Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37312e302f32342d3234203d3e20323039383534.roa
File:                     37372e37382e37312e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier:          XfrWoFOXHGSAcm3fdgNdh1qOWZTwCWbfwSnlGtFa66k=
Subject key identifier:   48:5B:64:2C:2B:C7:0F:B1:24:FF:3C:9E:97:75:F7:E0:11:89:92:DD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       17975894E2765D2F9BFC0531D0DDBE2D03BAB0FB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37312e302f32342d3234203d3e20323039383534.roa
Signing time:             Wed 20 Mar 2024 08:22:39 +0000
ROA not before:           Wed 20 Mar 2024 08:17:39 +0000
ROA not after:            Wed 19 Mar 2025 08:22:39 +0000
asID:                     209854
IP address blocks:        77.78.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:97:58:94:e2:76:5d:2f:9b:fc:05:31:d0:dd:be:2d:03:ba:b0:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 20 08:17:39 2024 GMT
            Not After : Mar 19 08:22:39 2025 GMT
        Subject: CN=485B642C2BC70FB124FF3C9E9775F7E0118992DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:99:1b:3c:37:24:9c:fa:40:28:08:8c:59:ab:
                    19:9e:3c:64:fb:55:10:7c:35:4c:70:c6:19:5f:a6:
                    94:0c:a1:a0:86:9f:de:97:f9:4d:e2:d3:f7:95:1d:
                    b8:53:61:02:71:ac:8a:11:c3:9b:6f:8f:19:53:ff:
                    44:dc:f7:03:4f:fd:76:47:4e:e8:05:36:e0:8c:e9:
                    02:16:a3:bc:82:00:db:8d:ae:a1:67:78:f4:8e:c2:
                    07:27:a5:77:dd:d0:26:b6:42:77:f8:70:e1:92:d3:
                    c0:15:8f:e6:3c:0e:fc:7c:b7:17:f8:53:46:4e:3a:
                    ae:d6:c8:e0:34:eb:21:ef:80:ec:2a:4d:0c:74:38:
                    16:ba:d7:0b:f4:67:60:0e:ea:80:17:38:c8:a8:fb:
                    d8:f6:f4:a6:5d:c7:a6:28:bd:0e:7c:5c:8e:35:ce:
                    bf:62:af:14:dd:dd:08:51:87:1a:53:9a:2c:99:25:
                    24:b4:be:fa:df:96:42:3a:63:f1:9a:83:b6:f6:3e:
                    0f:51:ba:16:a4:7b:ed:b4:14:c3:ec:c8:3d:21:6b:
                    37:58:66:04:f2:65:68:04:23:1a:83:8b:e2:e4:7d:
                    d1:16:00:70:96:19:f4:62:a4:18:2a:a2:ec:87:32:
                    93:44:49:64:59:24:61:a9:90:8f:ee:5f:77:a3:a4:
                    04:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:5B:64:2C:2B:C7:0F:B1:24:FF:3C:9E:97:75:F7:E0:11:89:92:DD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37312e302f32342d3234203d3e20323039383534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:d0:c8:83:ac:c6:41:8b:ea:a5:1f:60:b2:7d:e9:8a:90:96:
         80:f9:d2:ec:7f:3b:54:a8:86:e3:fe:74:f4:7a:67:f7:37:8a:
         0c:41:db:14:b2:8b:34:90:0f:c2:a6:d1:02:7a:e3:9c:bf:22:
         12:06:5c:d9:49:76:1e:d6:c8:50:9d:9e:dc:dd:e8:bd:cf:71:
         f6:ed:50:f3:a0:07:fc:18:90:2b:d7:97:2b:27:5c:75:f0:a4:
         f0:26:fa:e9:61:57:43:b3:f5:ea:71:ae:99:12:ab:ff:20:77:
         c9:e6:ca:01:11:c2:6f:a6:9d:dc:36:79:f6:ac:aa:4f:e1:05:
         67:f3:1a:d8:45:6d:4c:ce:d7:4c:d1:00:f4:a9:ec:26:16:ad:
         b4:08:e0:fa:a7:96:35:49:8e:f9:9b:fd:4c:fe:1a:74:12:c6:
         c7:13:93:c4:44:de:d8:30:c4:db:da:53:0f:42:41:6c:72:14:
         dd:0d:50:fd:39:a6:5a:46:87:04:b7:87:ec:e2:83:0c:81:88:
         f6:3e:f4:4b:55:72:28:60:69:7f:c0:fc:10:9d:e2:79:3e:bb:
         af:0e:38:13:b9:37:89:37:98:16:49:97:00:f9:ec:53:89:36:
         92:53:a7:55:64:7e:c3:4c:b4:d5:13:1d:b9:9d:67:67:bd:e4:
         15:36:ff:da
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUF5dYlOJ2XS+b/AUx0N2+LQO6sPswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMjAwODE3MzlaFw0yNTAzMTkwODIyMzlaMDMxMTAvBgNV
BAMTKDQ4NUI2NDJDMkJDNzBGQjEyNEZGM0M5RTk3NzVGN0UwMTE4OTkyREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFmRs8NySc+kAoCIxZqxmePGT7
VRB8NUxwxhlfppQMoaCGn96X+U3i0/eVHbhTYQJxrIoRw5tvjxlT/0Tc9wNP/XZH
TugFNuCM6QIWo7yCANuNrqFnePSOwgcnpXfd0Ca2Qnf4cOGS08AVj+Y8Dvx8txf4
U0ZOOq7WyOA06yHvgOwqTQx0OBa61wv0Z2AO6oAXOMio+9j29KZdx6YovQ58XI41
zr9irxTd3QhRhxpTmiyZJSS0vvrflkI6Y/Gag7b2Pg9Ruhake+20FMPsyD0hazdY
ZgTyZWgEIxqDi+LkfdEWAHCWGfRipBgqouyHMpNESWRZJGGpkI/uX3ejpASdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSFtkLCvHD7Ek/zyel3X34BGJkt0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzczNzJlMzczODJlMzczMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1O
RzANBgkqhkiG9w0BAQsFAAOCAQEAJ9DIg6zGQYvqpR9gsn3pipCWgPnS7H87VKiG
4/509Hpn9zeKDEHbFLKLNJAPwqbRAnrjnL8iEgZc2Ul2HtbIUJ2e3N3ovc9x9u1Q
86AH/BiQK9eXKydcdfCk8Cb66WFXQ7P16nGumRKr/yB3yebKARHCb6ad3DZ59qyq
T+EFZ/Ma2EVtTM7XTNEA9KnsJhattAjg+qeWNUmO+Zv9TP4adBLGxxOTxETe2DDE
29pTD0JBbHIU3Q1Q/TmmWkaHBLeH7OKDDIGI9j70S1VyKGBpf8D8EJ3ieT67rw44
E7k3iTeYFkmXAPnsU4k2klOnVWR+w0y01RMduZ1nZ73kFTb/2g==
-----END CERTIFICATE-----