Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e372e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          5H5P5hqNAGMvZ4w0VqE0HXMewaKu227+xXSGgAfv0wQ=
Subject key identifier:   A0:EF:BA:22:F9:CD:1D:E2:34:DF:EB:61:F2:8B:13:59:C2:22:CA:D7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       108C1CCDA38CDF658E59DD458590F4BF56025CA7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa
Signing time:             Sun 20 Aug 2023 07:14:36 +0000
ROA not before:           Sun 20 Aug 2023 07:09:36 +0000
ROA not after:            Sun 18 Aug 2024 07:14:36 +0000
asID:                     63473
IP address blocks:        31.220.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:8c:1c:cd:a3:8c:df:65:8e:59:dd:45:85:90:f4:bf:56:02:5c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 20 07:09:36 2023 GMT
            Not After : Aug 18 07:14:36 2024 GMT
        Subject: CN=A0EFBA22F9CD1DE234DFEB61F28B1359C222CAD7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:6f:64:48:eb:50:4e:4b:02:08:4a:61:04:b2:
                    b5:01:bf:9a:e3:09:d5:56:18:4a:5e:87:16:c9:1b:
                    b7:77:b1:5d:18:e5:d5:1e:ff:5a:93:61:34:43:1c:
                    82:ad:35:94:f4:95:b6:2c:ea:54:4f:5e:2f:57:1e:
                    48:48:6a:8d:d5:de:8f:b0:1f:c6:40:0d:66:4d:f8:
                    ac:8c:c5:95:ef:1b:0e:dd:ad:84:05:15:f4:93:e6:
                    63:07:fd:d5:e7:cb:ec:af:43:de:82:63:a5:77:26:
                    bc:3b:1b:ab:d1:84:0e:52:65:d2:4a:35:e7:86:84:
                    8a:ac:f2:ab:0c:4d:7b:9e:85:5f:f3:b2:35:6b:62:
                    54:26:41:3a:e4:56:1b:c9:ea:aa:88:7b:21:cd:a2:
                    39:a1:44:f5:fd:c4:c4:5b:d7:a3:96:76:09:61:3b:
                    60:48:4c:8d:ea:60:e8:2a:c7:ab:d0:a2:49:2e:db:
                    2e:3d:22:a7:4c:0f:25:02:c4:83:f1:3c:59:44:02:
                    04:fc:ef:31:94:c6:be:6d:8e:25:d7:03:c7:c7:88:
                    19:41:4f:4f:d7:d2:a6:08:a0:2c:8e:7d:ca:a8:ad:
                    50:40:44:09:8c:67:64:5d:5b:ad:c2:2b:7b:1e:bb:
                    0f:0f:6d:61:7c:df:a8:dd:d6:6c:c6:86:d4:c2:18:
                    53:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:EF:BA:22:F9:CD:1D:E2:34:DF:EB:61:F2:8B:13:59:C2:22:CA:D7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:bd:c4:88:b5:d4:26:50:e2:db:00:e3:32:b7:56:ba:bd:bc:
         f2:b8:32:21:39:17:55:72:f9:d9:44:50:d0:e4:cf:63:eb:3e:
         a8:06:60:e0:0b:bd:c4:23:c2:34:ac:fc:a4:0d:95:62:26:b3:
         14:fa:b5:72:0e:4c:d7:2e:b4:eb:6c:a7:c1:eb:f9:28:25:dc:
         ac:c1:98:40:c2:66:ff:ea:50:78:42:60:89:6a:4f:65:bb:16:
         a1:d9:4c:10:29:bf:61:8f:29:96:f8:f7:5f:70:e1:f2:c5:63:
         c3:78:cd:06:8b:21:e5:46:1c:fe:c5:89:fa:0a:88:00:7d:0b:
         94:8d:c6:28:7b:5b:aa:47:65:1d:06:8e:5b:0e:50:8b:e9:0f:
         36:ad:f5:44:16:77:2a:f4:58:38:8c:48:ab:7c:c4:3c:ce:21:
         4c:7e:c3:06:a1:45:d0:58:f8:67:8d:49:b6:f2:d0:e4:0b:b1:
         c5:88:34:71:cf:90:e9:c2:7d:1e:6c:2e:23:ba:fb:7a:51:af:
         e0:cd:de:7e:d9:e9:5d:ec:c2:07:59:06:86:8f:bb:2b:ac:35:
         f5:b0:75:54:48:5f:fd:16:0e:7b:d7:b9:82:19:4b:46:74:dd:
         9b:d8:fe:21:84:ec:a6:eb:c3:61:92:0a:e4:38:ce:ff:44:de:
         5c:b7:fb:fb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUEIwczaOM32WOWd1FhZD0v1YCXKcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MjAwNzA5MzZaFw0yNDA4MTgwNzE0MzZaMDMxMTAvBgNV
BAMTKEEwRUZCQTIyRjlDRDFERTIzNERGRUI2MUYyOEIxMzU5QzIyMkNBRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmb2RI61BOSwIISmEEsrUBv5rj
CdVWGEpehxbJG7d3sV0Y5dUe/1qTYTRDHIKtNZT0lbYs6lRPXi9XHkhIao3V3o+w
H8ZADWZN+KyMxZXvGw7drYQFFfST5mMH/dXny+yvQ96CY6V3Jrw7G6vRhA5SZdJK
NeeGhIqs8qsMTXuehV/zsjVrYlQmQTrkVhvJ6qqIeyHNojmhRPX9xMRb16OWdglh
O2BITI3qYOgqx6vQokku2y49IqdMDyUCxIPxPFlEAgT87zGUxr5tjiXXA8fHiBlB
T0/X0qYIoCyOfcqorVBARAmMZ2RdW63CK3seuw8PbWF836jd1mzGhtTCGFNvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUoO+6IvnNHeI03+th8osTWcIiytcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAf3Acw
DQYJKoZIhvcNAQELBQADggEBAFC9xIi11CZQ4tsA4zK3Vrq9vPK4MiE5F1Vy+dlE
UNDkz2PrPqgGYOALvcQjwjSs/KQNlWImsxT6tXIOTNcutOtsp8Hr+Sgl3KzBmEDC
Zv/qUHhCYIlqT2W7FqHZTBApv2GPKZb4919w4fLFY8N4zQaLIeVGHP7FifoKiAB9
C5SNxih7W6pHZR0GjlsOUIvpDzat9UQWdyr0WDiMSKt8xDzOIUx+wwahRdBY+GeN
Sbby0OQLscWINHHPkOnCfR5sLiO6+3pRr+DN3n7Z6V3swgdZBoaPuyusNfWwdVRI
X/0WDnvXuYIZS0Z03ZvY/iGE7Kbrw2GSCuQ4zv9E3ly3+/s=
-----END CERTIFICATE-----