Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e3233372e3234302e302f32312d3332203d3e203531313637.roa
File:                     37372e3233372e3234302e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          vgRqK9jlzWuaT5QhWA3w+UNydu1ZVlYVamXZG7eYKWU=
Subject key identifier:   29:11:B6:6A:11:E5:EB:D7:A2:E1:6C:EC:9F:37:E6:F6:A4:9C:D3:66
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5331258CCB13E84F7ABF0AFB69D61A93E63F083F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e3233372e3234302e302f32312d3332203d3e203531313637.roa
Signing time:             Tue 09 Apr 2024 07:25:28 +0000
ROA not before:           Tue 09 Apr 2024 07:20:28 +0000
ROA not after:            Tue 08 Apr 2025 07:25:28 +0000
asID:                     51167
IP address blocks:        77.237.240.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:31:25:8c:cb:13:e8:4f:7a:bf:0a:fb:69:d6:1a:93:e6:3f:08:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  9 07:20:28 2024 GMT
            Not After : Apr  8 07:25:28 2025 GMT
        Subject: CN=2911B66A11E5EBD7A2E16CEC9F37E6F6A49CD366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a7:67:8c:25:90:d0:12:d2:d4:b2:1f:6b:78:
                    62:1e:5f:9b:fb:46:46:81:11:86:36:53:0f:23:a8:
                    c8:6d:73:4e:4c:ec:7f:2b:77:12:f3:fb:bc:47:d5:
                    74:cc:e9:87:02:de:07:1e:30:32:af:5f:1d:45:e3:
                    71:39:6e:f9:18:bb:8b:81:d3:da:c2:15:38:24:41:
                    09:bf:30:e5:53:d7:3e:96:34:bf:01:81:e8:d3:96:
                    67:08:7e:11:95:cf:23:5f:41:13:9a:31:3b:e9:ca:
                    d4:27:21:2f:c1:bf:f2:d8:88:89:55:d9:60:cd:db:
                    5b:fe:e1:90:2a:4a:b7:a4:ba:54:f3:54:b4:5c:9c:
                    9d:4b:71:03:44:e6:d2:a0:4e:ea:41:c4:31:62:ee:
                    96:e3:df:1c:08:93:66:bf:36:e4:8e:2c:92:34:76:
                    db:ce:ef:06:d4:43:68:27:22:c9:19:36:36:bd:33:
                    21:bc:1c:9a:9b:2a:c9:25:0e:1a:73:d5:46:99:fa:
                    1a:a6:43:09:2d:17:cf:0d:5c:77:49:2f:82:b6:1c:
                    26:e9:3b:f5:a2:c6:d9:4e:24:8b:1c:94:89:d2:10:
                    9b:98:b9:8f:f8:78:ce:82:0a:3b:d2:7b:68:6d:7e:
                    99:80:a5:41:ac:be:03:d2:3e:e6:e0:6b:f1:08:5d:
                    9c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:11:B6:6A:11:E5:EB:D7:A2:E1:6C:EC:9F:37:E6:F6:A4:9C:D3:66
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e3233372e3234302e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.237.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1a:d8:26:20:e6:9c:34:b3:47:68:82:fb:36:1d:9f:46:81:ee:
         23:d2:de:6b:83:0b:73:22:20:a4:95:34:c5:a0:94:ef:d2:61:
         c2:25:d8:44:77:cb:59:ce:fd:c5:64:26:e4:10:37:0b:2f:dc:
         ac:76:a1:cb:9f:22:43:8e:77:85:58:e9:c7:28:e3:ac:64:22:
         ba:13:f5:4d:e6:22:11:a4:aa:33:fd:8f:ea:83:1a:69:4c:0a:
         62:4c:28:ef:5e:8c:59:c7:cc:e8:92:1b:06:66:44:53:cb:7f:
         8e:f9:c1:29:b5:ee:ef:98:ff:da:80:ca:1c:43:04:cf:ec:c1:
         ce:ff:5c:ca:cb:26:db:78:a4:59:36:25:03:0d:fd:76:11:c0:
         31:da:d1:81:9a:10:36:b7:ce:2c:a8:81:c4:7b:58:68:c1:d0:
         95:a4:d2:3f:cc:aa:02:c2:80:d8:29:0a:70:b9:5a:47:d0:38:
         8b:43:fe:94:25:50:83:4f:d2:c2:4e:fe:db:73:d4:7b:fd:f0:
         77:6d:e5:26:3e:14:55:a9:da:d0:38:cc:a3:0e:4f:01:5e:74:
         9a:07:77:32:77:fc:e5:36:a0:6f:6b:f9:b4:97:dd:80:37:7b:
         49:2c:08:35:f2:44:6e:14:83:ca:d1:22:34:80:46:25:98:c2:
         db:6e:58:cd
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUUzEljMsT6E96vwr7adYak+Y/CD8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA0MDkwNzIwMjhaFw0yNTA0MDgwNzI1MjhaMDMxMTAvBgNV
BAMTKDI5MTFCNjZBMTFFNUVCRDdBMkUxNkNFQzlGMzdFNkY2QTQ5Q0QzNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChp2eMJZDQEtLUsh9reGIeX5v7
RkaBEYY2Uw8jqMhtc05M7H8rdxLz+7xH1XTM6YcC3gceMDKvXx1F43E5bvkYu4uB
09rCFTgkQQm/MOVT1z6WNL8BgejTlmcIfhGVzyNfQROaMTvpytQnIS/Bv/LYiIlV
2WDN21v+4ZAqSrekulTzVLRcnJ1LcQNE5tKgTupBxDFi7pbj3xwIk2a/NuSOLJI0
dtvO7wbUQ2gnIskZNja9MyG8HJqbKsklDhpz1UaZ+hqmQwktF88NXHdJL4K2HCbp
O/WixtlOJIsclInSEJuYuY/4eM6CCjvSe2htfpmApUGsvgPSPubga/EIXZyFAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUKRG2ahHl69ei4Wzsnzfm9qSc02YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzczNzJlMzIzMzM3MmUzMjM0
MzAyZTMwMmYzMjMxMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD
Te3wMA0GCSqGSIb3DQEBCwUAA4IBAQAa2CYg5pw0s0dogvs2HZ9Gge4j0t5rgwtz
IiCklTTFoJTv0mHCJdhEd8tZzv3FZCbkEDcLL9ysdqHLnyJDjneFWOnHKOOsZCK6
E/VN5iIRpKoz/Y/qgxppTApiTCjvXoxZx8zokhsGZkRTy3+O+cEpte7vmP/agMoc
QwTP7MHO/1zKyybbeKRZNiUDDf12EcAx2tGBmhA2t84sqIHEe1howdCVpNI/zKoC
woDYKQpwuVpH0DiLQ/6UJVCDT9LCTv7bc9R7/fB3beUmPhRVqdrQOMyjDk8BXnSa
B3cyd/zlNqBva/m0l92AN3tJLAg18kRuFIPK0SI0gEYlmMLbbljN
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:29:14 2024 by rpki-client on console-ams.rpki-client.org