Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e36342e302f32342d3234203d3e203530363733.roa
File:                     33312e3138372e36342e302f32342d3234203d3e203530363733.roa (raw, json)
Hash identifier:          UIf9776upYPmJ/XyXhPIEfe+N34Rx6MsVXaFGA/n86s=
Subject key identifier:   6F:CB:30:71:E0:60:0F:17:BF:2F:38:BB:BE:20:49:4B:B6:AC:F5:8E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4EDF623144D2A4DFF723F18BF9B485EBD97D2931
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e36342e302f32342d3234203d3e203530363733.roa
Signing time:             Mon 27 Jan 2025 09:45:04 +0000
ROA not before:           Mon 27 Jan 2025 09:40:04 +0000
ROA not after:            Mon 26 Jan 2026 09:45:04 +0000
asID:                     50673
IP address blocks:        31.187.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 13:54:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:df:62:31:44:d2:a4:df:f7:23:f1:8b:f9:b4:85:eb:d9:7d:29:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:04 2025 GMT
            Not After : Jan 26 09:45:04 2026 GMT
        Subject: CN=6FCB3071E0600F17BF2F38BBBE20494BB6ACF58E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:fb:c0:67:23:a6:46:37:b0:85:77:97:6d:81:
                    47:ac:77:42:e6:4d:e9:8f:1a:0a:79:a6:c3:50:41:
                    85:81:36:8c:34:f6:18:37:31:e6:b0:aa:6c:d1:79:
                    ab:b3:24:93:7a:31:b0:6a:ea:73:bf:4b:2c:e1:b9:
                    d8:d8:aa:a4:15:93:ef:0b:45:25:79:34:73:9c:ed:
                    60:2e:11:c1:8c:e0:92:65:f5:6f:10:a0:f4:be:18:
                    28:d6:37:9d:1f:f4:85:c5:e9:fb:af:5c:da:52:0a:
                    a1:3a:4a:7b:de:ac:60:a4:6f:01:a0:c8:98:50:4c:
                    68:d8:6e:2b:7f:1a:3e:4e:e5:a0:a3:6e:f0:80:63:
                    2b:eb:25:06:54:df:21:d7:e3:3d:20:52:48:c1:23:
                    78:30:cd:a7:d1:d0:61:b6:e6:95:0e:4d:f5:38:b5:
                    1d:38:90:83:cd:83:42:a7:45:28:4c:f0:2d:c1:3b:
                    09:9d:3f:0f:5e:d5:3e:63:74:a6:76:bd:44:f5:55:
                    b1:84:69:e4:81:eb:49:44:37:31:f1:92:92:2e:bf:
                    81:57:22:99:64:a9:32:dd:ad:c1:1d:7e:d5:94:1c:
                    18:cf:4f:b4:38:e6:ff:03:42:87:8b:1e:5a:08:9a:
                    50:b7:85:d1:85:9e:28:01:3b:7c:8c:42:6e:b9:c1:
                    e2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:CB:30:71:E0:60:0F:17:BF:2F:38:BB:BE:20:49:4B:B6:AC:F5:8E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e36342e302f32342d3234203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:05:a1:dc:94:a5:e2:8d:88:c5:37:28:57:dd:63:f7:8c:01:
         db:5c:c8:05:aa:1e:84:a7:36:22:a0:47:3d:8f:22:6f:9f:0f:
         3d:c7:39:f2:77:33:2e:57:95:11:58:c6:de:d2:d7:82:5e:94:
         c6:2e:13:f8:fb:ba:a5:0b:2c:3f:6e:f0:bb:16:a7:c1:de:8c:
         97:27:b8:d3:e3:22:68:d9:81:d1:45:44:c4:30:32:17:a9:5f:
         6a:45:82:db:be:37:ff:bc:f5:ff:b7:ea:5f:c0:4d:cd:72:4f:
         d8:1b:79:ea:98:15:e0:a4:81:51:cd:04:07:74:3e:48:90:09:
         a4:72:5c:51:a9:12:c6:49:c4:11:d7:c3:57:f9:35:42:90:1d:
         76:6a:94:20:01:8a:74:21:5d:14:3a:dc:9e:fc:4a:0a:40:43:
         27:02:a3:b9:20:17:87:0f:4e:63:d1:12:9e:a7:57:df:38:c3:
         02:81:ca:03:31:ae:84:e6:3f:4f:b2:88:88:05:bb:df:e7:24:
         0a:c9:49:a1:0e:2d:45:96:4c:57:51:fb:7f:3c:a1:91:72:48:
         8a:1a:c4:b2:74:fa:23:d8:99:c9:26:19:d4:2b:e3:a3:de:a5:
         9b:81:5a:df:19:5c:28:d6:0f:92:e7:f9:da:9a:1a:3c:4c:d8:
         26:ad:00:33
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTt9iMUTSpN/3I/GL+bSF69l9KTEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMDRaFw0yNjAxMjYwOTQ1MDRaMDMxMTAvBgNV
BAMTKDZGQ0IzMDcxRTA2MDBGMTdCRjJGMzhCQkJFMjA0OTRCQjZBQ0Y1OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ+8BnI6ZGN7CFd5dtgUesd0Lm
TemPGgp5psNQQYWBNow09hg3MeawqmzReauzJJN6MbBq6nO/SyzhudjYqqQVk+8L
RSV5NHOc7WAuEcGM4JJl9W8QoPS+GCjWN50f9IXF6fuvXNpSCqE6SnverGCkbwGg
yJhQTGjYbit/Gj5O5aCjbvCAYyvrJQZU3yHX4z0gUkjBI3gwzafR0GG25pUOTfU4
tR04kIPNg0KnRShM8C3BOwmdPw9e1T5jdKZ2vUT1VbGEaeSB60lENzHxkpIuv4FX
IplkqTLdrcEdftWUHBjPT7Q45v8DQoeLHloImlC3hdGFnigBO3yMQm65weJfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUb8swceBgDxe/Lzi7viBJS7as9Y4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzEzODM3MmUzNjM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+7
QDANBgkqhkiG9w0BAQsFAAOCAQEAlwWh3JSl4o2IxTcoV91j94wB21zIBaoehKc2
IqBHPY8ib58PPcc58nczLleVEVjG3tLXgl6Uxi4T+Pu6pQssP27wuxanwd6Mlye4
0+MiaNmB0UVExDAyF6lfakWC2743/7z1/7fqX8BNzXJP2Bt56pgV4KSBUc0EB3Q+
SJAJpHJcUakSxknEEdfDV/k1QpAddmqUIAGKdCFdFDrcnvxKCkBDJwKjuSAXhw9O
Y9ESnqdX3zjDAoHKAzGuhOY/T7KIiAW73+ckCslJoQ4tRZZMV1H7fzyhkXJIihrE
snT6I9iZySYZ1Cvjo96lm4Fa3xlcKNYPkuf52poaPEzYJq0AMw==
-----END CERTIFICATE-----