Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37342e302f32342d3332203d3e203531313637.roa
File:                     33312e3138372e37342e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          YpzuX1ybxsXovzh9PRcTXOqcghw2W8c3b/9gEyoOBQ4=
Subject key identifier:   8F:05:2E:34:EA:A9:D9:CE:12:76:28:96:44:4C:4A:B8:B6:F5:28:4E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7FC991DEFD9FE31FE423C46E1C260BD623EC18A3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37342e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:23 +0000
ROA not before:           Mon 26 Feb 2024 08:48:23 +0000
ROA not after:            Mon 24 Feb 2025 08:53:23 +0000
asID:                     51167
IP address blocks:        31.187.74.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:c9:91:de:fd:9f:e3:1f:e4:23:c4:6e:1c:26:0b:d6:23:ec:18:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:23 2024 GMT
            Not After : Feb 24 08:53:23 2025 GMT
        Subject: CN=8F052E34EAA9D9CE12762896444C4AB8B6F5284E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:26:b0:e0:33:18:bd:50:df:1c:04:dc:0e:2e:
                    3c:16:65:59:aa:76:62:16:c3:cb:35:34:99:cb:8b:
                    f9:3f:82:a1:33:22:89:b3:f9:c5:09:44:29:9f:f6:
                    7e:15:2b:19:dc:b8:68:ec:19:f3:a9:96:be:cc:54:
                    cc:c9:29:8a:f6:96:6a:1e:1d:f7:4c:03:de:bf:9f:
                    7f:20:d4:6b:a1:0a:49:8f:e6:44:85:13:76:db:c1:
                    58:31:7b:a7:26:a1:fa:76:70:8c:2b:cd:cb:ad:46:
                    38:89:d1:f1:1e:c1:20:50:8d:82:ad:1d:0f:2a:4e:
                    a4:1b:d6:2e:17:1d:5e:54:77:94:7a:d2:f8:d5:51:
                    de:fd:9b:32:74:8d:bc:d2:4a:3e:e6:45:3f:7d:8b:
                    bc:3f:0d:95:3d:0b:2c:bc:90:d1:64:b3:e4:e2:d6:
                    da:c8:7c:a1:0a:ac:00:e6:6d:aa:14:8a:d9:f2:14:
                    72:a0:ef:37:3a:8e:d4:96:40:24:8b:f4:a2:46:be:
                    39:23:a6:e7:66:11:bc:54:55:69:98:b0:16:84:be:
                    e1:54:ed:3d:15:af:cd:d5:3b:e5:68:84:9f:b3:34:
                    ca:83:75:dc:07:8e:4d:37:df:8e:85:de:ab:f1:fd:
                    b2:a1:0b:cb:5e:94:16:d4:5e:b5:81:d6:8d:eb:ee:
                    19:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:05:2E:34:EA:A9:D9:CE:12:76:28:96:44:4C:4A:B8:B6:F5:28:4E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3138372e37342e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:52:93:63:7c:51:bb:5f:9a:a7:88:b1:67:e2:21:b4:15:8a:
         58:8d:79:bf:9e:19:15:f6:cb:af:f8:1e:c8:70:27:07:48:cc:
         c0:3c:03:5b:d4:e8:97:6f:80:c6:79:e7:9e:9d:25:2e:2f:85:
         cb:11:1e:1d:94:c0:42:45:9b:03:c0:0e:09:f7:f2:d9:89:29:
         5c:56:03:1e:2e:37:63:7d:81:d8:42:c7:24:f5:d0:52:e4:a5:
         9e:13:29:5a:3e:8e:9a:27:be:fd:61:3a:15:9e:9a:d0:df:2c:
         5d:39:1d:4f:4d:3f:d9:ce:04:af:d3:42:19:d7:7d:f3:a8:23:
         33:f3:7b:5b:1f:a1:ab:22:29:5e:9b:31:c7:78:c1:58:af:c3:
         ab:f3:c9:6f:ef:27:15:4c:d7:02:14:46:8d:ed:18:83:f0:70:
         55:25:3a:c9:d3:03:01:ec:df:82:a3:e9:6f:f3:d9:b3:db:e2:
         43:61:5f:5d:d2:25:95:03:d0:28:fb:3c:27:b0:86:52:a2:a5:
         c3:cb:2a:38:69:7f:d7:d2:c8:90:50:09:c7:97:4f:06:7d:bf:
         97:ed:01:a6:d9:ad:26:62:dd:a9:5b:4f:5b:ac:eb:2e:d6:5c:
         eb:db:18:c7:7d:1f:60:6d:0b:37:c2:12:a0:08:55:ed:ad:b3:
         b6:75:c1:db
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUf8mR3v2f4x/kI8RuHCYL1iPsGKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjNaFw0yNTAyMjQwODUzMjNaMDMxMTAvBgNV
BAMTKDhGMDUyRTM0RUFBOUQ5Q0UxMjc2Mjg5NjQ0NEM0QUI4QjZGNTI4NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKJrDgMxi9UN8cBNwOLjwWZVmq
dmIWw8s1NJnLi/k/gqEzIomz+cUJRCmf9n4VKxncuGjsGfOplr7MVMzJKYr2lmoe
HfdMA96/n38g1GuhCkmP5kSFE3bbwVgxe6cmofp2cIwrzcutRjiJ0fEewSBQjYKt
HQ8qTqQb1i4XHV5Ud5R60vjVUd79mzJ0jbzSSj7mRT99i7w/DZU9Cyy8kNFks+Ti
1trIfKEKrADmbaoUitnyFHKg7zc6jtSWQCSL9KJGvjkjpudmEbxUVWmYsBaEvuFU
7T0Vr83VO+VohJ+zNMqDddwHjk03346F3qvx/bKhC8telBbUXrWB1o3r7hnzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjwUuNOqp2c4SdiiWRExKuLb1KE4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzEzODM3MmUzNzM0
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+7
SjANBgkqhkiG9w0BAQsFAAOCAQEAAFKTY3xRu1+ap4ixZ+IhtBWKWI15v54ZFfbL
r/geyHAnB0jMwDwDW9Tol2+Axnnnnp0lLi+FyxEeHZTAQkWbA8AOCffy2YkpXFYD
Hi43Y32B2ELHJPXQUuSlnhMpWj6Omie+/WE6FZ6a0N8sXTkdT00/2c4Er9NCGdd9
86gjM/N7Wx+hqyIpXpsxx3jBWK/Dq/PJb+8nFUzXAhRGje0Yg/BwVSU6ydMDAezf
gqPpb/PZs9viQ2FfXdIllQPQKPs8J7CGUqKlw8sqOGl/19LIkFAJx5dPBn2/l+0B
ptmtJmLdqVtPW6zrLtZc69sYx30fYG0LN8ISoAhV7a2ztnXB2w==
-----END CERTIFICATE-----