Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/33312e3231372e3235302e302f32342d3234203d3e2039303039.roa
File:                     33312e3231372e3235302e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          L+538BnpKcoPw9UMvgnBDsovbAC1nWxPwoO/WNMOxrE=
Subject key identifier:   9D:FF:89:2E:97:C3:9E:97:9C:16:6E:47:72:58:57:D9:D8:57:18:FB
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       26BF57DB7A59EB584C99B5065AC722777B5EB458
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/33312e3231372e3235302e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 07 Jan 2025 11:53:51 +0000
ROA not before:           Tue 07 Jan 2025 11:48:51 +0000
ROA not after:            Tue 06 Jan 2026 11:53:51 +0000
asID:                     9009
IP address blocks:        31.217.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:bf:57:db:7a:59:eb:58:4c:99:b5:06:5a:c7:22:77:7b:5e:b4:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jan  7 11:48:51 2025 GMT
            Not After : Jan  6 11:53:51 2026 GMT
        Subject: CN=9DFF892E97C39E979C166E47725857D9D85718FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:64:6d:ec:68:01:91:06:c8:f2:c1:87:18:87:
                    c3:6e:f5:0c:83:eb:c5:b3:bd:45:42:06:40:6b:3a:
                    d2:18:50:65:b3:fc:a1:a7:d2:52:65:79:0d:a9:9f:
                    11:25:75:63:fd:f0:4a:2b:e1:54:e7:f0:63:f9:ec:
                    d5:ac:06:c3:41:ce:9e:ea:79:bd:4b:14:09:de:fd:
                    a9:72:50:79:d0:1a:e4:f1:48:5e:13:95:31:a1:79:
                    2a:b6:3a:23:09:9f:eb:89:02:e1:9b:9b:00:c6:eb:
                    d7:0f:09:00:eb:c1:e2:49:d8:33:15:6c:0a:b9:46:
                    b4:72:93:30:24:9a:9b:c4:f7:f7:90:03:cf:99:e3:
                    4d:f5:34:9c:b9:54:0a:3a:de:24:94:2f:0b:d3:af:
                    27:95:35:cb:dc:d8:85:a7:41:8a:16:0c:b9:78:c1:
                    5f:a1:57:0e:48:2e:a5:df:b7:b6:90:08:51:6b:e2:
                    a5:e2:8c:bf:ca:17:b5:7c:ee:2c:13:3a:6b:93:95:
                    c3:2a:f2:d6:b3:63:f9:d8:ee:93:79:18:db:d6:1e:
                    b5:fb:cc:0c:c0:92:f5:c4:a1:79:d2:d5:b7:94:7a:
                    40:e6:1f:f5:59:9c:c1:cf:06:83:5b:41:8f:cb:9a:
                    0b:ad:a1:48:fe:78:b0:8a:f4:3c:3e:f0:9c:21:cc:
                    d1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FF:89:2E:97:C3:9E:97:9C:16:6E:47:72:58:57:D9:D8:57:18:FB
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/33312e3231372e3235302e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.217.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:70:57:a1:c9:6a:1d:83:93:44:29:cd:ca:bb:35:7e:0e:53:
         a0:5f:73:c2:d5:16:af:63:8c:82:70:b8:3d:cd:aa:27:90:20:
         7e:c0:10:44:b9:09:f4:b4:66:80:33:4a:b6:a6:6d:a5:9e:e5:
         a3:bc:ae:fc:dc:ea:12:bc:2b:4d:80:21:23:5b:00:85:64:93:
         e0:79:cf:7c:20:a8:a4:e1:1e:ad:cf:21:69:fa:2a:b5:6a:69:
         79:eb:35:ba:ef:04:22:29:f5:8f:19:74:e7:e5:ea:f7:fb:d0:
         84:8c:00:0e:16:81:20:56:b5:27:cc:21:18:46:e3:60:a0:c4:
         b4:4c:44:67:6d:5c:ae:4a:41:c9:2a:e3:7d:15:35:9a:08:97:
         57:44:4c:53:d9:02:e0:6e:ee:32:4f:73:99:3f:e4:d6:b4:bc:
         9b:f6:8c:f0:37:c5:81:d1:a5:3d:a0:ec:ef:2f:04:58:88:a3:
         2a:1d:95:51:31:75:4c:ed:46:0d:15:5a:64:5c:b0:1c:69:b3:
         e9:1a:d8:5a:14:c3:b9:df:a8:f7:c3:22:f7:36:76:9f:ed:0b:
         38:7d:70:2d:66:a2:3b:ad:90:63:14:7f:0f:63:04:84:9c:c6:
         6e:75:84:0a:52:1b:dc:2b:60:23:19:b8:39:8c:56:91:3f:dd:
         71:8d:82:67
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJr9X23pZ61hMmbUGWscid3tetFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNTAxMDcxMTQ4NTFaFw0yNjAxMDYxMTUzNTFaMDMxMTAvBgNV
BAMTKDlERkY4OTJFOTdDMzlFOTc5QzE2NkU0NzcyNTg1N0Q5RDg1NzE4RkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7ZG3saAGRBsjywYcYh8Nu9QyD
68WzvUVCBkBrOtIYUGWz/KGn0lJleQ2pnxEldWP98Eor4VTn8GP57NWsBsNBzp7q
eb1LFAne/alyUHnQGuTxSF4TlTGheSq2OiMJn+uJAuGbmwDG69cPCQDrweJJ2DMV
bAq5RrRykzAkmpvE9/eQA8+Z4031NJy5VAo63iSULwvTryeVNcvc2IWnQYoWDLl4
wV+hVw5ILqXft7aQCFFr4qXijL/KF7V87iwTOmuTlcMq8tazY/nY7pN5GNvWHrX7
zAzAkvXEoXnS1beUekDmH/VZnMHPBoNbQY/LmgutoUj+eLCK9Dw+8JwhzNHnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnf+JLpfDnpecFm5HclhX2dhXGPswHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzMzMTJlMzIzMTM3MmUzMjM1
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/Z
+jANBgkqhkiG9w0BAQsFAAOCAQEA0XBXoclqHYOTRCnNyrs1fg5ToF9zwtUWr2OM
gnC4Pc2qJ5AgfsAQRLkJ9LRmgDNKtqZtpZ7lo7yu/NzqErwrTYAhI1sAhWST4HnP
fCCopOEerc8hafoqtWppees1uu8EIin1jxl05+Xq9/vQhIwADhaBIFa1J8whGEbj
YKDEtExEZ21crkpBySrjfRU1mgiXV0RMU9kC4G7uMk9zmT/k1rS8m/aM8DfFgdGl
PaDs7y8EWIijKh2VUTF1TO1GDRVaZFywHGmz6RrYWhTDud+o98Mi9zZ2n+0LOH1w
LWaiO62QYxR/D2MEhJzGbnWEClIb3CtgIxm4OYxWkT/dcY2CZw==
-----END CERTIFICATE-----