Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/33312e32322e3130392e302f32342d3234203d3e203432383331.roa
File:                     33312e32322e3130392e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          iK+yx/VtDctRGDFOE/NGNWTyR4u7o2tFGRI6U0bUYZU=
Subject key identifier:   72:EB:94:5A:DE:80:38:F2:CE:1C:5C:55:13:1F:9A:49:83:9F:54:C3
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       649D6B11E3C782A825EDC78DBCADF468A8B22F37
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/33312e32322e3130392e302f32342d3234203d3e203432383331.roa
Signing time:             Mon 16 Dec 2024 14:57:37 +0000
ROA not before:           Mon 16 Dec 2024 14:52:37 +0000
ROA not after:            Mon 15 Dec 2025 14:57:37 +0000
asID:                     42831
IP address blocks:        31.22.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:9d:6b:11:e3:c7:82:a8:25:ed:c7:8d:bc:ad:f4:68:a8:b2:2f:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Dec 16 14:52:37 2024 GMT
            Not After : Dec 15 14:57:37 2025 GMT
        Subject: CN=72EB945ADE8038F2CE1C5C55131F9A49839F54C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2a:9d:7e:3b:60:ed:eb:f8:bd:27:35:d2:7b:
                    8b:d9:d2:8a:19:c1:97:46:33:fb:27:26:4b:55:d2:
                    b6:bd:36:77:8b:34:f1:8e:53:ad:1e:8b:6d:6f:da:
                    78:4a:71:72:02:5c:33:15:f5:bd:62:ab:54:5f:1a:
                    b7:ee:a5:be:42:d5:0b:28:5d:83:48:cc:e2:41:96:
                    3e:1d:73:97:45:79:7d:ee:83:db:48:7f:28:d4:4f:
                    b2:69:2e:1f:3f:c5:6a:80:ff:df:e1:70:18:cd:5d:
                    77:1d:c2:94:f2:7e:aa:f0:af:5e:ac:de:41:79:87:
                    75:df:83:af:e7:5a:d2:d4:c0:37:30:17:8f:4d:d5:
                    2f:89:76:24:fb:d8:66:b0:05:a8:9c:cd:db:00:a6:
                    cd:ca:dc:eb:35:f7:49:c2:49:62:37:6c:33:b3:d4:
                    b8:a8:64:92:5d:fe:84:60:ca:b3:e6:e2:ba:ed:88:
                    dc:86:b1:d0:52:7d:95:f5:6d:1e:27:c6:89:87:33:
                    dc:e4:9c:db:20:a2:48:78:1e:36:f3:02:d6:d2:5e:
                    18:a4:f6:3c:17:3a:a4:71:d8:d2:04:14:5d:4b:c7:
                    70:f6:41:8f:b5:c6:f6:01:a0:b5:a5:57:68:5a:b2:
                    86:20:ca:42:6c:3c:34:bb:f4:cf:80:94:35:da:57:
                    ed:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:EB:94:5A:DE:80:38:F2:CE:1C:5C:55:13:1F:9A:49:83:9F:54:C3
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/33312e32322e3130392e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:46:ca:dd:a8:a5:ac:89:13:a4:f3:35:c2:f1:8b:84:8c:70:
         7c:27:5e:28:23:65:09:e9:39:b3:9d:5e:b7:ec:7a:dd:b3:b9:
         63:a1:be:74:bd:c5:f8:05:9e:b0:a9:d2:03:90:7f:ea:fd:83:
         ce:34:d7:8d:58:ef:9f:ed:2d:66:90:50:33:0c:f2:3d:3d:ec:
         b6:08:df:61:38:86:49:f6:b9:85:e6:a0:19:f8:96:c6:1a:92:
         1c:88:1b:fc:55:e7:d4:f2:85:92:f7:46:c6:94:1c:19:ac:24:
         31:01:b9:96:f3:f9:c8:99:6f:4a:f2:45:f2:62:3f:cd:34:a2:
         d9:34:5b:cb:3d:1a:87:ce:cf:f9:5b:7f:e4:18:ef:6e:e7:7e:
         79:58:86:ad:da:fd:96:93:83:8b:e4:5c:21:47:65:4f:9c:5c:
         3e:69:65:d0:0e:91:04:01:86:c3:42:e6:83:c3:17:06:f7:f0:
         00:64:5d:21:b4:98:a4:32:ea:76:3d:aa:44:0c:05:53:c7:27:
         9c:0c:a0:6c:ad:8b:e1:3e:5b:67:a2:00:a2:57:c4:15:ef:b6:
         40:d3:73:82:36:2b:c7:92:7b:90:b3:bc:32:47:6b:27:c6:76:
         18:59:17:15:33:63:3b:84:35:8c:71:86:3a:00:26:55:d1:3d:
         45:0d:5c:aa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZJ1rEePHgqgl7ceNvK30aKiyLzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNDEyMTYxNDUyMzdaFw0yNTEyMTUxNDU3MzdaMDMxMTAvBgNV
BAMTKDcyRUI5NDVBREU4MDM4RjJDRTFDNUM1NTEzMUY5QTQ5ODM5RjU0QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHKp1+O2Dt6/i9JzXSe4vZ0ooZ
wZdGM/snJktV0ra9NneLNPGOU60ei21v2nhKcXICXDMV9b1iq1RfGrfupb5C1Qso
XYNIzOJBlj4dc5dFeX3ug9tIfyjUT7JpLh8/xWqA/9/hcBjNXXcdwpTyfqrwr16s
3kF5h3Xfg6/nWtLUwDcwF49N1S+JdiT72GawBaiczdsAps3K3Os190nCSWI3bDOz
1LioZJJd/oRgyrPm4rrtiNyGsdBSfZX1bR4nxomHM9zknNsgokh4HjbzAtbSXhik
9jwXOqRx2NIEFF1Lx3D2QY+1xvYBoLWlV2hasoYgykJsPDS79M+AlDXaV+3dAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcuuUWt6AOPLOHFxVEx+aSYOfVMMwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzMzMTJlMzIzMjJlMzEzMDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8W
bTANBgkqhkiG9w0BAQsFAAOCAQEAfEbK3ailrIkTpPM1wvGLhIxwfCdeKCNlCek5
s51et+x63bO5Y6G+dL3F+AWesKnSA5B/6v2DzjTXjVjvn+0tZpBQMwzyPT3stgjf
YTiGSfa5heagGfiWxhqSHIgb/FXn1PKFkvdGxpQcGawkMQG5lvP5yJlvSvJF8mI/
zTSi2TRbyz0ah87P+Vt/5Bjvbud+eViGrdr9lpODi+RcIUdlT5xcPmll0A6RBAGG
w0Lmg8MXBvfwAGRdIbSYpDLqdj2qRAwFU8cnnAygbK2L4T5bZ6IAolfEFe+2QNNz
gjYrx5J7kLO8MkdrJ8Z2GFkXFTNjO4Q1jHGGOgAmVdE9RQ1cqg==
-----END CERTIFICATE-----