Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38312e31372e39362e302f32312d3332203d3e203531313637.roa
File:                     38312e31372e39362e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          uXW/9TH5XzuEoTUEmnDMvXi8IbTp5HzkoyQRtMl7XRs=
Subject key identifier:   DE:99:B8:44:B6:31:89:10:F6:CF:CC:1A:7C:55:23:36:FD:F0:7D:16
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2AD92BD95408C14B5F35F26ED28788A2C8C23498
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38312e31372e39362e302f32312d3332203d3e203531313637.roa
Signing time:             Thu 06 Mar 2025 20:45:51 +0000
ROA not before:           Thu 06 Mar 2025 20:40:51 +0000
ROA not after:            Thu 05 Mar 2026 20:45:51 +0000
asID:                     51167
IP address blocks:        81.17.96.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:d9:2b:d9:54:08:c1:4b:5f:35:f2:6e:d2:87:88:a2:c8:c2:34:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  6 20:40:51 2025 GMT
            Not After : Mar  5 20:45:51 2026 GMT
        Subject: CN=DE99B844B6318910F6CFCC1A7C552336FDF07D16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:9c:8a:68:9b:6e:1e:62:3f:a6:82:b9:ba:e0:
                    2f:56:d5:73:7c:9b:5a:45:ef:65:d7:88:c7:31:33:
                    c6:44:fb:f0:83:81:33:59:65:36:e3:6b:c9:6d:54:
                    4b:a5:6e:35:2a:89:b5:e0:e1:07:e9:f9:24:9b:28:
                    4e:35:63:89:1d:42:6c:9f:14:69:28:37:86:d0:6b:
                    39:a1:f1:c3:b7:55:f6:04:1c:5c:49:08:4d:8c:b4:
                    21:1b:2f:bf:8f:db:3e:0a:ab:3f:f3:d8:68:3a:8a:
                    4b:46:38:5b:0e:d1:86:ab:24:43:c8:c2:84:7b:5b:
                    57:1d:0f:11:fb:42:1c:1a:3a:94:e1:e4:91:70:62:
                    a6:4e:9f:79:97:bc:bd:11:39:91:13:0e:1b:4d:f7:
                    c2:7d:b2:af:e7:52:cf:62:c9:5b:22:2b:90:82:41:
                    73:5b:e6:ff:dc:97:c0:dd:a6:28:03:31:dd:20:ec:
                    7b:6b:e5:8d:a0:4d:3c:b5:26:9a:f4:5a:e2:02:9e:
                    fd:35:0d:14:5e:6e:c4:05:50:71:b9:62:c0:28:c9:
                    c2:5c:a6:91:45:ce:e8:11:1c:32:12:ed:e1:36:a9:
                    e9:be:16:19:45:23:21:fb:35:b5:d2:c3:cf:db:9f:
                    75:87:0b:f8:bd:45:87:82:9d:62:aa:e5:e3:52:15:
                    1c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:99:B8:44:B6:31:89:10:F6:CF:CC:1A:7C:55:23:36:FD:F0:7D:16
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38312e31372e39362e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.17.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7c:53:21:07:40:bb:dc:1f:95:b1:f4:ca:ed:85:20:83:02:5a:
         1a:95:f9:d0:e6:39:d5:f3:aa:81:5a:c5:69:c6:8e:b7:e9:56:
         f7:16:0d:44:c5:d2:fc:83:a0:b2:39:4a:2c:dd:7f:e1:f2:33:
         0a:32:e8:30:05:66:b0:da:ce:c5:a8:97:da:9a:f7:0c:34:c1:
         9d:cc:a4:0a:6f:81:d7:c3:cd:d6:b9:32:34:f3:43:fd:0d:b9:
         03:80:65:99:b9:be:80:b4:bb:78:4b:57:bf:19:0a:24:ae:59:
         93:de:ae:cf:9b:06:dd:1a:35:34:d6:75:61:39:25:95:fa:b9:
         01:66:6b:4c:99:01:8f:5b:70:ec:84:e5:0c:4d:a3:ad:1a:98:
         f6:cc:58:90:52:3a:70:a0:4d:81:6c:32:d9:fc:74:87:0f:82:
         d2:9c:6d:a7:9d:b1:87:48:5e:e5:fd:d0:ef:be:10:d5:9b:33:
         ee:bc:2c:2e:13:57:35:27:7a:6f:2d:ed:ef:0b:c9:6a:42:57:
         55:86:6c:d3:10:3e:da:5c:68:c5:f1:e5:d2:df:a4:e4:cf:b1:
         2d:53:4b:5c:d0:73:08:49:c4:96:21:3b:2f:b8:da:f4:34:c1:
         13:6d:89:e8:04:18:86:f3:62:a2:04:b1:04:fc:5a:6c:a9:06:
         3b:60:3b:5e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKtkr2VQIwUtfNfJu0oeIosjCNJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAzMDYyMDQwNTFaFw0yNjAzMDUyMDQ1NTFaMDMxMTAvBgNV
BAMTKERFOTlCODQ0QjYzMTg5MTBGNkNGQ0MxQTdDNTUyMzM2RkRGMDdEMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrnIpom24eYj+mgrm64C9W1XN8
m1pF72XXiMcxM8ZE+/CDgTNZZTbja8ltVEulbjUqibXg4Qfp+SSbKE41Y4kdQmyf
FGkoN4bQazmh8cO3VfYEHFxJCE2MtCEbL7+P2z4Kqz/z2Gg6iktGOFsO0YarJEPI
woR7W1cdDxH7QhwaOpTh5JFwYqZOn3mXvL0ROZETDhtN98J9sq/nUs9iyVsiK5CC
QXNb5v/cl8DdpigDMd0g7Htr5Y2gTTy1Jpr0WuICnv01DRRebsQFUHG5YsAoycJc
ppFFzugRHDIS7eE2qem+FhlFIyH7NbXSw8/bn3WHC/i9RYeCnWKq5eNSFRwpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU3pm4RLYxiRD2z8wafFUjNv3wfRYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMTJlMzEzNzJlMzkzNjJl
MzAyZjMyMzEyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANREWAw
DQYJKoZIhvcNAQELBQADggEBAHxTIQdAu9wflbH0yu2FIIMCWhqV+dDmOdXzqoFa
xWnGjrfpVvcWDUTF0vyDoLI5Sizdf+HyMwoy6DAFZrDazsWol9qa9ww0wZ3MpApv
gdfDzda5MjTzQ/0NuQOAZZm5voC0u3hLV78ZCiSuWZPers+bBt0aNTTWdWE5JZX6
uQFma0yZAY9bcOyE5QxNo60amPbMWJBSOnCgTYFsMtn8dIcPgtKcbaedsYdIXuX9
0O++ENWbM+68LC4TVzUnem8t7e8LyWpCV1WGbNMQPtpcaMXx5dLfpOTPsS1TS1zQ
cwhJxJYhOy+42vQ0wRNtiegEGIbzYqIEsQT8WmypBjtgO14=
-----END CERTIFICATE-----