Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e3233372e3233322e302f32312d3332203d3e203531313637.roa
File:                     37372e3233372e3233322e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          sFptBmZr1uZvBlSCMKYGOrcmJKonjbsoxYVr+3iGKFc=
Subject key identifier:   2E:59:52:39:CD:11:56:9A:38:6D:E5:A2:4B:14:0B:54:5A:73:2F:C2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       31F5DBEB99E88B7DF57699F2BDB755B7125C0D78
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e3233372e3233322e302f32312d3332203d3e203531313637.roa
Signing time:             Tue 09 Apr 2024 07:25:13 +0000
ROA not before:           Tue 09 Apr 2024 07:20:13 +0000
ROA not after:            Tue 08 Apr 2025 07:25:13 +0000
asID:                     51167
IP address blocks:        77.237.232.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:f5:db:eb:99:e8:8b:7d:f5:76:99:f2:bd:b7:55:b7:12:5c:0d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  9 07:20:13 2024 GMT
            Not After : Apr  8 07:25:13 2025 GMT
        Subject: CN=2E595239CD11569A386DE5A24B140B545A732FC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:5b:3f:fd:c2:6f:75:e3:ce:36:2f:d5:a1:de:
                    a6:83:b0:06:df:be:af:6c:22:17:ac:7b:80:6e:5c:
                    65:77:32:e5:80:d1:7e:4d:c5:53:03:61:47:f3:70:
                    04:73:6e:63:cb:90:9d:2c:d9:92:3a:55:50:8c:73:
                    7b:19:ae:39:ee:79:bf:7b:0f:91:ef:98:8f:9f:6b:
                    01:a5:d2:21:0d:7b:de:fa:49:22:ee:0f:dc:00:e3:
                    f7:8d:f3:9b:2b:54:48:25:69:40:34:82:00:ff:3c:
                    40:a0:4e:38:42:6d:9b:e6:71:08:ae:4a:5c:e3:39:
                    94:c4:38:94:69:59:6c:82:3b:e1:a8:02:02:fe:28:
                    ad:48:18:a1:62:42:e6:9b:24:0e:1f:db:7a:36:0a:
                    55:4c:6a:d3:5c:ff:e9:1a:95:d5:18:7a:a9:83:81:
                    71:53:ed:8a:8b:e8:00:44:d4:72:83:74:b0:9c:da:
                    6e:72:8c:7c:44:d3:d3:68:d0:b5:ee:9a:a7:76:69:
                    85:bc:6d:0a:d1:22:01:82:12:5e:95:85:20:39:84:
                    48:3f:5d:8c:47:18:00:2d:96:65:04:48:32:b6:bf:
                    85:1d:8e:d3:9d:52:a0:26:5a:45:4e:e9:b7:41:c2:
                    8f:5b:67:d6:fe:ab:64:b3:a9:f6:24:3e:51:fe:e4:
                    10:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:59:52:39:CD:11:56:9A:38:6D:E5:A2:4B:14:0B:54:5A:73:2F:C2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e3233372e3233322e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.237.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         88:4f:be:7b:51:15:45:e2:a5:36:18:19:28:94:dc:4e:de:0c:
         92:17:74:30:7c:e2:76:79:0d:69:26:4f:9c:83:86:7f:74:be:
         a7:4a:e2:2c:c6:fa:16:cc:65:70:16:e7:92:1e:9f:72:11:f1:
         ee:12:9a:37:05:03:cc:a8:3a:5a:15:e3:12:b6:05:84:f1:15:
         06:52:11:0a:7a:eb:09:d0:b4:ca:e6:0f:47:37:d7:10:07:ef:
         f6:b4:95:eb:f9:be:0f:10:16:5e:7c:71:b8:2b:7f:b6:51:b0:
         31:a2:02:ba:37:23:6f:d3:f1:95:7d:93:88:ad:c9:51:b8:c2:
         db:2e:ad:ec:95:79:f1:54:5c:4a:a7:18:c2:da:c3:6f:66:ce:
         8b:47:14:a0:f8:7c:a5:e9:fe:cd:69:ec:66:6c:82:9c:49:b3:
         84:2d:52:3f:7a:5c:6c:41:25:5d:1b:d6:c7:45:b8:44:db:44:
         0b:07:97:0e:02:b9:73:15:9e:a2:a6:f8:43:7d:67:e6:e0:ea:
         b3:77:55:42:4d:88:d6:f2:e6:7f:08:03:69:92:9c:58:e4:3f:
         0a:df:53:62:61:e1:02:24:76:fd:c3:cd:bc:db:dc:3f:de:7d:
         db:ba:1e:4c:42:cc:c4:25:4c:98:3b:b8:36:90:17:0b:94:f5:
         0e:80:59:ae
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUMfXb65noi331dpnyvbdVtxJcDXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA0MDkwNzIwMTNaFw0yNTA0MDgwNzI1MTNaMDMxMTAvBgNV
BAMTKDJFNTk1MjM5Q0QxMTU2OUEzODZERTVBMjRCMTQwQjU0NUE3MzJGQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfWz/9wm914842L9Wh3qaDsAbf
vq9sIhese4BuXGV3MuWA0X5NxVMDYUfzcARzbmPLkJ0s2ZI6VVCMc3sZrjnueb97
D5HvmI+fawGl0iENe976SSLuD9wA4/eN85srVEglaUA0ggD/PECgTjhCbZvmcQiu
SlzjOZTEOJRpWWyCO+GoAgL+KK1IGKFiQuabJA4f23o2ClVMatNc/+kaldUYeqmD
gXFT7YqL6ABE1HKDdLCc2m5yjHxE09No0LXumqd2aYW8bQrRIgGCEl6VhSA5hEg/
XYxHGAAtlmUESDK2v4UdjtOdUqAmWkVO6bdBwo9bZ9b+q2SzqfYkPlH+5BCXAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQULllSOc0RVpo4beWiSxQLVFpzL8IwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzczNzJlMzIzMzM3MmUzMjMz
MzIyZTMwMmYzMjMxMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD
Te3oMA0GCSqGSIb3DQEBCwUAA4IBAQCIT757URVF4qU2GBkolNxO3gySF3QwfOJ2
eQ1pJk+cg4Z/dL6nSuIsxvoWzGVwFueSHp9yEfHuEpo3BQPMqDpaFeMStgWE8RUG
UhEKeusJ0LTK5g9HN9cQB+/2tJXr+b4PEBZefHG4K3+2UbAxogK6NyNv0/GVfZOI
rclRuMLbLq3slXnxVFxKpxjC2sNvZs6LRxSg+Hyl6f7NaexmbIKcSbOELVI/elxs
QSVdG9bHRbhE20QLB5cOArlzFZ6ipvhDfWfm4Oqzd1VCTYjW8uZ/CANpkpxY5D8K
31NiYeECJHb9w82829w/3n3buh5MQszEJUyYO7g2kBcLlPUOgFmu
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:29:14 2024 by rpki-client on console-ams.rpki-client.org