Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e20323031383832.roa
File:                     33312e34302e3231322e302f32342d3234203d3e20323031383832.roa (raw, json)
Hash identifier:          1+Ea59IQkQv/dIhMYkEy2pwiDZTd0ChjIesMpWQDPzU=
Subject key identifier:   C5:C0:9D:28:E4:03:CA:74:82:5D:94:E7:17:41:F7:F4:BE:70:38:89
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       58A36949D4E97F65A1942B00E2F1F86303F8B23B
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e20323031383832.roa
Signing time:             Mon 26 Feb 2024 08:52:53 +0000
ROA not before:           Mon 26 Feb 2024 08:47:53 +0000
ROA not after:            Mon 24 Feb 2025 08:52:53 +0000
asID:                     201882
IP address blocks:        31.40.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:a3:69:49:d4:e9:7f:65:a1:94:2b:00:e2:f1:f8:63:03:f8:b2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:53 2024 GMT
            Not After : Feb 24 08:52:53 2025 GMT
        Subject: CN=C5C09D28E403CA74825D94E71741F7F4BE703889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:b4:59:27:d9:11:05:18:19:0e:b9:84:fb:fe:
                    14:07:69:03:a4:c0:85:e4:97:61:3f:3e:89:4b:7c:
                    0f:a5:06:ab:96:58:be:a5:22:bd:a2:26:05:01:37:
                    23:13:7b:52:78:35:cc:9b:e4:05:f8:cc:30:4b:f3:
                    67:51:16:32:7f:5d:80:e7:b5:15:6e:9f:a8:67:95:
                    95:96:a1:9b:ac:02:53:0b:20:30:ee:57:13:16:2f:
                    a0:c2:f2:5e:6c:36:7c:ce:85:fa:88:c2:70:f3:0f:
                    35:42:5a:e9:be:b4:95:f1:df:bc:a3:25:82:7b:07:
                    34:8e:3b:b8:eb:4f:dd:a8:d0:80:78:86:d1:d0:68:
                    77:05:ba:59:9b:cc:fe:eb:98:f2:61:f0:5f:a8:fe:
                    dd:cc:96:b0:32:06:dc:1c:47:91:69:d1:60:e7:b2:
                    aa:50:18:72:a9:3b:1b:82:8a:dd:b7:83:8a:df:8d:
                    72:8c:37:28:78:ec:ad:20:ab:9f:00:f5:07:8b:49:
                    b8:6c:96:1b:3e:2d:e2:b6:bc:5e:0a:3b:98:82:77:
                    76:da:72:3f:bf:0a:c5:d0:f9:39:0d:ab:7a:bb:96:
                    be:25:9f:04:43:ff:05:12:8d:c3:02:38:7e:e7:22:
                    0d:47:4a:0b:be:41:d2:1f:8d:1d:60:80:26:ec:bf:
                    f9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C0:9D:28:E4:03:CA:74:82:5D:94:E7:17:41:F7:F4:BE:70:38:89
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e20323031383832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:40:90:dd:4f:20:64:6b:ef:41:a9:9c:8e:9c:24:5e:9e:b3:
         d2:76:84:7d:fc:6e:7c:b8:74:22:4b:73:2e:ea:d5:bb:5e:45:
         53:0f:ac:70:88:42:48:28:72:6f:94:36:f6:d5:26:29:1d:b4:
         cb:c3:35:20:83:f4:96:20:e1:67:5f:84:7d:cb:f2:df:47:ee:
         88:4e:c8:7d:b9:15:9c:db:dd:4b:9f:69:6e:46:55:2d:1c:dd:
         c3:1f:be:71:f6:cc:27:7c:24:6f:3a:6e:4a:63:11:fd:15:9f:
         dd:25:2f:bc:bc:8d:df:9b:26:95:e4:3e:fb:2a:99:e5:a9:42:
         64:75:87:4a:b2:ca:35:f5:d7:33:9e:77:cf:4d:52:e4:df:9e:
         72:94:c1:61:f3:95:22:44:86:74:1f:59:f1:29:40:9a:36:4b:
         0f:c4:98:39:ab:cb:8f:e7:7a:b6:40:ec:8c:61:37:12:3c:e8:
         4a:eb:1f:a0:60:71:e8:3b:06:8f:9b:76:a5:fb:e5:16:99:ae:
         a5:c2:d1:52:9f:33:74:7b:aa:d4:b9:e5:08:37:2d:99:49:cc:
         d7:18:68:39:52:9b:20:a9:01:7b:ed:8d:2e:a8:49:7b:71:e5:
         31:2f:22:3d:f7:94:eb:1c:f1:39:1b:ce:59:5c:5a:b9:05:d1:
         66:3c:32:01
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUWKNpSdTpf2WhlCsA4vH4YwP4sjswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTNaFw0yNTAyMjQwODUyNTNaMDMxMTAvBgNV
BAMTKEM1QzA5RDI4RTQwM0NBNzQ4MjVEOTRFNzE3NDFGN0Y0QkU3MDM4ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0tFkn2REFGBkOuYT7/hQHaQOk
wIXkl2E/PolLfA+lBquWWL6lIr2iJgUBNyMTe1J4Ncyb5AX4zDBL82dRFjJ/XYDn
tRVun6hnlZWWoZusAlMLIDDuVxMWL6DC8l5sNnzOhfqIwnDzDzVCWum+tJXx37yj
JYJ7BzSOO7jrT92o0IB4htHQaHcFulmbzP7rmPJh8F+o/t3MlrAyBtwcR5Fp0WDn
sqpQGHKpOxuCit23g4rfjXKMNyh47K0gq58A9QeLSbhslhs+LeK2vF4KO5iCd3ba
cj+/CsXQ+TkNq3q7lr4lnwRD/wUSjcMCOH7nIg1HSgu+QdIfjR1ggCbsv/kpAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUxcCdKOQDynSCXZTnF0H39L5wOIkwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzMzMTJlMzQzMDJlMzIzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDMxMzgzODMyLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
HyjUMA0GCSqGSIb3DQEBCwUAA4IBAQAeQJDdTyBka+9BqZyOnCRenrPSdoR9/G58
uHQiS3Mu6tW7XkVTD6xwiEJIKHJvlDb21SYpHbTLwzUgg/SWIOFnX4R9y/LfR+6I
Tsh9uRWc291Ln2luRlUtHN3DH75x9swnfCRvOm5KYxH9FZ/dJS+8vI3fmyaV5D77
KpnlqUJkdYdKsso19dcznnfPTVLk355ylMFh85UiRIZ0H1nxKUCaNksPxJg5q8uP
53q2QOyMYTcSPOhK6x+gYHHoOwaPm3al++UWma6lwtFSnzN0e6rUueUINy2ZSczX
GGg5UpsgqQF77Y0uqEl7ceUxLyI995TrHPE5G85ZXFq5BdFmPDIB
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org