Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e38302e302f32312d3332203d3e203531313637.roa
File:                     38302e3139302e38302e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          TojFaKiRPJVT82LPAdB5G37XNW8rm/wbbgEjMEi0qn0=
Subject key identifier:   C2:45:86:D4:30:4D:A1:39:26:47:D5:6C:10:E3:8B:D0:ED:46:32:73
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       66C78D05034FC7D5A66C9570C1529E87DB23DC56
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e38302e302f32312d3332203d3e203531313637.roa
Signing time:             Wed 21 May 2025 11:46:24 +0000
ROA not before:           Wed 21 May 2025 11:41:24 +0000
ROA not after:            Wed 20 May 2026 11:46:24 +0000
asID:                     51167
IP address blocks:        80.190.80.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:c7:8d:05:03:4f:c7:d5:a6:6c:95:70:c1:52:9e:87:db:23:dc:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 21 11:41:24 2025 GMT
            Not After : May 20 11:46:24 2026 GMT
        Subject: CN=C24586D4304DA1392647D56C10E38BD0ED463273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:83:a2:e7:89:a3:5e:94:15:5a:a2:13:f0:f9:
                    1e:ed:28:80:54:48:97:e0:ad:9d:21:da:ff:8f:37:
                    30:b1:0c:13:05:0b:c5:9f:13:fd:65:26:d3:63:8d:
                    4c:34:fb:c2:a9:7b:57:8d:ef:a9:d0:e6:fb:75:88:
                    56:58:ca:de:38:b2:89:e2:fe:ca:79:da:43:a3:c3:
                    f5:f7:9b:45:60:c6:1c:5a:59:31:05:80:18:ce:75:
                    a2:da:a4:7c:c7:c7:cb:f2:33:a1:25:e9:7d:f9:c3:
                    86:7d:3d:04:15:16:f4:de:fa:5a:a7:a7:da:dc:ff:
                    b5:14:9d:ac:dd:10:0d:6e:a9:68:b9:39:51:48:00:
                    b7:94:07:d7:c9:ce:52:2f:b7:ca:c8:44:2f:66:a2:
                    1e:da:b1:4b:1e:f4:32:a2:b1:75:73:fb:3b:16:e5:
                    24:be:24:65:7d:15:ba:cc:c6:cc:c7:8a:2e:b6:56:
                    71:8c:79:51:5f:d9:be:a4:f7:66:24:a7:6b:fe:13:
                    d1:62:7a:d3:a3:73:18:21:36:a7:59:09:54:fa:7c:
                    58:65:42:d5:01:50:38:c2:ef:a5:df:10:ec:6c:8c:
                    7c:eb:f7:98:fa:57:5b:ea:ba:f6:e6:03:b3:f5:07:
                    12:9a:48:c0:19:9e:f4:db:30:7b:66:84:6d:23:b9:
                    d9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:45:86:D4:30:4D:A1:39:26:47:D5:6C:10:E3:8B:D0:ED:46:32:73
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e38302e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.190.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:eb:00:af:24:1a:2e:7c:bf:68:9f:04:29:68:8b:37:d2:6c:
         89:2c:f6:2e:a6:a2:bf:e0:dc:25:31:d2:c4:22:bc:3d:ea:cb:
         4e:22:e7:06:cb:7d:23:dc:85:88:7f:46:bf:60:97:c6:74:fb:
         c9:06:2c:d0:2d:0c:94:6d:91:f9:5b:ed:8f:30:cf:60:6f:04:
         3e:be:2c:2c:99:79:fc:6b:92:49:1e:91:4a:8c:3b:a5:d7:b5:
         9e:6f:a2:c6:d1:58:69:3e:ac:dd:6c:7e:cf:7d:e5:80:3e:7a:
         bd:44:f9:b6:49:06:74:17:47:85:57:2e:a4:95:7c:db:36:e1:
         31:96:01:d7:d9:3f:c1:65:c3:bc:52:91:d5:71:d5:48:e7:6c:
         fd:e3:6d:f4:dc:94:e7:47:c4:ae:c1:b4:76:9a:66:d9:18:75:
         b3:d4:8c:29:c0:5a:b0:1f:5d:3d:5e:07:68:bf:fb:52:c7:f5:
         e6:a0:8a:5f:1a:e4:4b:b3:6f:3f:eb:22:8c:98:d3:d9:a0:b5:
         5d:6b:e1:d7:dd:de:a5:59:d9:03:02:76:f1:28:47:72:f9:d3:
         82:87:3a:38:29:dd:f0:78:07:f3:de:5d:4d:7f:3f:7c:f4:e2:
         9d:7e:b0:af:cb:97:f7:34:67:3a:0c:78:3d:a6:ad:49:cc:0f:
         4c:1a:2d:8a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZseNBQNPx9WmbJVwwVKeh9sj3FYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjExMTQxMjRaFw0yNjA1MjAxMTQ2MjRaMDMxMTAvBgNV
BAMTKEMyNDU4NkQ0MzA0REExMzkyNjQ3RDU2QzEwRTM4QkQwRUQ0NjMyNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxg6LniaNelBVaohPw+R7tKIBU
SJfgrZ0h2v+PNzCxDBMFC8WfE/1lJtNjjUw0+8Kpe1eN76nQ5vt1iFZYyt44soni
/sp52kOjw/X3m0VgxhxaWTEFgBjOdaLapHzHx8vyM6El6X35w4Z9PQQVFvTe+lqn
p9rc/7UUnazdEA1uqWi5OVFIALeUB9fJzlIvt8rIRC9moh7asUse9DKisXVz+zsW
5SS+JGV9FbrMxszHii62VnGMeVFf2b6k92Ykp2v+E9FietOjcxghNqdZCVT6fFhl
QtUBUDjC76XfEOxsjHzr95j6V1vquvbmA7P1BxKaSMAZnvTbMHtmhG0judl3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwkWG1DBNoTkmR9VsEOOL0O1GMnMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzEzOTMwMmUzODMw
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1C+
UDANBgkqhkiG9w0BAQsFAAOCAQEACesAryQaLny/aJ8EKWiLN9JsiSz2Lqaiv+Dc
JTHSxCK8PerLTiLnBst9I9yFiH9Gv2CXxnT7yQYs0C0MlG2R+VvtjzDPYG8EPr4s
LJl5/GuSSR6RSow7pde1nm+ixtFYaT6s3Wx+z33lgD56vUT5tkkGdBdHhVcupJV8
2zbhMZYB19k/wWXDvFKR1XHVSOds/eNt9NyU50fErsG0dppm2Rh1s9SMKcBasB9d
PV4HaL/7Usf15qCKXxrkS7NvP+sijJjT2aC1XWvh193epVnZAwJ28ShHcvnTgoc6
OCnd8HgH895dTX8/fPTinX6wr8uX9zRnOgx4PaatScwPTBotig==
-----END CERTIFICATE-----