Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203530363733.roa
File:                     33312e3232302e34342e302f32332d3233203d3e203530363733.roa (raw, json)
Hash identifier:          s+KhSno/HmtT3ezPzR3gu9k+5s8vKewIMaoRcMcv2YY=
Subject key identifier:   CF:D0:2E:A1:35:5A:08:0E:5B:28:5B:E6:C8:29:AE:37:F8:C1:F4:5C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       055379B7CE2641285E85231F39656839E3667819
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203530363733.roa
Signing time:             Mon 26 Feb 2024 08:53:26 +0000
ROA not before:           Mon 26 Feb 2024 08:48:26 +0000
ROA not after:            Mon 24 Feb 2025 08:53:26 +0000
asID:                     50673
IP address blocks:        31.220.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:53:79:b7:ce:26:41:28:5e:85:23:1f:39:65:68:39:e3:66:78:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:26 2024 GMT
            Not After : Feb 24 08:53:26 2025 GMT
        Subject: CN=CFD02EA1355A080E5B285BE6C829AE37F8C1F45C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:65:a1:39:94:47:cd:7a:d8:ff:7d:27:76:b7:
                    dd:b1:16:8d:dc:20:5d:92:06:91:99:7a:23:ea:cb:
                    41:9a:be:26:9c:53:92:91:b0:13:30:e8:fe:5d:9d:
                    6b:a3:83:e7:95:85:8a:df:6a:88:f7:77:c8:f8:36:
                    d8:c5:34:30:d0:6f:86:85:16:79:0e:0b:53:8f:c9:
                    c9:17:bf:0d:1f:5b:95:53:f1:22:1d:56:19:db:ed:
                    54:f8:3b:3b:20:25:87:af:c3:c9:9e:9d:70:cf:2a:
                    e9:e6:cf:2f:13:5e:d9:f4:21:e3:a8:3e:4f:b4:c9:
                    0f:f0:f8:91:b5:5d:82:c2:35:3e:6d:90:48:1d:d9:
                    79:03:6a:4b:38:cc:0a:35:66:69:74:55:2c:99:16:
                    ac:af:c4:9d:a5:33:36:96:35:40:bf:a0:ea:00:88:
                    5b:d4:c4:99:2e:b0:7e:bc:be:f9:6a:34:31:e2:73:
                    4e:6e:55:69:93:9c:8c:9c:7d:d5:ce:20:e3:26:83:
                    52:dd:40:e3:15:f7:54:8b:d3:14:9f:e0:37:a6:00:
                    fa:fa:44:eb:b0:5c:a1:cd:24:da:51:42:9e:dd:ab:
                    fe:0b:67:a7:06:a2:c8:48:64:37:26:5e:8b:fe:7b:
                    f5:47:42:86:14:85:c6:a0:ce:59:92:57:1d:0f:9c:
                    6c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D0:2E:A1:35:5A:08:0E:5B:28:5B:E6:C8:29:AE:37:F8:C1:F4:5C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:62:c4:e4:b5:ad:21:2b:29:4a:75:0f:a0:01:31:df:b9:ed:
         8f:18:8f:14:4d:a9:be:d4:77:14:3a:e5:97:82:2a:2c:90:7e:
         4e:58:09:a8:3b:a1:e4:0c:e6:6a:9b:a0:38:1f:23:2d:99:93:
         45:2d:65:67:af:25:ea:c5:6c:48:86:bc:9d:95:ea:a1:2b:cf:
         8f:f1:ca:3b:c1:51:17:a5:80:51:61:3d:23:eb:da:f4:d5:05:
         ab:66:d5:b8:42:19:68:52:b2:34:f7:38:b5:5f:6b:b3:78:53:
         6c:4e:17:19:95:e6:72:e0:06:ef:ac:a7:05:51:65:a9:ea:4d:
         56:bb:d2:0c:9e:22:00:dc:a3:97:40:fc:5d:b2:18:c2:25:cd:
         51:70:79:f9:44:51:b9:f8:17:15:81:24:55:d2:6a:71:3a:56:
         50:00:4f:b7:59:0b:02:ef:e8:f0:fb:e8:4b:c3:c6:bd:8f:8a:
         31:f6:38:48:20:5d:20:68:b6:f9:5f:bc:2e:7c:7f:ec:04:a8:
         53:2e:27:fc:3b:2a:3d:90:ce:bf:72:f2:03:66:fa:3d:98:08:
         9c:5e:15:42:69:42:e7:d4:6c:ef:e8:ba:2d:3a:3c:69:db:df:
         cc:3b:16:ad:cc:94:81:f9:c2:66:86:48:e9:e5:aa:ba:85:52:
         4f:e7:eb:48
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBVN5t84mQShehSMfOWVoOeNmeBkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjZaFw0yNTAyMjQwODUzMjZaMDMxMTAvBgNV
BAMTKENGRDAyRUExMzU1QTA4MEU1QjI4NUJFNkM4MjlBRTM3RjhDMUY0NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnZaE5lEfNetj/fSd2t92xFo3c
IF2SBpGZeiPqy0GaviacU5KRsBMw6P5dnWujg+eVhYrfaoj3d8j4NtjFNDDQb4aF
FnkOC1OPyckXvw0fW5VT8SIdVhnb7VT4OzsgJYevw8menXDPKunmzy8TXtn0IeOo
Pk+0yQ/w+JG1XYLCNT5tkEgd2XkDaks4zAo1Zml0VSyZFqyvxJ2lMzaWNUC/oOoA
iFvUxJkusH68vvlqNDHic05uVWmTnIycfdXOIOMmg1LdQOMV91SL0xSf4DemAPr6
ROuwXKHNJNpRQp7dq/4LZ6cGoshIZDcmXov+e/VHQoYUhcagzlmSVx0PnGzTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUz9AuoTVaCA5bKFvmyCmuN/jB9FwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDM0
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAR/c
LDANBgkqhkiG9w0BAQsFAAOCAQEAZmLE5LWtISspSnUPoAEx37ntjxiPFE2pvtR3
FDrll4IqLJB+TlgJqDuh5AzmapugOB8jLZmTRS1lZ68l6sVsSIa8nZXqoSvPj/HK
O8FRF6WAUWE9I+va9NUFq2bVuEIZaFKyNPc4tV9rs3hTbE4XGZXmcuAG76ynBVFl
qepNVrvSDJ4iANyjl0D8XbIYwiXNUXB5+URRufgXFYEkVdJqcTpWUABPt1kLAu/o
8PvoS8PGvY+KMfY4SCBdIGi2+V+8Lnx/7ASoUy4n/DsqPZDOv3LyA2b6PZgInF4V
QmlC59Rs7+i6LTo8advfzDsWrcyUgfnCZoZI6eWquoVST+frSA==
-----END CERTIFICATE-----