Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/190/33312e32342e38352e302f32342d3234203d3e20323035363539.roa
File:                     33312e32342e38352e302f32342d3234203d3e20323035363539.roa (raw, json)
Hash identifier:          VMXyT3RWSUasYdwhisrKxteHuM6tNfJ75ub8wAAY4QI=
Subject key identifier:   31:C5:2F:13:E5:77:42:3B:C2:0C:57:AC:0B:29:43:D3:FE:BF:A9:64
Certificate issuer:       /CN=aedc298d252d5647dd0d0c9e3335517df6f49801
Certificate serial:       08012A7A409343CCF1DB8B05816ECD105F309181
Authority key identifier: AE:DC:29:8D:25:2D:56:47:DD:0D:0C:9E:33:35:51:7D:F6:F4:98:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtwpjSUtVkfdDQyeMzVRffb0mAE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/190/33312e32342e38352e302f32342d3234203d3e20323035363539.roa
Signing time:             Mon 26 Feb 2024 08:53:33 +0000
ROA not before:           Mon 26 Feb 2024 08:48:33 +0000
ROA not after:            Mon 24 Feb 2025 08:53:33 +0000
asID:                     205659
IP address blocks:        31.24.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/190/AEDC298D252D5647DD0D0C9E3335517DF6F49801.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/190/AEDC298D252D5647DD0D0C9E3335517DF6F49801.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtwpjSUtVkfdDQyeMzVRffb0mAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:01:2a:7a:40:93:43:cc:f1:db:8b:05:81:6e:cd:10:5f:30:91:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedc298d252d5647dd0d0c9e3335517df6f49801
        Validity
            Not Before: Feb 26 08:48:33 2024 GMT
            Not After : Feb 24 08:53:33 2025 GMT
        Subject: CN=31C52F13E577423BC20C57AC0B2943D3FEBFA964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:30:a8:00:96:98:d5:d4:e7:c6:15:44:dd:65:
                    40:34:df:91:25:77:d0:27:b3:e7:d8:a9:6d:a6:34:
                    48:7a:6b:4e:ee:e8:33:30:fc:57:2f:f5:6e:77:b2:
                    d7:87:36:92:93:67:63:eb:c9:3a:0a:22:a0:8c:c2:
                    0d:5d:ad:04:95:ac:58:32:66:f2:98:0e:a4:95:01:
                    76:08:90:c2:3e:f0:58:a3:46:bd:2e:89:1e:16:a6:
                    53:53:92:2b:3a:d5:2f:e9:1f:59:32:4b:7c:8e:b4:
                    cb:d5:c7:70:b0:e6:79:dd:dc:0a:21:b2:2d:ac:c1:
                    1a:60:9b:74:30:b9:af:6c:03:91:03:55:62:3b:6b:
                    08:d2:88:55:98:d7:48:8b:34:d0:0f:ba:f0:3e:9d:
                    ed:d8:f3:c5:ef:90:8f:f4:b4:11:51:f9:44:82:5c:
                    62:e7:f0:00:9d:1b:2e:07:9f:d0:11:5b:f8:71:b2:
                    38:cc:42:e3:bb:46:4d:cc:94:27:3a:63:5b:15:11:
                    f2:52:90:e1:b5:0f:73:08:64:b9:5b:86:a9:0d:bf:
                    fb:75:39:62:d3:6c:1f:55:8e:75:fa:ad:6f:e6:09:
                    c6:5c:83:49:82:a2:fe:83:84:e9:6d:b2:ca:60:fe:
                    ff:f5:20:35:31:6e:16:f1:50:5b:0a:b3:9f:40:87:
                    2c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C5:2F:13:E5:77:42:3B:C2:0C:57:AC:0B:29:43:D3:FE:BF:A9:64
            X509v3 Authority Key Identifier:
                keyid:AE:DC:29:8D:25:2D:56:47:DD:0D:0C:9E:33:35:51:7D:F6:F4:98:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/190/AEDC298D252D5647DD0D0C9E3335517DF6F49801.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtwpjSUtVkfdDQyeMzVRffb0mAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/190/33312e32342e38352e302f32342d3234203d3e20323035363539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:50:5f:18:d8:83:9e:e6:b0:1f:cc:ea:5e:92:7a:69:6e:7b:
         be:63:c9:0b:fb:eb:52:35:6b:9d:17:4c:6b:5d:ed:9e:41:ea:
         83:14:c5:90:08:b4:75:35:11:5b:ef:c2:fb:58:38:da:6f:50:
         6f:9b:61:c3:dc:cd:52:8c:b6:2f:a4:87:1d:bf:cd:bc:d8:b1:
         ac:2d:ce:04:32:b5:78:32:cb:dc:b6:8a:b4:ed:ba:74:ed:e1:
         a0:a8:89:d1:fd:1a:5b:a2:72:84:38:6c:12:ba:b0:21:bc:61:
         3f:f6:63:6b:a6:bb:4c:10:1f:9f:63:18:be:9e:c5:f4:2b:93:
         aa:b7:76:5e:29:91:2e:5e:ed:0f:ce:84:85:e0:90:71:84:fb:
         f4:5f:53:ea:f9:21:1b:a2:b8:12:ac:60:71:70:bb:8e:3a:75:
         f5:21:af:8c:8c:44:55:c6:23:1a:fc:eb:95:c4:0a:da:1d:ca:
         ef:99:35:a3:f3:fd:1a:3f:c6:5b:fa:c6:07:70:f7:26:5a:be:
         b4:1f:74:18:fa:44:13:49:71:ce:53:eb:7a:69:83:76:b9:27:
         f3:c9:a3:ee:3d:81:a8:4c:64:4d:ee:bf:22:c3:f7:19:6c:07:
         d9:c2:1c:0b:90:c6:f9:12:15:86:e7:d8:76:03:b3:93:43:5a:
         63:52:34:ae
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIUCAEqekCTQ8zx24sFgW7NEF8wkYEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWVkYzI5OGQyNTJkNTY0N2RkMGQwYzllMzMzNTUxN2Rm
NmY0OTgwMTAeFw0yNDAyMjYwODQ4MzNaFw0yNTAyMjQwODUzMzNaMDMxMTAvBgNV
BAMTKDMxQzUyRjEzRTU3NzQyM0JDMjBDNTdBQzBCMjk0M0QzRkVCRkE5NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkMKgAlpjV1OfGFUTdZUA035El
d9Ans+fYqW2mNEh6a07u6DMw/Fcv9W53steHNpKTZ2PryToKIqCMwg1drQSVrFgy
ZvKYDqSVAXYIkMI+8FijRr0uiR4WplNTkis61S/pH1kyS3yOtMvVx3Cw5nnd3Aoh
si2swRpgm3Qwua9sA5EDVWI7awjSiFWY10iLNNAPuvA+ne3Y88XvkI/0tBFR+USC
XGLn8ACdGy4Hn9ARW/hxsjjMQuO7Rk3MlCc6Y1sVEfJSkOG1D3MIZLlbhqkNv/t1
OWLTbB9VjnX6rW/mCcZcg0mCov6DhOltsspg/v/1IDUxbhbxUFsKs59AhyzbAgMB
AAGjggJAMIICPDAdBgNVHQ4EFgQUMcUvE+V3QjvCDFesCylD0/6/qWQwHwYDVR0j
BBgwFoAUrtwpjSUtVkfdDQyeMzVRffb0mAEwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xOTAvQUVEQzI5OEQyNTJENTY0N0REMEQwQzlFMzMzNTUxN0RGNkY0OTgw
MS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3J0d3BqU1V0VmtmZERReWVNelZS
ZmZiMG1BRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE5MC8zMzMxMmUzMjM0MmUz
ODM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM1MzYzNTM5LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAHxhVMA0GCSqGSIb3DQEBCwUAA4IBAQBRUF8Y2IOe5rAfzOpeknppbnu+Y8kL
++tSNWudF0xrXe2eQeqDFMWQCLR1NRFb78L7WDjab1Bvm2HD3M1SjLYvpIcdv828
2LGsLc4EMrV4Msvctoq07bp07eGgqInR/RpbonKEOGwSurAhvGE/9mNrprtMEB+f
Yxi+nsX0K5Oqt3ZeKZEuXu0PzoSF4JBxhPv0X1Pq+SEborgSrGBxcLuOOnX1Ia+M
jERVxiMa/OuVxAraHcrvmTWj8/0aP8Zb+sYHcPcmWr60H3QY+kQTSXHOU+t6aYN2
uSfzyaPuPYGoTGRN7r8iw/cZbAfZwhwLkMb5EhWG59h2A7OTQ1pjUjSu
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org