Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203431393434.roa
File:                     33312e34302e3231322e302f32342d3234203d3e203431393434.roa (raw, json)
Hash identifier:          VIMQsaw39rwU8gt/F5U3nFTTIxFGRBl5quTzcYDfxWw=
Subject key identifier:   97:CF:B4:CD:68:45:8D:A3:1C:58:B7:2E:BE:7C:33:BC:05:04:AF:1B
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       5406B2BCF05897955B9843BB16BD3FAC77499E8D
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203431393434.roa
Signing time:             Mon 26 Feb 2024 08:52:53 +0000
ROA not before:           Mon 26 Feb 2024 08:47:53 +0000
ROA not after:            Mon 24 Feb 2025 08:52:53 +0000
asID:                     41944
IP address blocks:        31.40.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:06:b2:bc:f0:58:97:95:5b:98:43:bb:16:bd:3f:ac:77:49:9e:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:53 2024 GMT
            Not After : Feb 24 08:52:53 2025 GMT
        Subject: CN=97CFB4CD68458DA31C58B72EBE7C33BC0504AF1B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9f:a1:6b:cd:be:98:2d:c0:2e:c9:0e:47:95:
                    51:f7:3a:d8:00:3f:bb:ff:1e:69:cd:e2:ed:7c:e0:
                    3b:59:39:15:d2:b7:90:b5:d2:e2:03:42:76:dd:d6:
                    77:18:51:bb:1d:e6:c8:a6:83:e1:02:f2:b7:80:3d:
                    8f:1c:a9:ae:4c:f5:cd:a9:bd:b7:97:16:09:fd:37:
                    0e:91:95:bf:62:5e:40:f2:dd:af:43:8a:cc:83:17:
                    9b:09:81:84:a9:0b:a4:26:5e:79:9a:70:92:25:c7:
                    04:af:8c:02:3e:2a:53:45:78:e8:34:45:ce:02:55:
                    65:c2:63:3b:d8:bc:0c:2d:3d:db:c4:0b:71:1b:de:
                    52:57:85:d1:d5:88:c9:52:fd:21:58:53:8d:5b:da:
                    fc:71:eb:d6:e7:ad:fe:58:c9:fb:38:54:01:5b:d6:
                    a1:47:88:eb:b5:46:58:d2:f6:f5:9c:57:bb:b0:ff:
                    eb:98:2d:93:36:8f:0a:8e:79:d0:6b:3f:0b:3c:a3:
                    07:3a:63:b8:ca:ab:cb:71:c2:33:bf:e9:34:3c:12:
                    a9:05:0c:22:41:3e:84:fe:74:ed:67:3f:bb:f4:ca:
                    a1:d7:2d:fa:64:fb:a5:c1:36:3d:7a:69:df:f1:59:
                    75:f5:11:94:69:1c:30:29:64:4d:20:b0:2b:a4:45:
                    ea:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:CF:B4:CD:68:45:8D:A3:1C:58:B7:2E:BE:7C:33:BC:05:04:AF:1B
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203431393434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:18:0d:ad:0f:66:60:b2:3d:8c:dd:25:13:b6:68:c8:a0:ef:
         aa:a4:3e:e9:f6:0f:26:19:55:e9:7f:93:0d:5d:f8:8d:34:d6:
         ab:d3:c3:d6:fe:fd:d7:21:9e:16:e9:e2:2a:80:e7:6e:de:b4:
         8d:41:29:b4:bb:0d:66:45:cc:b3:07:dc:b4:a7:25:71:87:67:
         33:45:d0:44:c8:51:2f:d1:a3:79:63:f0:9b:08:94:9f:54:62:
         12:1d:95:b0:ef:83:e5:db:bf:84:38:90:f3:a8:2c:37:b3:76:
         3a:c1:01:2e:c5:f4:1b:c1:f1:ac:61:cd:5a:58:a4:65:4e:bd:
         b9:ec:d1:af:ba:f6:ae:b8:1a:0b:a0:5a:5e:87:4b:4b:f1:86:
         d4:8d:60:d0:98:79:9b:29:53:64:3a:74:bf:f8:a8:51:00:e0:
         02:bd:9e:53:5e:5d:b9:69:8f:7b:64:cd:01:62:00:b8:24:1c:
         a2:ae:37:5b:e1:e7:1e:76:e2:5c:a0:73:0e:f8:cc:a0:de:b2:
         f7:95:20:0c:a2:20:b8:2a:7a:96:51:b2:ce:3f:1a:5c:1f:72:
         29:eb:4b:2b:fb:c3:e5:81:00:d3:4a:49:92:cb:ea:4e:4b:17:
         f8:f6:ba:7d:76:84:14:26:0a:cc:0a:2b:15:e4:e4:69:93:2e:
         17:5a:2d:36
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVAayvPBYl5VbmEO7Fr0/rHdJno0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTNaFw0yNTAyMjQwODUyNTNaMDMxMTAvBgNV
BAMTKDk3Q0ZCNENENjg0NThEQTMxQzU4QjcyRUJFN0MzM0JDMDUwNEFGMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvn6Frzb6YLcAuyQ5HlVH3OtgA
P7v/HmnN4u184DtZORXSt5C10uIDQnbd1ncYUbsd5simg+EC8reAPY8cqa5M9c2p
vbeXFgn9Nw6Rlb9iXkDy3a9DisyDF5sJgYSpC6QmXnmacJIlxwSvjAI+KlNFeOg0
Rc4CVWXCYzvYvAwtPdvEC3Eb3lJXhdHViMlS/SFYU41b2vxx69bnrf5Yyfs4VAFb
1qFHiOu1RljS9vWcV7uw/+uYLZM2jwqOedBrPws8owc6Y7jKq8txwjO/6TQ8EqkF
DCJBPoT+dO1nP7v0yqHXLfpk+6XBNj16ad/xWXX1EZRpHDApZE0gsCukReppAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUl8+0zWhFjaMcWLcuvnwzvAUErxswHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzMzMTJlMzQzMDJlMzIzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMTM5MzQzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8o
1DANBgkqhkiG9w0BAQsFAAOCAQEALhgNrQ9mYLI9jN0lE7ZoyKDvqqQ+6fYPJhlV
6X+TDV34jTTWq9PD1v791yGeFuniKoDnbt60jUEptLsNZkXMswfctKclcYdnM0XQ
RMhRL9GjeWPwmwiUn1RiEh2VsO+D5du/hDiQ86gsN7N2OsEBLsX0G8HxrGHNWlik
ZU69uezRr7r2rrgaC6BaXodLS/GG1I1g0Jh5mylTZDp0v/ioUQDgAr2eU15duWmP
e2TNAWIAuCQcoq43W+HnHnbiXKBzDvjMoN6y95UgDKIguCp6llGyzj8aXB9yKetL
K/vD5YEA00pJksvqTksX+Pa6fXaEFCYKzAorFeTkaZMuF1otNg==
-----END CERTIFICATE-----