Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37302e302f32342d3234203d3e20323039383534.roa
File:                     37372e37382e37302e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier:          G3MNAF4LmDy4W12qTS0D9D69R9bd3poK+Ino5yZ8Eh8=
Subject key identifier:   CF:ED:88:DB:67:97:DC:42:EF:63:EE:3C:A2:00:F9:9B:6C:6A:76:98
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       30365C560821FF2CE8E3699C85D3840160D8D4FB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37302e302f32342d3234203d3e20323039383534.roa
Signing time:             Wed 20 Mar 2024 08:22:30 +0000
ROA not before:           Wed 20 Mar 2024 08:17:30 +0000
ROA not after:            Wed 19 Mar 2025 08:22:30 +0000
asID:                     209854
IP address blocks:        77.78.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:54:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:36:5c:56:08:21:ff:2c:e8:e3:69:9c:85:d3:84:01:60:d8:d4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 20 08:17:30 2024 GMT
            Not After : Mar 19 08:22:30 2025 GMT
        Subject: CN=CFED88DB6797DC42EF63EE3CA200F99B6C6A7698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b9:bc:19:4e:84:0a:91:ce:11:96:c5:61:85:
                    53:64:65:1e:2e:c4:4f:20:c2:fe:b7:25:93:81:95:
                    b0:54:f0:65:5a:26:a9:09:52:bf:9f:2e:67:2e:bd:
                    c4:11:00:eb:06:b7:99:b5:6e:45:3d:4b:40:c4:8b:
                    ef:37:ee:0b:cd:7a:b9:86:8f:94:ca:09:14:44:81:
                    a9:2f:d9:32:70:9b:82:85:cf:c9:35:60:a4:c5:97:
                    0e:1e:83:0b:e8:64:13:6d:de:79:f5:cf:d0:78:e4:
                    d2:0c:df:ff:18:12:fd:d8:c3:82:a7:f3:f3:76:57:
                    b6:be:4b:00:47:12:2c:f3:3a:23:93:18:7d:ee:9d:
                    e5:a7:a1:76:96:1b:ba:8f:74:99:e8:7c:8b:31:d2:
                    ac:09:bd:df:32:5b:fd:d9:90:9b:7c:2a:c1:0e:09:
                    9c:05:83:ae:92:82:1d:d9:ff:b5:ec:2b:48:15:bf:
                    25:65:e6:4c:91:69:f6:62:f6:08:be:55:96:a5:f6:
                    2c:1d:68:57:50:5c:d0:b7:9d:b8:07:24:56:04:77:
                    ac:47:5a:ab:6e:53:d1:97:57:f8:05:8d:aa:b1:a4:
                    36:90:07:99:33:6b:ff:45:da:34:6f:3f:c7:a5:d0:
                    ef:d0:f5:93:1a:5e:0a:f2:91:c1:92:52:de:9b:ee:
                    c4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:ED:88:DB:67:97:DC:42:EF:63:EE:3C:A2:00:F9:9B:6C:6A:76:98
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37302e302f32342d3234203d3e20323039383534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:74:63:b2:e8:db:20:04:bd:a3:82:04:8d:10:72:33:f2:9e:
         3c:86:24:33:3b:92:76:60:30:5f:f1:89:12:f9:6c:21:c6:85:
         48:d8:5b:a7:76:d6:59:1d:14:f1:61:5e:52:e0:cf:cf:ce:00:
         5d:61:42:73:64:8d:5c:13:c8:f8:51:44:f6:4b:19:1a:bb:cd:
         0b:09:e6:b3:44:e5:7a:08:00:6f:a1:65:10:69:c8:b6:79:b2:
         ed:3c:b5:6c:af:8e:07:29:b9:36:76:62:a4:0d:9f:2a:db:81:
         76:3c:73:22:fa:8b:68:5e:70:82:36:aa:eb:92:9d:e2:42:71:
         8f:56:a7:d3:f6:04:5b:51:f5:de:84:bf:29:73:e5:65:90:b7:
         19:65:2a:1c:cf:8b:aa:05:91:b8:83:2d:e3:be:7e:5d:a6:bf:
         d5:d0:c5:24:61:96:cf:7b:18:85:3f:c9:66:da:31:1e:38:33:
         b8:ee:66:9a:77:91:06:ad:ee:9a:e0:e2:4e:f8:f6:84:6e:97:
         11:42:d9:5d:2f:1a:3d:62:49:f3:a2:c8:ea:d2:1d:07:81:f3:
         88:f3:79:68:50:b7:b8:68:c2:55:1e:a6:e0:d2:e5:c4:fc:af:
         11:0d:5d:4c:0f:47:2e:c7:ff:09:79:15:5b:5a:c8:d9:5f:e1:
         c7:17:0d:04
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMDZcVggh/yzo42mchdOEAWDY1PswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMjAwODE3MzBaFw0yNTAzMTkwODIyMzBaMDMxMTAvBgNV
BAMTKENGRUQ4OERCNjc5N0RDNDJFRjYzRUUzQ0EyMDBGOTlCNkM2QTc2OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIubwZToQKkc4RlsVhhVNkZR4u
xE8gwv63JZOBlbBU8GVaJqkJUr+fLmcuvcQRAOsGt5m1bkU9S0DEi+837gvNermG
j5TKCRREgakv2TJwm4KFz8k1YKTFlw4egwvoZBNt3nn1z9B45NIM3/8YEv3Yw4Kn
8/N2V7a+SwBHEizzOiOTGH3uneWnoXaWG7qPdJnofIsx0qwJvd8yW/3ZkJt8KsEO
CZwFg66Sgh3Z/7XsK0gVvyVl5kyRafZi9gi+VZal9iwdaFdQXNC3nbgHJFYEd6xH
WqtuU9GXV/gFjaqxpDaQB5kza/9F2jRvP8el0O/Q9ZMaXgrykcGSUt6b7sTTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUz+2I22eX3ELvY+48ogD5m2xqdpgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzczNzJlMzczODJlMzczMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1O
RjANBgkqhkiG9w0BAQsFAAOCAQEAN3RjsujbIAS9o4IEjRByM/KePIYkMzuSdmAw
X/GJEvlsIcaFSNhbp3bWWR0U8WFeUuDPz84AXWFCc2SNXBPI+FFE9ksZGrvNCwnm
s0TleggAb6FlEGnItnmy7Ty1bK+OBym5NnZipA2fKtuBdjxzIvqLaF5wgjaq65Kd
4kJxj1an0/YEW1H13oS/KXPlZZC3GWUqHM+LqgWRuIMt475+Xaa/1dDFJGGWz3sY
hT/JZtoxHjgzuO5mmneRBq3umuDiTvj2hG6XEULZXS8aPWJJ86LI6tIdB4HziPN5
aFC3uGjCVR6m4NLlxPyvEQ1dTA9HLsf/CXkVW1rI2V/hxxcNBA==
-----END CERTIFICATE-----