Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e342e302f32342d3234203d3e203432373038.roa
File:                     33312e3232302e342e302f32342d3234203d3e203432373038.roa (raw, json)
Hash identifier:          QsIHQQ1gH8jzSnE3GCeJEUkLstwSxArguiD4a6lYg5Y=
Subject key identifier:   95:17:1C:6B:55:8B:D4:C0:46:EB:9A:CE:CE:C7:64:60:27:2E:66:D1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       57597DDD843004E44296BD9B9E4D25B48D5174C5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e342e302f32342d3234203d3e203432373038.roa
Signing time:             Mon 26 Feb 2024 08:53:12 +0000
ROA not before:           Mon 26 Feb 2024 08:48:12 +0000
ROA not after:            Mon 24 Feb 2025 08:53:12 +0000
asID:                     42708
IP address blocks:        31.220.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:59:7d:dd:84:30:04:e4:42:96:bd:9b:9e:4d:25:b4:8d:51:74:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:12 2024 GMT
            Not After : Feb 24 08:53:12 2025 GMT
        Subject: CN=95171C6B558BD4C046EB9ACECEC76460272E66D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:69:08:a8:ac:9b:29:0a:9d:5e:e1:7a:25:7f:
                    b6:7f:f0:c6:df:86:5d:ad:5f:11:12:0a:af:e8:ab:
                    3c:41:b4:3f:1a:09:93:5e:3d:28:7d:9f:cc:a0:fa:
                    97:08:32:e3:a6:0f:f9:bb:fb:1d:d7:42:d6:04:50:
                    27:66:72:86:7e:b6:8e:d6:4d:05:90:5d:77:cf:9f:
                    9d:bc:f6:c1:aa:96:65:75:53:b6:9c:12:26:4a:79:
                    9b:be:f7:e2:87:fa:1d:f1:d8:f3:bb:d0:22:7b:e4:
                    3c:bd:8c:b6:83:7a:e7:31:23:e4:23:d4:15:f4:c5:
                    97:9c:4b:39:2e:f8:8e:7d:f3:7c:79:ed:cd:98:09:
                    ae:25:84:2a:9d:79:8e:25:6e:7d:01:58:c0:de:30:
                    1d:dc:4a:0a:3d:f7:89:53:e6:f0:13:dc:54:6e:a9:
                    e8:5f:8d:54:2c:fe:b2:39:b2:04:c8:91:e1:0a:fc:
                    15:0b:69:fd:f4:e1:ea:d1:4d:33:8d:12:19:3a:67:
                    45:b7:e8:5f:ef:e1:b7:6a:a3:8a:2f:01:43:4f:1f:
                    77:88:9c:ca:9c:79:85:46:7f:11:28:78:23:13:ba:
                    5d:07:ec:44:78:70:e7:09:fe:53:9a:84:a8:1c:0d:
                    c9:2f:b0:0b:d7:4e:41:61:2d:b6:92:76:98:38:61:
                    54:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:17:1C:6B:55:8B:D4:C0:46:EB:9A:CE:CE:C7:64:60:27:2E:66:D1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e342e302f32342d3234203d3e203432373038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:dc:88:6b:30:8d:32:d0:d1:6f:c7:7b:7f:2c:ae:a1:82:c3:
         95:4a:52:a0:e6:06:19:b1:2f:0b:d0:c4:38:77:39:d7:b3:b5:
         e6:0d:ca:47:10:d7:08:4a:08:89:32:81:8e:16:b2:2f:7f:72:
         dd:94:1a:24:56:34:76:ae:93:aa:2c:88:d4:96:0c:ff:d8:40:
         c2:ba:ab:40:43:41:b9:34:98:62:44:05:64:ee:97:b0:9a:ce:
         51:8a:46:b4:3f:35:c0:bc:38:dc:e8:4e:ef:43:2f:47:37:41:
         b3:ca:10:2f:53:c0:03:5f:87:fa:05:98:9f:35:7c:30:68:b9:
         e8:61:c0:ea:c8:e3:7e:b6:b9:fc:56:c8:2e:57:7e:9c:32:5c:
         24:db:b0:6a:df:d9:b4:07:66:40:54:49:c2:dc:40:bc:af:f5:
         d2:2d:ea:cf:ce:79:57:78:f2:12:2d:11:28:a0:18:ce:bb:12:
         45:f0:85:8a:7c:b8:ab:8b:7b:e2:d7:2a:da:86:17:31:90:2e:
         66:b3:46:c7:ab:74:f7:52:8a:b4:01:a1:af:de:5b:df:91:96:
         c8:0e:91:47:d4:17:71:ad:74:18:bd:25:0f:b1:5c:06:19:06:
         1c:38:67:0c:16:4c:18:9d:04:ac:55:dd:41:1e:30:c9:f4:d5:
         cf:84:62:2f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUV1l93YQwBORClr2bnk0ltI1RdMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTJaFw0yNTAyMjQwODUzMTJaMDMxMTAvBgNV
BAMTKDk1MTcxQzZCNTU4QkQ0QzA0NkVCOUFDRUNFQzc2NDYwMjcyRTY2RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgaQiorJspCp1e4Xolf7Z/8Mbf
hl2tXxESCq/oqzxBtD8aCZNePSh9n8yg+pcIMuOmD/m7+x3XQtYEUCdmcoZ+to7W
TQWQXXfPn5289sGqlmV1U7acEiZKeZu+9+KH+h3x2PO70CJ75Dy9jLaDeucxI+Qj
1BX0xZecSzku+I5983x57c2YCa4lhCqdeY4lbn0BWMDeMB3cSgo994lT5vAT3FRu
qehfjVQs/rI5sgTIkeEK/BULaf304erRTTONEhk6Z0W36F/v4bdqo4ovAUNPH3eI
nMqceYVGfxEoeCMTul0H7ER4cOcJ/lOahKgcDckvsAvXTkFhLbaSdpg4YVRXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUlRcca1WL1MBG65rOzsdkYCcuZtEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzIzNzMwMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAf3AQw
DQYJKoZIhvcNAQELBQADggEBAFnciGswjTLQ0W/He38srqGCw5VKUqDmBhmxLwvQ
xDh3OdezteYNykcQ1whKCIkygY4Wsi9/ct2UGiRWNHauk6osiNSWDP/YQMK6q0BD
Qbk0mGJEBWTul7CazlGKRrQ/NcC8ONzoTu9DL0c3QbPKEC9TwANfh/oFmJ81fDBo
uehhwOrI4362ufxWyC5XfpwyXCTbsGrf2bQHZkBUScLcQLyv9dIt6s/OeVd48hIt
ESigGM67EkXwhYp8uKuLe+LXKtqGFzGQLmazRserdPdSirQBoa/eW9+RlsgOkUfU
F3GtdBi9JQ+xXAYZBhw4ZwwWTBidBKxV3UEeMMn01c+EYi8=
-----END CERTIFICATE-----