Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e33302e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          DmDqC/t8io/j4/uB7E2G3ycFGx/e9Ze9seJtMfAXM0E=
Subject key identifier:   3D:54:C2:C4:CA:D8:55:F1:26:80:E4:BE:C1:5E:7E:1C:53:C1:ED:2A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       542B3767623AF37613A9F2DAF5C992F4805F5C7F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 26 Feb 2024 08:53:15 +0000
ROA not before:           Mon 26 Feb 2024 08:48:15 +0000
ROA not after:            Mon 24 Feb 2025 08:53:15 +0000
asID:                     63473
IP address blocks:        31.220.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:2b:37:67:62:3a:f3:76:13:a9:f2:da:f5:c9:92:f4:80:5f:5c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:15 2024 GMT
            Not After : Feb 24 08:53:15 2025 GMT
        Subject: CN=3D54C2C4CAD855F12680E4BEC15E7E1C53C1ED2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:68:83:0b:9f:9b:2f:0c:41:60:f4:27:fb:eb:
                    79:ba:ff:1a:70:50:cf:6f:89:b6:4f:7a:2f:2f:00:
                    a0:fb:05:fd:15:a6:59:01:dc:7e:60:1b:f1:7b:84:
                    d0:e3:f3:fd:24:c0:ca:c7:b4:f4:f1:4c:8e:5d:a3:
                    b1:e1:55:09:d8:22:6f:2c:ef:14:8b:33:5f:f6:79:
                    93:1e:90:c6:21:f8:bf:4b:06:11:d5:4d:d7:da:23:
                    2a:53:ea:47:47:5c:2f:79:75:22:dd:78:7f:5c:2c:
                    ee:01:f9:d4:e5:ba:2a:f9:bf:d4:73:ce:28:6a:db:
                    d3:57:59:ee:aa:7a:b0:df:49:9d:23:da:67:b2:45:
                    ac:f9:63:3b:50:1e:4f:52:3b:fa:fb:3f:c4:ed:6c:
                    3b:bb:57:41:20:a9:06:15:e4:10:3a:73:4e:6a:a2:
                    66:fb:9f:4a:fd:b7:cd:7b:ea:ce:6c:b2:22:bf:f7:
                    c0:6e:09:a4:2d:ea:36:9e:b7:32:3d:5c:c5:b1:81:
                    d1:cc:e5:89:1d:0b:4e:25:5e:a6:14:86:78:8e:e2:
                    3d:60:25:7d:c7:55:0e:ed:73:cb:c3:16:3c:6e:29:
                    1f:49:62:ea:7c:5f:33:fb:93:41:99:a1:98:f3:f7:
                    b2:77:a4:6c:f1:d8:45:61:8e:a1:15:2c:cf:2a:cc:
                    5d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:54:C2:C4:CA:D8:55:F1:26:80:E4:BE:C1:5E:7E:1C:53:C1:ED:2A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:36:1b:d6:21:e8:11:9d:ef:fe:27:9f:a4:9e:dd:83:f4:bf:
         69:f6:8c:22:5b:06:07:59:e3:c8:46:41:0c:de:d5:26:8a:f4:
         f2:2c:09:36:ee:0f:da:00:87:d2:fa:27:1b:92:58:b9:87:7b:
         82:f3:8a:ba:eb:55:e0:38:35:16:37:82:27:4e:65:7e:7a:a4:
         c4:12:b0:96:22:82:16:15:5f:48:02:25:d2:8c:4e:a1:95:85:
         22:97:16:0e:1d:df:77:18:c3:d3:a8:ba:55:a2:71:ba:99:ab:
         18:a3:8a:d9:0e:65:24:e7:c5:41:1e:81:dc:a7:40:56:8e:2e:
         97:ed:c0:4e:e8:97:f8:08:3f:c6:aa:5f:8e:cb:13:58:59:68:
         5a:74:42:c7:86:b7:2b:55:36:de:3b:e0:ec:3c:5b:60:90:36:
         da:fe:c5:ca:71:98:aa:ba:26:6e:79:6c:16:74:d4:44:e5:10:
         78:4c:fa:a1:e6:e7:6a:63:1e:77:d8:c5:cb:c5:4a:2b:f8:64:
         29:20:08:a7:ff:2c:69:79:f7:a5:3f:08:a4:67:4f:85:9e:7d:
         3d:87:6d:c2:c8:16:c9:ad:a4:d3:65:b6:7b:c3:f5:0e:d0:18:
         87:11:b5:35:5e:b5:03:4e:ef:aa:4a:43:68:a8:69:2c:e2:e0:
         18:a1:69:7d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVCs3Z2I683YTqfLa9cmS9IBfXH8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTVaFw0yNTAyMjQwODUzMTVaMDMxMTAvBgNV
BAMTKDNENTRDMkM0Q0FEODU1RjEyNjgwRTRCRUMxNUU3RTFDNTNDMUVEMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOaIMLn5svDEFg9Cf763m6/xpw
UM9vibZPei8vAKD7Bf0VplkB3H5gG/F7hNDj8/0kwMrHtPTxTI5do7HhVQnYIm8s
7xSLM1/2eZMekMYh+L9LBhHVTdfaIypT6kdHXC95dSLdeH9cLO4B+dTluir5v9Rz
zihq29NXWe6qerDfSZ0j2meyRaz5YztQHk9SO/r7P8TtbDu7V0EgqQYV5BA6c05q
omb7n0r9t8176s5ssiK/98BuCaQt6jaetzI9XMWxgdHM5YkdC04lXqYUhniO4j1g
JX3HVQ7tc8vDFjxuKR9JYup8XzP7k0GZoZjz97J3pGzx2EVhjqEVLM8qzF3XAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPVTCxMrYVfEmgOS+wV5+HFPB7SowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
HjANBgkqhkiG9w0BAQsFAAOCAQEAkzYb1iHoEZ3v/iefpJ7dg/S/afaMIlsGB1nj
yEZBDN7VJor08iwJNu4P2gCH0vonG5JYuYd7gvOKuutV4Dg1FjeCJ05lfnqkxBKw
liKCFhVfSAIl0oxOoZWFIpcWDh3fdxjD06i6VaJxupmrGKOK2Q5lJOfFQR6B3KdA
Vo4ul+3ATuiX+Ag/xqpfjssTWFloWnRCx4a3K1U23jvg7DxbYJA22v7FynGYqrom
bnlsFnTUROUQeEz6oebnamMed9jFy8VKK/hkKSAIp/8saXn3pT8IpGdPhZ59PYdt
wsgWya2k02W2e8P1DtAYhxG1NV61A07vqkpDaKhpLOLgGKFpfQ==
-----END CERTIFICATE-----