Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37322e302f32342d3234203d3e203437353833.roa
File:                     33312e3138372e37322e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          8Co2CPvc4kROR0L9PXmMO2LVybme+accW6jxOb34MYw=
Subject key identifier:   CA:6D:2E:08:D0:18:3E:1A:64:76:EB:29:6D:B2:25:AF:EA:63:69:6E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5534696457DAE80207EA154F91C3ABF675CDDA1C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37322e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:01 +0000
ROA not before:           Mon 26 Feb 2024 08:48:01 +0000
ROA not after:            Mon 24 Feb 2025 08:53:01 +0000
asID:                     47583
IP address blocks:        31.187.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:34:69:64:57:da:e8:02:07:ea:15:4f:91:c3:ab:f6:75:cd:da:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:01 2024 GMT
            Not After : Feb 24 08:53:01 2025 GMT
        Subject: CN=CA6D2E08D0183E1A6476EB296DB225AFEA63696E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f0:93:3c:2d:e3:7b:b8:da:ce:ff:02:c5:3c:
                    e4:f1:d3:b1:df:a6:1a:eb:2e:4d:eb:f4:be:20:7d:
                    89:17:4b:94:d9:ab:41:db:a5:82:ad:f6:8d:a8:d3:
                    b7:c9:aa:51:19:c6:60:68:43:e9:8f:8f:d1:b8:40:
                    aa:93:2c:f5:50:b2:d4:21:ec:e3:46:56:7f:b1:94:
                    0c:43:6c:6e:34:7d:01:31:7b:7f:43:7c:0e:0f:c3:
                    0c:c1:f3:14:c9:a1:43:6a:6d:99:13:bd:d3:13:09:
                    29:56:57:ea:de:18:df:2a:9d:f2:1c:50:d2:7f:5a:
                    75:45:0a:28:0b:0d:8e:f7:1f:35:22:b7:4d:54:3f:
                    a7:fd:25:c8:70:7b:bb:34:7d:0e:b2:9e:d2:08:98:
                    83:1d:23:1b:23:cb:ba:90:f2:57:56:9c:e8:f6:a9:
                    6e:e3:23:f7:09:60:df:fe:45:08:f6:22:23:62:7d:
                    f2:0b:b5:51:34:ee:3a:6d:3c:a2:65:5a:06:07:85:
                    be:d6:c8:2d:79:9f:ab:01:88:f7:60:37:4b:12:dd:
                    9d:e0:45:13:27:73:f6:bb:4f:48:03:57:14:34:2f:
                    5f:88:02:1d:38:9b:e7:f4:5b:fd:bb:e3:72:02:b7:
                    30:a4:3b:61:5d:0d:21:70:1b:58:30:8b:0d:3b:52:
                    aa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:6D:2E:08:D0:18:3E:1A:64:76:EB:29:6D:B2:25:AF:EA:63:69:6E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37322e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:5f:c7:03:bd:62:1a:09:a1:33:08:ba:b2:10:0c:11:43:c0:
         19:d1:51:e9:9e:90:50:89:79:01:f9:81:20:88:8b:bb:ec:51:
         ae:a2:14:e2:35:69:2f:2b:fb:4b:81:4e:bc:bd:23:0a:98:7b:
         65:cc:1a:0f:8f:51:65:7e:1f:24:ea:e2:5b:a7:9a:9e:17:2f:
         5f:3f:6e:31:5e:13:51:e1:4d:82:55:cf:81:af:86:68:3c:97:
         c9:4a:c9:ef:60:86:5f:48:db:3a:84:ca:ef:d9:7a:54:ba:ca:
         4d:30:fa:7c:ff:28:5d:a2:64:e6:1f:c1:d2:0a:8d:b0:20:16:
         ee:30:b8:13:5c:6c:a7:5a:93:e7:c4:60:0a:fe:75:ef:28:48:
         85:1c:2b:a0:5d:30:cb:c6:a1:9e:f7:66:3c:0a:1e:ae:21:b2:
         44:fb:cd:f9:af:0b:23:a3:da:cf:6f:c8:89:6c:1b:c4:e9:3b:
         ce:b9:ae:fe:e9:a5:11:5a:55:fb:94:cb:e3:06:5e:38:4a:ba:
         1b:57:c1:0e:e0:15:5c:2f:4b:c0:9b:bc:3c:fc:d5:0a:36:ef:
         77:7f:1b:0a:aa:97:0b:84:71:96:8c:5d:da:37:d6:df:46:c0:
         e6:5d:3e:c2:6e:2d:d9:1b:b7:39:4a:0c:2f:b7:ff:ad:52:b5:
         b0:97:e6:7e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVTRpZFfa6AIH6hVPkcOr9nXN2hwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDFaFw0yNTAyMjQwODUzMDFaMDMxMTAvBgNV
BAMTKENBNkQyRTA4RDAxODNFMUE2NDc2RUIyOTZEQjIyNUFGRUE2MzY5NkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi8JM8LeN7uNrO/wLFPOTx07Hf
phrrLk3r9L4gfYkXS5TZq0HbpYKt9o2o07fJqlEZxmBoQ+mPj9G4QKqTLPVQstQh
7ONGVn+xlAxDbG40fQExe39DfA4PwwzB8xTJoUNqbZkTvdMTCSlWV+reGN8qnfIc
UNJ/WnVFCigLDY73HzUit01UP6f9Jchwe7s0fQ6yntIImIMdIxsjy7qQ8ldWnOj2
qW7jI/cJYN/+RQj2IiNiffILtVE07jptPKJlWgYHhb7WyC15n6sBiPdgN0sS3Z3g
RRMnc/a7T0gDVxQ0L1+IAh04m+f0W/2743ICtzCkO2FdDSFwG1gwiw07UqobAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUym0uCNAYPhpkduspbbIlr+pjaW4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzEzODM3MmUzNzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+7
SDANBgkqhkiG9w0BAQsFAAOCAQEAKV/HA71iGgmhMwi6shAMEUPAGdFR6Z6QUIl5
AfmBIIiLu+xRrqIU4jVpLyv7S4FOvL0jCph7ZcwaD49RZX4fJOriW6eanhcvXz9u
MV4TUeFNglXPga+GaDyXyUrJ72CGX0jbOoTK79l6VLrKTTD6fP8oXaJk5h/B0gqN
sCAW7jC4E1xsp1qT58RgCv517yhIhRwroF0wy8ahnvdmPAoeriGyRPvN+a8LI6Pa
z2/IiWwbxOk7zrmu/umlEVpV+5TL4wZeOEq6G1fBDuAVXC9LwJu8PPzVCjbvd38b
CqqXC4Rxloxd2jfW30bA5l0+wm4t2Ru3OUoML7f/rVK1sJfmfg==
-----END CERTIFICATE-----