskDYKckynj8/6cUqGTFN+uG5Yor3MbBnCJm/CjR8t8lywzj71G6PGd87AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqCA22CO5ZRmOx86+Kkq1HWI9GZQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzNzJlMzYzMDJlMzIzNDMw
MmUzMDJmMzIzMDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBCU8
8DANBgkqhkiG9w0BAQsFAAOCAQEAOwYxgIFKyxYHRAdADcEiL3Q8kXh/uotq9i1U
8tWc7XjfGhv1aiTuGxmwyp7GOsjpV3wlNQcCa9vLkLkhlRoIOraPbuOG985rU4uN
xPU+CwudgYo3Vue7Vd/ro/XDfXc4BRY20T+bDTf0a+EmOw/XjFky2ZqyesGgaVey
6kvwX0TtXYAzGr1hg9jWogtRuzUXzgS9rya/Ou31eZBWXum8RVMIqQmog1n4lO+A
7GQlPynaiT9hf4jv0uP41cxJiNSIIKNVqHKF0H6XksLJoi2PCvVWpRhwNqD+DJ2B
zfj9Ut1pl6IJ8lpbFG+FvpEVkSUTPsxD4aMDUlUazqCASyWGfw==
-----END CERTIFICATE-----