Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33312e302f32342d3234203d3e203437353833.roa
File:                     33312e3232302e33312e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          AuF+e6K01oh6WJBMkmzlr90X/HAJGSy5I9TRbD23eK8=
Subject key identifier:   E0:82:95:8A:22:91:A3:EE:3D:2C:23:28:CF:CD:4D:9A:F0:2F:D8:E1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2D749B06B6D5250ED6FE5E61921545A31CB2EDFC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33312e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:15 +0000
ROA not before:           Mon 26 Feb 2024 08:48:15 +0000
ROA not after:            Mon 24 Feb 2025 08:53:15 +0000
asID:                     47583
IP address blocks:        31.220.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:74:9b:06:b6:d5:25:0e:d6:fe:5e:61:92:15:45:a3:1c:b2:ed:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:15 2024 GMT
            Not After : Feb 24 08:53:15 2025 GMT
        Subject: CN=E082958A2291A3EE3D2C2328CFCD4D9AF02FD8E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b2:af:08:bd:c1:6d:9f:04:ca:14:f8:1d:e8:
                    09:0b:58:3f:eb:b6:8b:ac:d6:c0:8d:b7:29:43:c7:
                    99:41:e8:48:e2:a5:3f:0e:6c:4e:42:f1:5c:cb:dd:
                    90:f8:e0:38:83:28:a0:a6:91:fb:c6:b4:0b:6f:92:
                    31:8d:f9:6f:2c:ae:a3:20:5d:7f:61:e6:0c:5c:56:
                    54:9a:60:2c:6c:5b:5d:98:d4:e4:e6:40:43:07:bb:
                    89:50:0a:95:06:c9:82:a1:fb:b5:fc:35:f1:5a:6d:
                    98:68:88:82:59:51:f2:a1:d0:49:a2:5c:8e:4b:50:
                    f2:e5:f6:eb:c8:62:bc:02:51:57:46:3c:ac:3c:0f:
                    66:1f:b2:a6:7f:06:c8:25:fd:29:a0:50:d6:6e:38:
                    56:7f:d2:3a:d3:35:4b:e8:5e:72:94:78:db:ed:ff:
                    65:cd:97:c6:ad:d4:42:18:5c:c2:2d:42:48:f8:4d:
                    2e:29:ef:17:32:52:a6:8b:e3:a9:23:6c:02:53:4e:
                    40:f0:c1:c9:53:dc:81:a0:9b:79:87:9d:b4:30:08:
                    40:f3:83:62:1e:3c:99:5c:61:50:f0:fe:94:93:c1:
                    de:e7:fa:a9:15:a9:63:21:83:ac:5e:f6:e4:e1:bf:
                    79:a8:05:b0:45:42:9d:6e:ec:80:01:e6:39:23:f2:
                    d0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:82:95:8A:22:91:A3:EE:3D:2C:23:28:CF:CD:4D:9A:F0:2F:D8:E1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33312e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:bc:dd:2a:0c:12:e0:c8:a7:3d:bc:f7:e0:24:da:2b:bd:7a:
         2a:95:08:81:54:0b:46:0d:09:40:6f:7d:01:e8:a7:c8:b2:54:
         cf:ac:7e:5c:0d:1a:5b:69:0b:0a:10:e8:25:15:fb:85:51:d4:
         36:a8:d3:02:f7:41:82:67:8c:8b:00:07:4d:f0:0c:cb:c9:e2:
         a9:12:ee:fc:cc:ac:27:7f:0c:a8:41:1e:3a:c6:7a:75:b8:c3:
         e9:6a:89:db:ea:b0:5a:3e:d8:d4:9c:46:cb:25:ff:ea:ec:5f:
         b3:80:dd:b1:0f:07:8a:a7:d0:b0:37:99:a6:36:fc:13:8a:af:
         44:18:85:a9:b4:d4:21:bb:98:05:2a:7a:1c:13:d1:c3:14:b7:
         fe:ca:cf:04:2d:a9:b3:fa:05:a8:0f:5f:6d:3f:64:b6:c4:80:
         41:b8:31:2a:b2:d3:3c:f6:a9:c2:b5:5f:94:9b:c8:d7:1d:51:
         79:ba:67:a8:87:f1:ab:18:9a:5f:5d:9a:37:9c:a6:37:0d:29:
         83:d1:6f:e1:7c:ce:73:5a:0c:11:73:f2:51:f9:28:38:18:98:
         63:44:fd:12:e8:42:67:e4:af:c7:2e:f8:ab:ae:76:36:f5:13:
         cc:9a:4e:3f:e5:c5:7a:c9:61:d8:8b:79:9a:e0:13:dc:ae:78:
         70:96:7c:41
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULXSbBrbVJQ7W/l5hkhVFoxyy7fwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTVaFw0yNTAyMjQwODUzMTVaMDMxMTAvBgNV
BAMTKEUwODI5NThBMjI5MUEzRUUzRDJDMjMyOENGQ0Q0RDlBRjAyRkQ4RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNsq8IvcFtnwTKFPgd6AkLWD/r
tous1sCNtylDx5lB6EjipT8ObE5C8VzL3ZD44DiDKKCmkfvGtAtvkjGN+W8srqMg
XX9h5gxcVlSaYCxsW12Y1OTmQEMHu4lQCpUGyYKh+7X8NfFabZhoiIJZUfKh0Emi
XI5LUPLl9uvIYrwCUVdGPKw8D2YfsqZ/Bsgl/SmgUNZuOFZ/0jrTNUvoXnKUeNvt
/2XNl8at1EIYXMItQkj4TS4p7xcyUqaL46kjbAJTTkDwwclT3IGgm3mHnbQwCEDz
g2IePJlcYVDw/pSTwd7n+qkVqWMhg6xe9uThv3moBbBFQp1u7IAB5jkj8tDpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4IKViiKRo+49LCMoz81NmvAv2OEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
HzANBgkqhkiG9w0BAQsFAAOCAQEAl7zdKgwS4MinPbz34CTaK716KpUIgVQLRg0J
QG99AeinyLJUz6x+XA0aW2kLChDoJRX7hVHUNqjTAvdBgmeMiwAHTfAMy8niqRLu
/MysJ38MqEEeOsZ6dbjD6WqJ2+qwWj7Y1JxGyyX/6uxfs4DdsQ8HiqfQsDeZpjb8
E4qvRBiFqbTUIbuYBSp6HBPRwxS3/srPBC2ps/oFqA9fbT9ktsSAQbgxKrLTPPap
wrVflJvI1x1RebpnqIfxqxiaX12aN5ymNw0pg9Fv4XzOc1oMEXPyUfkoOBiYY0T9
EuhCZ+Svxy74q652NvUTzJpOP+XFeslh2It5muAT3K54cJZ8QQ==
-----END CERTIFICATE-----