Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/33312e32322e3131302e302f32342d3234203d3e2039333034.roa
File:                     33312e32322e3131302e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          4/DyfQef3JM+QDXadF+flhTmwriSDAeEuVFVt/FGtTg=
Subject key identifier:   31:79:B9:07:25:EE:30:24:51:0B:DE:8C:E8:D9:80:44:EB:67:22:44
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       1C7CF5F00A94F2E2E2A341ACDD22A13491F2B02D
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/33312e32322e3131302e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 02 Jun 2025 16:10:30 +0000
ROA not before:           Mon 02 Jun 2025 16:05:30 +0000
ROA not after:            Mon 01 Jun 2026 16:10:30 +0000
asID:                     9304
IP address blocks:        31.22.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:7c:f5:f0:0a:94:f2:e2:e2:a3:41:ac:dd:22:a1:34:91:f2:b0:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Jun  2 16:05:30 2025 GMT
            Not After : Jun  1 16:10:30 2026 GMT
        Subject: CN=3179B90725EE3024510BDE8CE8D98044EB672244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:61:16:a7:3c:61:37:d5:f3:c6:a4:54:e4:0c:
                    91:d7:02:14:dc:e5:d2:82:cf:8f:51:6f:18:ed:d3:
                    d1:d8:9c:ed:0d:90:04:bf:3d:23:7b:10:b0:71:c8:
                    3d:6d:a3:a4:c0:40:f2:2a:f8:02:80:f5:94:1f:6d:
                    a3:17:8d:b9:a8:26:40:db:cd:30:1a:58:1c:a8:98:
                    f7:2b:f5:76:5e:3f:d9:35:fe:72:b2:a2:af:7e:8c:
                    23:bf:3b:80:c2:05:2d:f9:9e:00:12:68:e5:06:81:
                    d1:7e:53:3d:bd:f5:d2:42:1b:6e:a9:09:51:99:a1:
                    1e:6c:62:fe:93:b6:21:09:b1:55:6e:a3:ae:f0:dc:
                    04:46:48:28:b7:f3:8b:c4:50:67:52:8d:9f:2f:47:
                    03:bc:f8:9b:7b:8a:d4:93:b7:dd:aa:a8:f0:7d:1c:
                    d0:fa:ee:fa:b6:3a:1d:12:81:20:54:16:40:13:b9:
                    4c:d9:24:f3:24:b0:15:e7:91:0c:56:aa:54:b5:e9:
                    09:1a:3c:16:41:a5:9e:c1:0b:c4:b7:86:2b:d1:c9:
                    d4:ef:60:6f:69:6a:ef:ab:c6:1c:30:92:41:86:bd:
                    64:72:33:38:f7:d8:6f:bd:e7:c7:10:8a:31:2a:74:
                    4d:ed:e3:a6:ba:b7:2c:e3:b3:05:3d:23:70:3e:6c:
                    86:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:79:B9:07:25:EE:30:24:51:0B:DE:8C:E8:D9:80:44:EB:67:22:44
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/33312e32322e3131302e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:52:fc:7f:9f:85:b5:5d:0c:79:de:c8:59:65:dc:78:11:40:
         84:d0:66:5c:90:ac:db:94:2b:fb:cb:b0:48:26:9a:4a:b9:07:
         36:91:eb:a9:8a:bf:bc:c1:e0:28:74:e1:11:0b:4c:ba:6a:10:
         80:02:4a:0d:26:f0:72:94:06:3f:f8:44:43:c8:dd:cc:15:d5:
         9c:2a:a1:24:e6:e4:1a:e0:81:67:b8:d1:6c:f4:b5:83:98:53:
         bd:59:a2:e8:42:2d:a2:70:82:b5:45:d2:0a:1b:af:fd:b5:8b:
         f1:82:8e:5a:a4:8f:20:f3:5d:dc:52:19:83:92:ab:10:bb:10:
         d1:f3:d6:f5:73:1b:b1:94:07:6a:86:67:4e:03:41:8e:a7:09:
         5c:8b:62:f3:02:77:ff:b1:e4:63:5d:ca:82:09:1f:52:ce:98:
         32:ff:39:80:d7:03:17:de:8c:8b:1e:4c:6e:20:06:b2:d9:d3:
         04:d2:13:74:9b:9c:46:78:1a:e9:b6:3a:9d:eb:71:21:25:7f:
         c5:8d:33:1b:a8:5c:55:dd:7c:8b:2e:ee:91:49:03:f6:4d:a8:
         6b:29:c0:f5:d4:42:86:77:97:e1:c1:20:46:50:62:4d:3f:2c:
         2f:61:a4:82:44:16:3d:cf:49:f0:31:1b:d4:52:cc:d5:2a:15:
         27:00:53:60
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHHz18AqU8uLio0Gs3SKhNJHysC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTA2MDIxNjA1MzBaFw0yNjA2MDExNjEwMzBaMDMxMTAvBgNV
BAMTKDMxNzlCOTA3MjVFRTMwMjQ1MTBCREU4Q0U4RDk4MDQ0RUI2NzIyNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIYRanPGE31fPGpFTkDJHXAhTc
5dKCz49Rbxjt09HYnO0NkAS/PSN7ELBxyD1to6TAQPIq+AKA9ZQfbaMXjbmoJkDb
zTAaWByomPcr9XZeP9k1/nKyoq9+jCO/O4DCBS35ngASaOUGgdF+Uz299dJCG26p
CVGZoR5sYv6TtiEJsVVuo67w3ARGSCi384vEUGdSjZ8vRwO8+Jt7itSTt92qqPB9
HND67vq2Oh0SgSBUFkATuUzZJPMksBXnkQxWqlS16QkaPBZBpZ7BC8S3hivRydTv
YG9pau+rxhwwkkGGvWRyMzj32G+958cQijEqdE3t46a6tyzjswU9I3A+bIa3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMXm5ByXuMCRRC96M6NmAROtnIkQwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzMzMTJlMzIzMjJlMzEzMTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfFm4w
DQYJKoZIhvcNAQELBQADggEBADZS/H+fhbVdDHneyFll3HgRQITQZlyQrNuUK/vL
sEgmmkq5BzaR66mKv7zB4Ch04RELTLpqEIACSg0m8HKUBj/4REPI3cwV1ZwqoSTm
5BrggWe40Wz0tYOYU71ZouhCLaJwgrVF0gobr/21i/GCjlqkjyDzXdxSGYOSqxC7
ENHz1vVzG7GUB2qGZ04DQY6nCVyLYvMCd/+x5GNdyoIJH1LOmDL/OYDXAxfejIse
TG4gBrLZ0wTSE3SbnEZ4Gum2Op3rcSElf8WNMxuoXFXdfIsu7pFJA/ZNqGspwPXU
QoZ3l+HBIEZQYk0/LC9hpIJEFj3PSfAxG9RSzNUqFScAU2A=
-----END CERTIFICATE-----