Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31332e302f32342d3234203d3e203237343538.roa
File:                     33312e3232302e31332e302f32342d3234203d3e203237343538.roa (raw, json)
Hash identifier:          NbBdIiuJJvVq0Px7s3o+KrP1ZVw+hRQXKufOO8JjaYQ=
Subject key identifier:   C6:34:E3:EE:B8:B8:B0:85:28:D0:B0:17:FB:97:8B:07:49:45:02:F4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6300802EB823DC429B6B3BB6D2C52EA6E50EF775
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31332e302f32342d3234203d3e203237343538.roa
Signing time:             Mon 26 Feb 2024 08:53:04 +0000
ROA not before:           Mon 26 Feb 2024 08:48:04 +0000
ROA not after:            Mon 24 Feb 2025 08:53:04 +0000
asID:                     27458
IP address blocks:        31.220.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:00:80:2e:b8:23:dc:42:9b:6b:3b:b6:d2:c5:2e:a6:e5:0e:f7:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:04 2024 GMT
            Not After : Feb 24 08:53:04 2025 GMT
        Subject: CN=C634E3EEB8B8B08528D0B017FB978B07494502F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:03:d9:12:de:60:a3:8f:77:81:2e:a9:3c:04:
                    f1:69:a5:74:cf:ed:ad:3e:1b:4b:c9:d1:b3:18:08:
                    8d:e0:67:29:e4:bc:20:a3:14:02:ed:5f:f9:9c:41:
                    25:69:61:c1:69:2c:07:fc:ba:a3:a7:92:b1:c5:41:
                    53:6c:a4:f3:01:6e:28:36:6c:90:94:a1:48:1b:8e:
                    55:d7:c9:88:36:c5:ae:88:e6:10:f2:e7:2d:7c:1b:
                    fa:4f:d2:5a:dd:5f:a0:aa:2a:ef:5d:92:52:e6:e1:
                    d2:69:89:6a:cc:69:18:4d:0a:cd:1f:ba:95:ad:d1:
                    ca:b5:1e:4d:00:ad:78:ab:04:28:cb:c4:c8:d8:6e:
                    3f:99:ca:7e:a5:e3:97:16:8e:ac:25:6b:5e:aa:7c:
                    9f:a1:9c:d9:82:22:7a:5f:7c:55:3d:0c:f9:6a:97:
                    c0:d4:20:ba:75:33:b2:84:0f:06:90:c4:fa:b2:79:
                    c0:d0:54:7f:da:99:fc:fd:58:81:a9:3c:c3:1f:c2:
                    b3:20:e6:de:6b:e3:7d:d5:da:9e:46:db:86:43:4c:
                    10:87:84:9f:a5:28:09:2f:6b:d9:6d:23:9f:36:9f:
                    07:fe:60:29:46:bd:a9:df:09:de:b5:a0:18:e7:8f:
                    d6:3f:40:5d:2e:44:40:52:48:7e:10:a9:fa:da:96:
                    0d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:34:E3:EE:B8:B8:B0:85:28:D0:B0:17:FB:97:8B:07:49:45:02:F4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31332e302f32342d3234203d3e203237343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:d3:2e:7b:ec:90:42:9f:cc:47:be:a5:ce:28:f9:3a:28:0a:
         6a:be:31:34:27:f1:88:91:b1:55:65:d4:5b:d7:ce:2c:cd:f4:
         23:73:1c:49:bc:57:46:b0:4f:04:66:bd:57:1e:8b:2b:a6:83:
         35:f1:80:36:44:81:87:c7:5c:d1:a3:d1:05:48:1a:01:ac:df:
         74:18:31:84:cf:83:68:3a:d7:c5:81:3e:24:21:00:a4:4d:1c:
         dc:2c:ff:31:ca:1f:59:fc:c1:62:b0:5c:98:f5:16:38:f7:8f:
         46:fe:f1:a2:2e:07:a3:00:a6:45:ef:7f:ad:da:68:7a:a7:9d:
         fc:05:12:1e:12:c4:77:04:c4:c2:2f:ea:0d:fa:5c:f4:56:dc:
         56:1a:f8:8e:72:4b:0a:c3:ce:f7:99:b5:ef:65:a6:19:e7:90:
         84:90:a9:26:91:d5:b1:19:e5:5b:62:23:1c:18:30:4e:4e:dd:
         a0:cf:57:ca:4d:ff:ea:36:ae:1e:c6:65:89:25:74:b2:e9:cc:
         9a:59:74:6f:be:51:8f:ed:76:03:d1:76:b5:6e:28:28:fb:39:
         32:dd:5e:d3:64:6a:51:fd:3b:c6:c4:d0:24:2c:bf:d9:80:be:
         12:67:3c:8b:ca:53:fd:16:da:80:7a:65:f5:39:00:1a:f3:61:
         81:b2:51:4d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYwCALrgj3EKbazu20sUupuUO93UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDRaFw0yNTAyMjQwODUzMDRaMDMxMTAvBgNV
BAMTKEM2MzRFM0VFQjhCOEIwODUyOEQwQjAxN0ZCOTc4QjA3NDk0NTAyRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmA9kS3mCjj3eBLqk8BPFppXTP
7a0+G0vJ0bMYCI3gZynkvCCjFALtX/mcQSVpYcFpLAf8uqOnkrHFQVNspPMBbig2
bJCUoUgbjlXXyYg2xa6I5hDy5y18G/pP0lrdX6CqKu9dklLm4dJpiWrMaRhNCs0f
upWt0cq1Hk0ArXirBCjLxMjYbj+Zyn6l45cWjqwla16qfJ+hnNmCInpffFU9DPlq
l8DUILp1M7KEDwaQxPqyecDQVH/amfz9WIGpPMMfwrMg5t5r433V2p5G24ZDTBCH
hJ+lKAkva9ltI582nwf+YClGvanfCd61oBjnj9Y/QF0uREBSSH4Qqfralg1dAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxjTj7ri4sIUo0LAX+5eLB0lFAvQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNzM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
DTANBgkqhkiG9w0BAQsFAAOCAQEAYtMue+yQQp/MR76lzij5OigKar4xNCfxiJGx
VWXUW9fOLM30I3McSbxXRrBPBGa9Vx6LK6aDNfGANkSBh8dc0aPRBUgaAazfdBgx
hM+DaDrXxYE+JCEApE0c3Cz/McofWfzBYrBcmPUWOPePRv7xoi4HowCmRe9/rdpo
eqed/AUSHhLEdwTEwi/qDfpc9FbcVhr4jnJLCsPO95m172WmGeeQhJCpJpHVsRnl
W2IjHBgwTk7doM9Xyk3/6jauHsZliSV0sunMmll0b75Rj+12A9F2tW4oKPs5Mt1e
02RqUf07xsTQJCy/2YC+Emc8i8pT/RbagHpl9TkAGvNhgbJRTQ==
-----END CERTIFICATE-----