Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203432373038.roa
File:                     33312e3232302e33302e302f32342d3234203d3e203432373038.roa (raw, json)
Hash identifier:          cJ88Q3AEYVgRFwCEcEzZi1duSYDtP9R3O7ojWkLzLlc=
Subject key identifier:   E3:7D:79:36:3F:7D:D7:06:C3:DB:19:4D:C8:D5:37:36:38:90:F0:44
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       382340F0668487071FCDE9911B0C15FE00CAC427
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203432373038.roa
Signing time:             Mon 26 Feb 2024 08:53:19 +0000
ROA not before:           Mon 26 Feb 2024 08:48:19 +0000
ROA not after:            Mon 24 Feb 2025 08:53:19 +0000
asID:                     42708
IP address blocks:        31.220.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:23:40:f0:66:84:87:07:1f:cd:e9:91:1b:0c:15:fe:00:ca:c4:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:19 2024 GMT
            Not After : Feb 24 08:53:19 2025 GMT
        Subject: CN=E37D79363F7DD706C3DB194DC8D537363890F044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:ab:e0:93:91:d7:29:13:e8:67:da:c7:68:c6:
                    5f:97:67:12:16:f9:81:11:b3:8d:53:b4:da:24:39:
                    9f:9b:1d:b6:1c:70:c7:39:0e:28:3a:2a:ac:ad:d9:
                    cf:9b:b7:53:ac:88:01:c5:8d:ba:88:b0:c4:a9:ab:
                    7a:b6:c0:1d:d0:2e:29:71:3e:8c:39:ab:4c:f0:42:
                    98:26:61:35:0d:c8:08:4f:fe:09:61:a2:eb:e2:47:
                    67:f0:af:64:c9:34:a7:67:86:a7:81:dd:5e:31:8a:
                    33:e3:58:af:23:f4:14:13:85:57:b0:ea:8f:3a:6d:
                    63:83:e6:cc:fb:f1:28:7f:f9:35:ce:b5:16:d4:ae:
                    17:b4:10:e4:74:33:df:32:c5:a4:4c:1d:d2:cc:af:
                    57:5d:89:2f:5c:53:b6:5c:db:c9:c8:1f:e2:c6:93:
                    1a:9f:ed:ff:eb:b5:aa:88:68:ca:c2:64:cf:f0:60:
                    39:b9:10:a8:06:89:67:1b:0d:f9:34:72:ec:1b:7a:
                    39:f4:a5:53:6a:78:ec:2b:f5:26:a2:1a:86:e5:b8:
                    05:c5:2f:51:20:c3:2e:a8:6e:6d:39:ea:59:c5:dd:
                    3c:66:0a:d2:7a:74:a1:05:b0:f2:c0:fc:fe:f7:17:
                    d0:ea:35:9c:5b:e8:34:2e:ac:82:8f:4f:33:81:e8:
                    0f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7D:79:36:3F:7D:D7:06:C3:DB:19:4D:C8:D5:37:36:38:90:F0:44
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203432373038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ba:54:fb:61:bd:dd:39:bd:1f:7f:bf:68:fe:a1:bc:32:37:
         96:1e:8e:42:68:12:d1:a3:a8:c8:f4:1d:6c:86:51:fe:c5:83:
         14:bd:aa:ff:1d:4e:32:dd:b5:c8:c5:a5:ed:22:35:3c:21:58:
         a0:2c:71:ce:78:5d:37:ff:12:ca:a2:70:9a:30:f6:4f:78:88:
         e2:76:1a:99:70:3a:d6:68:ea:db:9a:79:c0:cf:da:49:dc:a3:
         9c:85:b4:f3:0c:7d:4a:20:84:22:1a:85:58:c3:0a:78:95:64:
         49:87:48:f5:6b:7e:1f:ea:bc:37:e6:9b:e7:ae:76:d9:3d:d4:
         6e:de:38:f5:6f:e2:1b:3b:55:db:05:cb:79:aa:47:46:b6:7c:
         5f:06:0e:26:1b:9a:a8:62:b2:30:27:10:6d:e7:c8:56:92:4f:
         aa:31:0e:64:7a:1a:11:44:db:f5:de:77:0c:a4:60:47:22:24:
         de:40:fd:b1:76:a8:61:d0:7e:b8:1d:5a:6b:63:7f:1f:cf:eb:
         83:8e:ef:32:49:dd:90:f4:b1:bd:bb:79:06:83:d2:6b:57:cf:
         02:6a:20:dd:5d:9a:68:d2:3b:dc:1d:0d:72:2d:68:a0:cb:ed:
         31:a0:96:71:4a:3e:24:4d:9f:4c:ac:2b:36:cd:34:8d:7a:e2:
         14:d6:ce:b1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOCNA8GaEhwcfzemRGwwV/gDKxCcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTlaFw0yNTAyMjQwODUzMTlaMDMxMTAvBgNV
BAMTKEUzN0Q3OTM2M0Y3REQ3MDZDM0RCMTk0REM4RDUzNzM2Mzg5MEYwNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvq+CTkdcpE+hn2sdoxl+XZxIW
+YERs41TtNokOZ+bHbYccMc5Dig6Kqyt2c+bt1OsiAHFjbqIsMSpq3q2wB3QLilx
Pow5q0zwQpgmYTUNyAhP/glhouviR2fwr2TJNKdnhqeB3V4xijPjWK8j9BQThVew
6o86bWOD5sz78Sh/+TXOtRbUrhe0EOR0M98yxaRMHdLMr1ddiS9cU7Zc28nIH+LG
kxqf7f/rtaqIaMrCZM/wYDm5EKgGiWcbDfk0cuwbejn0pVNqeOwr9SaiGobluAXF
L1Egwy6obm056lnF3TxmCtJ6dKEFsPLA/P73F9DqNZxb6DQurIKPTzOB6A+tAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4315Nj991wbD2xlNyNU3NjiQ8EQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM3MzAzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
HjANBgkqhkiG9w0BAQsFAAOCAQEAUbpU+2G93Tm9H3+/aP6hvDI3lh6OQmgS0aOo
yPQdbIZR/sWDFL2q/x1OMt21yMWl7SI1PCFYoCxxznhdN/8SyqJwmjD2T3iI4nYa
mXA61mjq25p5wM/aSdyjnIW08wx9SiCEIhqFWMMKeJVkSYdI9Wt+H+q8N+ab5652
2T3Ubt449W/iGztV2wXLeapHRrZ8XwYOJhuaqGKyMCcQbefIVpJPqjEOZHoaEUTb
9d53DKRgRyIk3kD9sXaoYdB+uB1aa2N/H8/rg47vMkndkPSxvbt5BoPSa1fPAmog
3V2aaNI73B0Nci1ooMvtMaCWcUo+JE2fTKwrNs00jXriFNbOsQ==
-----END CERTIFICATE-----