Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37342e302f32342d3332203d3e203531313637.roa
File:                     33312e3138372e37342e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          TO2JvIiws3I0RYRflmODDlftqMaCpGAmjxAL0GrPQRw=
Subject key identifier:   5D:36:55:D2:29:77:98:47:54:E9:6E:B6:58:EA:1A:6E:E9:E7:91:52
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0C4EBF4B4986DC2B828B8042B43C1CE3C6818762
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37342e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 27 Jan 2025 09:45:30 +0000
ROA not before:           Mon 27 Jan 2025 09:40:30 +0000
ROA not after:            Mon 26 Jan 2026 09:45:30 +0000
asID:                     51167
IP address blocks:        31.187.74.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 15:34:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:4e:bf:4b:49:86:dc:2b:82:8b:80:42:b4:3c:1c:e3:c6:81:87:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:30 2025 GMT
            Not After : Jan 26 09:45:30 2026 GMT
        Subject: CN=5D3655D22977984754E96EB658EA1A6EE9E79152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:95:c3:9c:58:f4:cf:8e:61:b0:8b:41:b8:
                    8d:59:07:51:c5:08:ab:04:f2:28:5a:b6:68:d2:3e:
                    88:17:d3:21:2c:3c:25:0a:7d:cf:88:1b:fc:d5:bb:
                    c4:cd:4e:ab:d4:88:48:c0:09:f9:f3:43:5f:57:12:
                    62:45:5f:41:d4:3f:b6:65:97:0b:df:c5:d8:90:59:
                    c3:ca:a5:1a:06:3a:d4:e2:a1:f3:1c:f7:c3:f5:de:
                    0c:a6:fe:8c:9d:31:d0:85:b6:0d:eb:66:bf:fe:53:
                    ec:dc:72:f4:39:3e:a7:1e:08:51:03:c8:9a:81:4f:
                    86:a9:01:2d:d1:bd:f9:17:56:11:3b:a9:37:3e:2c:
                    df:7e:28:7c:87:e2:b2:85:ba:5f:6d:85:3d:11:fb:
                    03:55:73:2f:bb:cd:1f:62:11:65:c8:12:1d:ca:51:
                    68:22:f2:1f:4f:31:df:d0:fd:60:5b:07:56:96:66:
                    2b:57:96:ba:66:97:3f:30:ba:0a:b9:54:b8:82:19:
                    b5:70:0f:14:e1:8e:a7:7f:2e:44:61:90:d0:fa:15:
                    11:a1:8e:fe:df:cc:3f:31:36:99:98:a5:1c:d4:81:
                    1d:ad:f4:92:82:5d:b6:29:af:34:5f:d2:f3:03:02:
                    ff:4d:5f:58:49:aa:3c:ae:2c:38:18:1c:73:1d:87:
                    62:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:36:55:D2:29:77:98:47:54:E9:6E:B6:58:EA:1A:6E:E9:E7:91:52
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37342e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:12:2d:d3:74:fb:4b:d8:fb:9f:b6:03:20:8b:28:f6:33:ad:
         6c:f8:3e:17:9f:27:e7:c5:ad:4e:79:3a:26:b8:29:a9:07:fe:
         2c:3a:d0:e7:4d:7c:8f:bf:6f:69:e1:37:e8:e9:73:e1:64:6f:
         ff:43:f7:cc:6d:9f:57:fa:94:79:ab:2b:a2:33:4e:ca:c4:4f:
         fc:21:69:18:2d:01:eb:ee:54:8a:db:0d:6d:28:b2:40:19:31:
         8c:78:bc:37:b3:4c:cc:a7:11:dd:87:dd:c8:72:48:2e:f4:a9:
         89:47:d0:7f:57:c4:35:e4:71:51:9a:70:6d:26:21:1e:49:d9:
         69:0a:c3:8c:bf:65:ce:39:00:42:14:91:60:ff:39:a6:de:56:
         e4:bf:2c:53:ae:b7:d7:1f:d4:a0:24:e6:68:d8:9d:e2:02:60:
         f7:b3:f4:c7:36:22:6d:36:a8:c9:a2:14:92:79:a2:8d:74:ac:
         2b:19:36:80:45:09:90:8f:9e:a8:b9:1c:f8:fb:4e:d0:9d:5c:
         29:f1:bc:0e:43:4d:d4:25:2c:a8:7e:fa:6b:c4:a9:c7:0b:18:
         94:74:83:cd:39:91:22:b3:be:d5:b9:a2:8d:58:4c:b3:3f:fd:
         8e:80:1b:c2:ad:78:83:93:58:50:61:ef:71:6c:0f:1b:7d:cf:
         47:c1:d9:fa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDE6/S0mG3CuCi4BCtDwc48aBh2IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMzBaFw0yNjAxMjYwOTQ1MzBaMDMxMTAvBgNV
BAMTKDVEMzY1NUQyMjk3Nzk4NDc1NEU5NkVCNjU4RUExQTZFRTlFNzkxNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3y5XDnFj0z45hsItBuI1ZB1HF
CKsE8ihatmjSPogX0yEsPCUKfc+IG/zVu8TNTqvUiEjACfnzQ19XEmJFX0HUP7Zl
lwvfxdiQWcPKpRoGOtTiofMc98P13gym/oydMdCFtg3rZr/+U+zccvQ5PqceCFED
yJqBT4apAS3RvfkXVhE7qTc+LN9+KHyH4rKFul9thT0R+wNVcy+7zR9iEWXIEh3K
UWgi8h9PMd/Q/WBbB1aWZitXlrpmlz8wugq5VLiCGbVwDxThjqd/LkRhkND6FRGh
jv7fzD8xNpmYpRzUgR2t9JKCXbYprzRf0vMDAv9NX1hJqjyuLDgYHHMdh2KPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXTZV0il3mEdU6W62WOoabunnkVIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzEzODM3MmUzNzM0
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+7
SjANBgkqhkiG9w0BAQsFAAOCAQEAeRIt03T7S9j7n7YDIIso9jOtbPg+F58n58Wt
Tnk6JrgpqQf+LDrQ5018j79vaeE36Olz4WRv/0P3zG2fV/qUeasrojNOysRP/CFp
GC0B6+5UitsNbSiyQBkxjHi8N7NMzKcR3YfdyHJILvSpiUfQf1fENeRxUZpwbSYh
HknZaQrDjL9lzjkAQhSRYP85pt5W5L8sU6631x/UoCTmaNid4gJg97P0xzYibTao
yaIUknmijXSsKxk2gEUJkI+eqLkc+PtO0J1cKfG8DkNN1CUsqH76a8SpxwsYlHSD
zTmRIrO+1bmijVhMsz/9joAbwq14g5NYUGHvcWwPG33PR8HZ+g==
-----END CERTIFICATE-----