Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203432383938.roa
File:                     33312e34302e3231322e302f32342d3234203d3e203432383938.roa (raw, json)
Hash identifier:          rVwIRYCUv8Oy0visl3jvpsc1wY3FSIVrYfrRo6I8/SA=
Subject key identifier:   15:E1:A5:29:1F:F9:E9:65:DF:06:8D:BC:94:4B:DA:48:45:6B:95:34
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       0466A5E965BE688CF1FED695DFE86CC2482BE180
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203432383938.roa
Signing time:             Mon 26 Feb 2024 08:52:55 +0000
ROA not before:           Mon 26 Feb 2024 08:47:55 +0000
ROA not after:            Mon 24 Feb 2025 08:52:55 +0000
asID:                     42898
IP address blocks:        31.40.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:66:a5:e9:65:be:68:8c:f1:fe:d6:95:df:e8:6c:c2:48:2b:e1:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:55 2024 GMT
            Not After : Feb 24 08:52:55 2025 GMT
        Subject: CN=15E1A5291FF9E965DF068DBC944BDA48456B9534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:45:49:28:d8:dc:7b:9b:1e:e0:0b:21:50:15:
                    89:71:7f:4b:59:3c:f4:39:d8:fb:62:10:10:57:7b:
                    f5:75:d1:a8:46:fd:b6:c6:76:5f:e4:82:ff:f0:f0:
                    31:df:80:3f:c9:37:63:22:2f:e7:96:70:43:95:b8:
                    bd:45:86:58:90:ce:57:89:c5:de:e1:3e:2a:8c:b4:
                    37:f0:a2:31:2e:39:29:7b:4e:71:79:52:ac:71:5a:
                    fd:0e:39:5c:b1:96:77:0e:30:00:47:60:bd:17:64:
                    d1:8f:17:35:da:31:e6:3d:03:de:3c:2f:d6:2c:d8:
                    1f:0b:7b:1c:ee:d4:80:28:9a:f0:40:ae:48:1d:4e:
                    44:2d:2e:76:41:a1:47:99:21:ed:54:46:aa:10:21:
                    b2:7d:5c:1b:d8:b4:5f:78:d6:89:f9:de:a6:0d:0a:
                    b3:37:16:2f:2e:d6:ab:61:95:49:79:8c:17:4b:cd:
                    be:70:f6:19:57:21:fd:5d:66:9b:b2:a2:38:ec:85:
                    8e:91:b4:9f:1f:3f:85:36:5e:e7:9d:30:ff:f1:f5:
                    0b:c9:29:3c:a3:23:95:98:bf:34:23:de:69:46:08:
                    66:ea:81:25:9a:c2:5b:ed:29:56:df:a3:b2:ec:7e:
                    18:eb:d3:11:c8:03:c5:04:e0:35:c4:11:92:65:f8:
                    95:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:E1:A5:29:1F:F9:E9:65:DF:06:8D:BC:94:4B:DA:48:45:6B:95:34
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203432383938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:62:6b:68:49:3d:28:e9:bf:4b:56:0a:4f:da:7d:76:a2:ae:
         ba:2c:fb:b1:ea:75:88:0e:f5:e9:17:43:a7:a4:b2:e1:26:32:
         54:43:f0:bd:8a:03:b5:e8:6e:34:b3:1a:4d:47:79:55:34:dd:
         d2:e0:c1:6c:61:ae:7d:97:bf:09:6a:cd:f6:79:3d:86:25:65:
         a8:cb:58:db:66:5f:04:bd:fb:aa:17:bc:7c:b6:2f:2d:d9:dd:
         3d:95:64:33:24:4a:b4:5f:b3:e7:c8:92:d3:5a:34:d0:a0:5b:
         ea:af:4e:09:28:2c:01:c6:97:e2:73:1b:f4:bc:dc:4f:50:60:
         3b:8f:c5:23:9d:1e:55:7d:32:92:7d:52:23:4f:4a:60:ac:c1:
         19:e4:48:7b:e5:8e:9d:ef:4d:44:c3:ad:5a:bd:5f:45:da:e2:
         a3:36:17:ad:51:56:5c:e2:92:ec:0a:34:9b:10:31:1e:32:95:
         c5:22:e9:c0:80:4e:ef:1c:08:77:ee:5b:8e:52:27:e9:11:7e:
         68:01:4c:1d:f2:26:34:3e:05:46:51:ce:90:40:84:63:2e:ef:
         59:f8:c6:2b:56:e9:8c:c8:ff:3f:6f:0c:31:27:4d:36:a5:61:
         52:40:47:4b:5e:7c:cc:d8:28:25:bc:a4:13:5d:68:f0:a4:ef:
         55:40:ca:77
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBGal6WW+aIzx/taV3+hswkgr4YAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTVaFw0yNTAyMjQwODUyNTVaMDMxMTAvBgNV
BAMTKDE1RTFBNTI5MUZGOUU5NjVERjA2OERCQzk0NEJEQTQ4NDU2Qjk1MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFRUko2Nx7mx7gCyFQFYlxf0tZ
PPQ52PtiEBBXe/V10ahG/bbGdl/kgv/w8DHfgD/JN2MiL+eWcEOVuL1FhliQzleJ
xd7hPiqMtDfwojEuOSl7TnF5UqxxWv0OOVyxlncOMABHYL0XZNGPFzXaMeY9A948
L9Ys2B8Lexzu1IAomvBArkgdTkQtLnZBoUeZIe1URqoQIbJ9XBvYtF941on53qYN
CrM3Fi8u1qthlUl5jBdLzb5w9hlXIf1dZpuyojjshY6RtJ8fP4U2XuedMP/x9QvJ
KTyjI5WYvzQj3mlGCGbqgSWawlvtKVbfo7Lsfhjr0xHIA8UE4DXEEZJl+JVvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFeGlKR/56WXfBo28lEvaSEVrlTQwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzMzMTJlMzQzMDJlMzIzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8o
1DANBgkqhkiG9w0BAQsFAAOCAQEAiWJraEk9KOm/S1YKT9p9dqKuuiz7sep1iA71
6RdDp6Sy4SYyVEPwvYoDtehuNLMaTUd5VTTd0uDBbGGufZe/CWrN9nk9hiVlqMtY
22ZfBL37qhe8fLYvLdndPZVkMyRKtF+z58iS01o00KBb6q9OCSgsAcaX4nMb9Lzc
T1BgO4/FI50eVX0ykn1SI09KYKzBGeRIe+WOne9NRMOtWr1fRdriozYXrVFWXOKS
7Ao0mxAxHjKVxSLpwIBO7xwId+5bjlIn6RF+aAFMHfImND4FRlHOkECEYy7vWfjG
K1bpjMj/P28MMSdNNqVhUkBHS158zNgoJbykE11o8KTvVUDKdw==
-----END CERTIFICATE-----