Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37302e302f32332d3233203d3e203230383630.roa
File:                     33312e3138372e37302e302f32332d3233203d3e203230383630.roa (raw, json)
Hash identifier:          DhzVNgHpikkzgh6UXOJGw2N2H3tRDrix8UkAS65OLDs=
Subject key identifier:   1F:BF:31:77:3A:F4:7C:42:63:4B:AF:0D:B6:11:A0:6C:8F:4D:B4:AD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2C9039ED282A4245F9A14558D6B0E88F387922E4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37302e302f32332d3233203d3e203230383630.roa
Signing time:             Mon 07 Oct 2024 15:34:38 +0000
ROA not before:           Mon 07 Oct 2024 15:29:38 +0000
ROA not after:            Mon 06 Oct 2025 15:34:38 +0000
asID:                     20860
IP address blocks:        31.187.70.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:90:39:ed:28:2a:42:45:f9:a1:45:58:d6:b0:e8:8f:38:79:22:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct  7 15:29:38 2024 GMT
            Not After : Oct  6 15:34:38 2025 GMT
        Subject: CN=1FBF31773AF47C42634BAF0DB611A06C8F4DB4AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:23:94:b1:5f:22:65:9b:38:4d:5d:e3:0b:01:
                    a1:25:81:0c:ee:f1:b0:29:2e:ca:e9:91:2f:dc:5e:
                    ed:ab:24:bf:41:13:9f:8f:54:e3:41:99:3e:64:7d:
                    55:46:49:6f:99:1a:df:45:33:d3:70:3a:67:a8:4e:
                    da:96:65:70:57:c2:d1:e1:a7:6a:d6:c0:f6:20:36:
                    5a:ce:90:69:e4:7e:29:3e:17:a6:01:83:a0:3f:e2:
                    f3:f1:fb:bc:7f:18:e5:0f:a7:7c:e5:89:84:cf:d1:
                    31:62:fa:ca:3c:f1:47:a6:ad:4d:47:4a:fa:37:8f:
                    b9:5a:12:7e:f3:e5:3c:93:28:2b:25:b5:07:64:92:
                    f5:6e:c7:f2:a6:57:59:5c:ac:c1:b8:d2:71:95:ad:
                    45:f3:42:88:a6:05:d3:d3:0a:56:72:5d:3e:4a:45:
                    79:ef:50:85:67:d0:16:86:c6:ca:a3:28:28:1f:95:
                    ca:25:e2:8c:ea:61:77:ad:8f:74:5a:33:97:2a:34:
                    5b:42:44:fc:e4:67:b4:7b:fa:32:06:b4:e1:ba:06:
                    47:a6:f7:b8:c6:03:b6:b4:76:ff:9d:55:76:b1:89:
                    e5:c9:4e:91:88:a3:3c:a3:61:7c:15:95:13:15:8c:
                    62:17:ce:dd:82:0e:8d:56:0b:cb:13:9d:70:14:f0:
                    f5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:BF:31:77:3A:F4:7C:42:63:4B:AF:0D:B6:11:A0:6C:8F:4D:B4:AD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37302e302f32332d3233203d3e203230383630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:38:0c:3a:fb:08:02:7b:f2:cd:10:a6:5c:25:0b:bd:ab:91:
         8d:29:a7:44:2c:08:5d:71:17:1c:98:83:e1:6c:77:53:f4:9c:
         94:e7:34:4b:bd:c5:a4:ba:fb:6d:53:0f:e9:a9:2f:14:fb:c7:
         ef:8a:bd:6d:a4:39:5d:71:50:6c:e7:b4:db:e0:bb:df:26:3c:
         68:f3:5c:de:c2:79:8e:86:3e:ac:85:5b:dc:49:d2:de:78:05:
         90:ba:66:9b:7b:6f:cd:d7:8f:40:21:70:5b:ba:73:de:85:e2:
         61:d3:dc:27:c3:7f:b1:1c:d3:84:fd:44:ea:27:6d:a2:8a:3b:
         ac:28:72:62:23:7c:82:3c:73:1e:d3:90:90:b4:ca:e0:9e:3a:
         7e:a3:6d:29:ee:73:f1:27:1d:b8:02:ba:b0:67:95:a7:7e:60:
         a3:af:4a:37:06:fe:c0:50:5e:e9:a3:6b:fe:e5:40:56:2f:cd:
         23:a2:26:cc:c7:26:bd:a0:10:61:94:96:3b:c5:ac:ba:ac:56:
         75:2c:43:a9:e9:fa:0c:08:09:6f:2c:92:7d:d4:d7:d3:4e:5e:
         6a:f7:60:26:e3:81:99:d8:13:02:13:d8:b4:39:2a:ce:91:dc:
         5b:c6:5c:63:24:2b:16:ce:63:28:cc:89:cf:f5:22:b7:35:fd:
         35:11:f8:e1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULJA57SgqQkX5oUVY1rDojzh5IuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEwMDcxNTI5MzhaFw0yNTEwMDYxNTM0MzhaMDMxMTAvBgNV
BAMTKDFGQkYzMTc3M0FGNDdDNDI2MzRCQUYwREI2MTFBMDZDOEY0REI0QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMI5SxXyJlmzhNXeMLAaElgQzu
8bApLsrpkS/cXu2rJL9BE5+PVONBmT5kfVVGSW+ZGt9FM9NwOmeoTtqWZXBXwtHh
p2rWwPYgNlrOkGnkfik+F6YBg6A/4vPx+7x/GOUPp3zliYTP0TFi+so88UemrU1H
Svo3j7laEn7z5TyTKCsltQdkkvVux/KmV1lcrMG40nGVrUXzQoimBdPTClZyXT5K
RXnvUIVn0BaGxsqjKCgflcol4ozqYXetj3RaM5cqNFtCRPzkZ7R7+jIGtOG6Bkem
97jGA7a0dv+dVXaxieXJTpGIozyjYXwVlRMVjGIXzt2CDo1WC8sTnXAU8PVHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUH78xdzr0fEJjS68NthGgbI9NtK0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzEzODM3MmUzNzMw
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzIzMDM4MzYzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAR+7
RjANBgkqhkiG9w0BAQsFAAOCAQEAYTgMOvsIAnvyzRCmXCULvauRjSmnRCwIXXEX
HJiD4Wx3U/SclOc0S73FpLr7bVMP6akvFPvH74q9baQ5XXFQbOe02+C73yY8aPNc
3sJ5joY+rIVb3EnS3ngFkLpmm3tvzdePQCFwW7pz3oXiYdPcJ8N/sRzThP1E6idt
ooo7rChyYiN8gjxzHtOQkLTK4J46fqNtKe5z8ScduAK6sGeVp35go69KNwb+wFBe
6aNr/uVAVi/NI6ImzMcmvaAQYZSWO8WsuqxWdSxDqen6DAgJbyySfdTX005eavdg
JuOBmdgTAhPYtDkqzpHcW8ZcYyQrFs5jKMyJz/UitzX9NRH44Q==
-----END CERTIFICATE-----