Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37362e302f32342d3234203d3e203437353833.roa
File:                     33312e3138372e37362e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          lYdPx1U/sJJN+Nzz946icIk/VjCMD9CSU6ZKbbxIN/A=
Subject key identifier:   20:5D:E4:A1:9F:4A:4A:C5:81:D0:68:11:61:C4:BE:9C:C4:6E:E6:50
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       463A09FE141D6798FC5510080717B15CC9DC6E0F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37362e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:13 +0000
ROA not before:           Mon 26 Feb 2024 08:48:13 +0000
ROA not after:            Mon 24 Feb 2025 08:53:13 +0000
asID:                     47583
IP address blocks:        31.187.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:3a:09:fe:14:1d:67:98:fc:55:10:08:07:17:b1:5c:c9:dc:6e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:13 2024 GMT
            Not After : Feb 24 08:53:13 2025 GMT
        Subject: CN=205DE4A19F4A4AC581D0681161C4BE9CC46EE650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:82:b6:f6:18:95:bb:a9:81:8e:63:70:74:1d:
                    8b:fe:f4:15:86:40:3d:88:94:f9:e3:63:55:64:87:
                    91:9a:6d:36:f7:49:68:75:68:aa:50:55:d6:aa:dd:
                    e1:ad:9d:88:e7:da:98:81:2d:50:87:12:76:4f:57:
                    6a:a5:d3:8c:b6:72:48:44:d5:7c:89:88:40:ff:93:
                    a4:52:ae:6d:96:29:5e:26:05:51:19:8f:b6:05:06:
                    8b:03:1a:e2:f6:03:86:24:d8:e0:e4:b1:0d:53:5d:
                    ad:eb:17:4a:dc:42:cd:5e:20:bc:89:0b:44:98:8d:
                    a2:ce:58:22:d4:71:ee:d3:a5:57:47:ec:15:f3:e6:
                    f1:01:76:12:f5:b5:95:25:92:9e:4d:ae:22:fa:f4:
                    ff:aa:63:83:3e:15:79:43:44:a9:5d:bd:1b:59:3c:
                    29:5c:20:dc:10:00:bc:6d:89:a4:d4:56:52:fc:bd:
                    c2:1d:c1:15:d0:79:d9:be:5b:d3:b7:21:fb:31:23:
                    43:2a:57:16:d0:f5:14:5e:a2:3d:3b:a2:3d:41:5c:
                    62:8a:d6:d3:e7:8c:3f:ee:3b:6b:8a:28:f8:b6:33:
                    63:c4:ef:81:e6:a3:fd:39:d6:4c:fb:95:58:f0:88:
                    5a:c5:35:8e:0d:5f:56:61:15:95:ab:5f:bd:c9:42:
                    83:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:5D:E4:A1:9F:4A:4A:C5:81:D0:68:11:61:C4:BE:9C:C4:6E:E6:50
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37362e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ed:76:41:47:17:9a:ad:bd:a0:ff:0b:6d:36:5d:ab:87:f4:
         e4:88:9c:af:07:3c:89:62:43:29:68:83:33:2a:e5:85:4a:5b:
         52:1a:7e:0c:ba:9a:8f:b0:49:a4:47:13:4f:7d:03:02:3d:c9:
         fe:19:9b:1d:25:70:67:1b:af:30:a9:8c:67:78:68:fd:a8:55:
         68:7c:44:b3:c9:41:fa:f0:8a:33:f5:92:49:8e:3f:46:9f:5e:
         2d:5f:a7:93:02:5e:24:f5:51:1f:63:45:70:ef:3d:af:0e:26:
         d0:0f:14:23:a4:d4:39:df:86:a1:1e:e1:98:ef:52:60:c6:6d:
         d4:2c:39:2d:4f:a8:94:e4:92:e1:85:37:aa:cf:61:ff:4b:50:
         30:4f:ed:60:b6:b7:41:8b:d5:7c:9d:81:6e:4f:2c:01:09:48:
         0d:aa:2c:88:1e:d9:00:71:89:0e:aa:d7:f2:18:7c:76:b8:5c:
         3c:ed:5d:eb:10:a1:e8:05:f6:b5:71:4b:b4:2c:e2:38:1b:7a:
         e6:35:f0:04:33:9c:19:b2:43:b6:94:a2:cd:f1:8b:3a:f0:c1:
         f8:45:19:49:6c:a5:2f:7c:82:61:f1:ec:fa:32:fd:52:ae:7f:
         e2:e5:c6:d0:ac:90:c3:ff:72:c0:60:c8:e5:74:f3:43:b5:86:
         ab:3c:75:7d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURjoJ/hQdZ5j8VRAIBxexXMncbg8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTNaFw0yNTAyMjQwODUzMTNaMDMxMTAvBgNV
BAMTKDIwNURFNEExOUY0QTRBQzU4MUQwNjgxMTYxQzRCRTlDQzQ2RUU2NTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOgrb2GJW7qYGOY3B0HYv+9BWG
QD2IlPnjY1Vkh5GabTb3SWh1aKpQVdaq3eGtnYjn2piBLVCHEnZPV2ql04y2ckhE
1XyJiED/k6RSrm2WKV4mBVEZj7YFBosDGuL2A4Yk2ODksQ1TXa3rF0rcQs1eILyJ
C0SYjaLOWCLUce7TpVdH7BXz5vEBdhL1tZUlkp5NriL69P+qY4M+FXlDRKldvRtZ
PClcINwQALxtiaTUVlL8vcIdwRXQedm+W9O3IfsxI0MqVxbQ9RReoj07oj1BXGKK
1tPnjD/uO2uKKPi2M2PE74Hmo/051kz7lVjwiFrFNY4NX1ZhFZWrX73JQoMBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIF3koZ9KSsWB0GgRYcS+nMRu5lAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzEzODM3MmUzNzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+7
TDANBgkqhkiG9w0BAQsFAAOCAQEAJe12QUcXmq29oP8LbTZdq4f05Iicrwc8iWJD
KWiDMyrlhUpbUhp+DLqaj7BJpEcTT30DAj3J/hmbHSVwZxuvMKmMZ3ho/ahVaHxE
s8lB+vCKM/WSSY4/Rp9eLV+nkwJeJPVRH2NFcO89rw4m0A8UI6TUOd+GoR7hmO9S
YMZt1Cw5LU+olOSS4YU3qs9h/0tQME/tYLa3QYvVfJ2Bbk8sAQlIDaosiB7ZAHGJ
DqrX8hh8drhcPO1d6xCh6AX2tXFLtCziOBt65jXwBDOcGbJDtpSizfGLOvDB+EUZ
SWylL3yCYfHs+jL9Uq5/4uXG0KyQw/9ywGDI5XTzQ7WGqzx1fQ==
-----END CERTIFICATE-----