Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203538323132.roa
File:                     33312e34302e3231322e302f32342d3234203d3e203538323132.roa (raw, json)
Hash identifier:          uppZY4p6hmVccG2KgdSX3mVvOLY6hDOSsuYJkLmU3HY=
Subject key identifier:   F8:CA:02:5A:E3:86:F0:28:D8:C0:D4:6B:52:3E:63:E4:57:EB:00:9C
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       0D9517623C38D5619CC83DEE907183DD35FC5D09
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203538323132.roa
Signing time:             Mon 26 Feb 2024 08:52:52 +0000
ROA not before:           Mon 26 Feb 2024 08:47:52 +0000
ROA not after:            Mon 24 Feb 2025 08:52:52 +0000
asID:                     58212
IP address blocks:        31.40.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:95:17:62:3c:38:d5:61:9c:c8:3d:ee:90:71:83:dd:35:fc:5d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:52 2024 GMT
            Not After : Feb 24 08:52:52 2025 GMT
        Subject: CN=F8CA025AE386F028D8C0D46B523E63E457EB009C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:be:ce:2c:d1:56:e1:7c:af:3f:b5:e1:09:66:
                    d7:8e:16:db:1d:96:46:1d:cb:e5:6a:64:03:3a:33:
                    dd:c8:cf:46:1a:fb:1f:fa:40:13:29:07:aa:ea:43:
                    d0:a2:d0:da:94:a6:3c:a1:8c:c0:04:c1:7c:16:1d:
                    a0:1f:ec:8c:c6:db:3a:88:4b:58:ec:c9:94:24:d8:
                    b4:77:c6:04:e4:97:7f:3e:ef:b4:d5:e2:6a:f0:a5:
                    e2:95:4b:19:36:fb:0c:f2:08:73:d0:17:c8:59:a8:
                    9e:24:e4:6e:29:9b:9b:0e:e6:4b:32:1e:33:2c:b8:
                    06:dd:dc:9e:ca:6c:76:47:1f:e6:4d:49:c6:54:73:
                    a3:2f:26:ea:ca:fe:92:e1:4f:61:b9:67:71:90:42:
                    b6:39:1b:b9:9a:9b:4c:8d:e8:50:86:4b:9c:e8:f8:
                    1d:9b:bb:85:b4:48:e1:9f:85:de:d3:17:18:43:b9:
                    15:62:97:30:05:a0:97:46:00:22:2f:d4:a2:85:a4:
                    6b:57:81:75:48:14:07:83:48:a3:5a:bd:44:4c:70:
                    41:7a:05:ee:44:cf:70:eb:b6:9c:0e:c7:96:be:03:
                    79:52:b5:40:85:30:e3:fc:74:6f:1f:55:9f:0e:f0:
                    aa:59:22:65:84:09:a8:ca:f3:db:b4:42:0e:30:20:
                    1b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:CA:02:5A:E3:86:F0:28:D8:C0:D4:6B:52:3E:63:E4:57:EB:00:9C
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/33312e34302e3231322e302f32342d3234203d3e203538323132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:ac:46:fc:4f:1a:56:64:fa:d7:be:38:b8:cc:9e:a3:36:0d:
         5f:ef:6d:59:ff:4a:e3:c7:31:43:92:42:2b:2e:41:e5:b0:18:
         7e:47:e3:fa:49:95:49:b6:a6:88:db:fe:46:f0:3b:a4:27:b5:
         82:e0:54:0e:3d:0f:1d:ce:2c:34:8b:c2:4f:0e:87:df:82:2b:
         ab:d3:a2:33:0a:4b:b4:59:af:fa:76:e4:26:1d:c0:ac:a3:05:
         03:bc:84:49:01:c9:a2:ec:a4:6d:f4:e8:43:8a:cf:bd:6c:9f:
         d6:3c:73:e3:0c:81:0b:50:5f:ce:75:16:d6:a0:85:1d:f5:8c:
         e4:4b:35:9f:4b:4c:d9:70:ac:81:57:ed:5b:09:3c:f6:77:ba:
         6d:a4:4e:7a:ef:5a:66:10:52:1b:70:f7:49:e2:b1:80:a3:4f:
         31:67:73:58:0d:d8:62:dc:ec:4f:ef:5e:50:ea:d5:fb:b7:25:
         63:b2:fe:f0:bf:29:38:bb:cf:cb:44:c4:32:cd:bd:fd:11:95:
         a7:13:d7:00:37:4c:e1:07:ce:ff:51:7c:5a:b4:eb:29:c5:02:
         03:e3:13:12:f3:5f:62:22:12:f9:4b:4f:bb:51:b3:ec:9d:fe:
         8d:92:95:2f:b1:d4:fb:76:ba:18:b8:20:93:36:77:5b:b9:a2:
         b2:73:9c:a9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDZUXYjw41WGcyD3ukHGD3TX8XQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTJaFw0yNTAyMjQwODUyNTJaMDMxMTAvBgNV
BAMTKEY4Q0EwMjVBRTM4NkYwMjhEOEMwRDQ2QjUyM0U2M0U0NTdFQjAwOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVvs4s0VbhfK8/teEJZteOFtsd
lkYdy+VqZAM6M93Iz0Ya+x/6QBMpB6rqQ9Ci0NqUpjyhjMAEwXwWHaAf7IzG2zqI
S1jsyZQk2LR3xgTkl38+77TV4mrwpeKVSxk2+wzyCHPQF8hZqJ4k5G4pm5sO5ksy
HjMsuAbd3J7KbHZHH+ZNScZUc6MvJurK/pLhT2G5Z3GQQrY5G7mam0yN6FCGS5zo
+B2bu4W0SOGfhd7TFxhDuRVilzAFoJdGACIv1KKFpGtXgXVIFAeDSKNavURMcEF6
Be5Ez3DrtpwOx5a+A3lStUCFMOP8dG8fVZ8O8KpZImWECajK89u0Qg4wIBs1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+MoCWuOG8CjYwNRrUj5j5FfrAJwwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzMzMTJlMzQzMDJlMzIzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzODMyMzEzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8o
1DANBgkqhkiG9w0BAQsFAAOCAQEAHqxG/E8aVmT61744uMyeozYNX+9tWf9K48cx
Q5JCKy5B5bAYfkfj+kmVSbamiNv+RvA7pCe1guBUDj0PHc4sNIvCTw6H34Irq9Oi
MwpLtFmv+nbkJh3ArKMFA7yESQHJouykbfToQ4rPvWyf1jxz4wyBC1BfznUW1qCF
HfWM5Es1n0tM2XCsgVftWwk89ne6baROeu9aZhBSG3D3SeKxgKNPMWdzWA3YYtzs
T+9eUOrV+7clY7L+8L8pOLvPy0TEMs29/RGVpxPXADdM4QfO/1F8WrTrKcUCA+MT
EvNfYiIS+UtPu1Gz7J3+jZKVL7HU+3a6GLggkzZ3W7misnOcqQ==
-----END CERTIFICATE-----