Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e31352e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          xNOEGcaq+7rAEJFhBNZklKtVGbS9SD2uFuj5ISr2QoI=
Subject key identifier:   A4:E1:E4:78:FA:06:2D:41:EA:D1:06:C6:CA:5E:97:61:87:C1:D7:C3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3C0A311BA4A9BD47AEA90AB00024567FD270C55A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa
Signing time:             Sun 20 Aug 2023 07:14:47 +0000
ROA not before:           Sun 20 Aug 2023 07:09:47 +0000
ROA not after:            Sun 18 Aug 2024 07:14:47 +0000
asID:                     63473
IP address blocks:        31.220.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:0a:31:1b:a4:a9:bd:47:ae:a9:0a:b0:00:24:56:7f:d2:70:c5:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 20 07:09:47 2023 GMT
            Not After : Aug 18 07:14:47 2024 GMT
        Subject: CN=A4E1E478FA062D41EAD106C6CA5E976187C1D7C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:34:6c:3b:c1:d2:53:7f:06:51:d2:68:00:f6:
                    ff:fa:ae:95:20:4d:39:84:c7:1d:5f:4d:6b:b9:7b:
                    50:a6:56:8c:a0:5b:69:37:aa:93:bf:9a:72:d4:1b:
                    31:5f:e3:e2:20:0e:7a:b9:32:cc:9f:15:f7:e8:4d:
                    0d:eb:d2:35:c0:ba:e1:7a:bd:cd:b3:c2:9d:49:8d:
                    74:e0:27:5e:99:0b:76:bc:70:2c:3c:cc:b8:bc:1d:
                    96:a4:c1:1b:ec:60:53:71:0a:1a:a3:8f:f0:51:09:
                    e3:d3:4e:d2:68:2d:4d:54:58:92:eb:77:6e:b7:13:
                    c0:9f:38:b8:8b:80:1c:09:84:62:d7:cc:0c:3e:75:
                    17:e0:c6:35:7c:bd:32:5b:23:c2:ed:9d:12:f6:92:
                    fb:52:7f:d8:ac:77:2a:06:96:26:83:61:4f:57:ea:
                    6e:ae:b1:c1:11:73:64:bb:62:13:f5:14:26:f2:2f:
                    45:48:b8:a0:30:20:6e:dd:ca:7c:6b:2d:59:72:9a:
                    a7:6a:5f:01:03:80:60:b7:ae:54:79:5c:34:1c:bf:
                    e3:ec:02:9d:d3:19:77:37:55:76:59:5c:b5:3f:d1:
                    83:18:5a:be:24:47:ad:6c:c6:c4:39:6a:0a:b2:76:
                    35:11:e1:d3:e7:2b:56:23:39:ca:47:5b:4d:e7:d3:
                    b3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E1:E4:78:FA:06:2D:41:EA:D1:06:C6:CA:5E:97:61:87:C1:D7:C3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:3f:79:f6:ed:8f:f0:5f:a4:b7:9a:3c:91:6d:9f:5d:03:78:
         f7:60:5b:5e:64:45:92:df:b4:05:54:d6:65:50:3f:e5:c2:fb:
         27:f3:58:44:ba:b0:ad:d0:98:ec:f2:97:cd:15:e4:5e:39:0a:
         da:fd:a0:78:75:c5:16:34:54:1a:f5:73:2d:4a:b5:d2:ee:2f:
         60:99:24:34:71:60:8f:7c:f4:9b:09:f6:0a:87:ee:0f:77:2a:
         79:f6:f2:68:12:5b:83:84:ec:19:e3:d4:b7:95:40:48:8e:06:
         af:b2:24:94:80:c5:a2:d3:79:92:6d:32:6b:e1:05:5a:fa:fd:
         d3:f3:0b:48:87:56:b0:b8:4e:05:96:bb:9b:18:0b:ae:17:fd:
         7c:88:a7:7f:64:42:1e:e2:5f:cf:0c:a3:47:db:73:63:02:65:
         b3:6d:35:60:73:a5:62:ec:f1:ae:4d:e7:fc:b3:46:79:df:98:
         db:b6:cc:02:95:27:33:ab:4c:77:3e:52:08:4c:3c:4d:78:79:
         37:02:6e:4d:05:90:17:a2:6d:c8:d0:7d:00:1b:12:fd:d0:09:
         ae:5a:ae:fb:52:f9:db:03:51:27:d7:bd:c8:d3:49:0f:03:f6:
         17:75:61:5c:00:e4:14:45:bc:c7:00:da:1b:1d:cb:5f:40:17:
         92:db:3c:77
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPAoxG6SpvUeuqQqwACRWf9JwxVowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MjAwNzA5NDdaFw0yNDA4MTgwNzE0NDdaMDMxMTAvBgNV
BAMTKEE0RTFFNDc4RkEwNjJENDFFQUQxMDZDNkNBNUU5NzYxODdDMUQ3QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCNGw7wdJTfwZR0mgA9v/6rpUg
TTmExx1fTWu5e1CmVoygW2k3qpO/mnLUGzFf4+IgDnq5MsyfFffoTQ3r0jXAuuF6
vc2zwp1JjXTgJ16ZC3a8cCw8zLi8HZakwRvsYFNxChqjj/BRCePTTtJoLU1UWJLr
d263E8CfOLiLgBwJhGLXzAw+dRfgxjV8vTJbI8LtnRL2kvtSf9isdyoGliaDYU9X
6m6uscERc2S7YhP1FCbyL0VIuKAwIG7dynxrLVlymqdqXwEDgGC3rlR5XDQcv+Ps
Ap3TGXc3VXZZXLU/0YMYWr4kR61sxsQ5agqydjUR4dPnK1YjOcpHW03n07NXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpOHkePoGLUHq0QbGyl6XYYfB18MwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
DzANBgkqhkiG9w0BAQsFAAOCAQEAXz959u2P8F+kt5o8kW2fXQN492BbXmRFkt+0
BVTWZVA/5cL7J/NYRLqwrdCY7PKXzRXkXjkK2v2geHXFFjRUGvVzLUq10u4vYJkk
NHFgj3z0mwn2CofuD3cqefbyaBJbg4TsGePUt5VASI4Gr7IklIDFotN5km0ya+EF
Wvr90/MLSIdWsLhOBZa7mxgLrhf9fIinf2RCHuJfzwyjR9tzYwJls201YHOlYuzx
rk3n/LNGed+Y27bMApUnM6tMdz5SCEw8TXh5NwJuTQWQF6JtyNB9ABsS/dAJrlqu
+1L52wNRJ9e9yNNJDwP2F3VhXADkFEW8xwDaGx3LX0AXkts8dw==
-----END CERTIFICATE-----