Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e31352e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          cjmM5eZgxhr+cDMGhz0PV25iMlJCNcdCMcj/SaYg1C8=
Subject key identifier:   70:99:62:B6:55:99:BF:B7:B5:F1:D0:49:E1:65:26:26:EF:B3:2B:A4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5A6D6C64D419EA8F158B876FDB59F211B81ADFB8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa
Signing time:             Sun 21 Jul 2024 08:04:18 +0000
ROA not before:           Sun 21 Jul 2024 07:59:18 +0000
ROA not after:            Sun 20 Jul 2025 08:04:18 +0000
asID:                     63473
IP address blocks:        31.220.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:6d:6c:64:d4:19:ea:8f:15:8b:87:6f:db:59:f2:11:b8:1a:df:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 21 07:59:18 2024 GMT
            Not After : Jul 20 08:04:18 2025 GMT
        Subject: CN=709962B65599BFB7B5F1D049E1652626EFB32BA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:09:f9:32:ed:8c:1c:18:76:da:cd:84:97:f0:
                    f7:e4:3d:75:92:ad:6c:cd:1f:ff:64:5d:a1:77:63:
                    9a:06:9e:11:a5:78:cb:29:5e:80:37:32:fd:9d:49:
                    30:d7:6f:f7:ed:b3:59:87:d6:9e:1f:80:e8:46:c2:
                    69:1a:0f:aa:66:e1:ef:96:bd:1f:a8:e6:f1:91:b0:
                    e3:42:a5:2a:fa:8e:45:47:34:41:fd:89:9e:62:1a:
                    8f:bb:e5:fa:27:7f:ec:94:ba:b5:8e:82:4c:fe:5e:
                    84:81:6c:10:78:00:0f:62:44:0b:e9:5f:4c:34:b7:
                    1b:0f:47:20:db:f0:71:b4:b8:5e:91:d3:c5:c9:4b:
                    eb:11:2d:7f:93:8f:05:d8:71:41:ef:9e:04:8f:2d:
                    ea:c5:e1:9d:c1:b7:cf:8f:a6:14:ec:31:ab:04:65:
                    17:39:f3:17:a9:d9:62:d5:f5:de:a2:c2:60:62:87:
                    1a:18:df:62:7c:0f:6d:ea:f6:bc:a3:7c:d8:8f:85:
                    86:98:b2:cb:e6:ae:cb:c6:6f:ce:51:26:e5:a8:2d:
                    50:ce:9c:02:43:33:08:49:df:d0:82:d7:8e:f2:5d:
                    82:7a:08:46:a0:6a:e7:7d:17:05:a7:dd:73:b1:26:
                    f4:00:65:98:60:12:fb:e1:80:5c:f4:f5:8f:ce:7f:
                    74:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:99:62:B6:55:99:BF:B7:B5:F1:D0:49:E1:65:26:26:EF:B3:2B:A4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:53:ce:94:b4:e4:ba:b7:81:dc:74:4d:88:6e:37:f4:93:6b:
         28:4d:9e:77:4a:18:40:d4:a8:c4:df:71:2c:83:fa:ba:fe:b7:
         e0:ab:32:c2:bd:9d:16:5b:6f:cb:9c:6b:2c:cb:b3:e5:68:cf:
         56:6a:fd:3f:e2:0a:68:32:51:16:ff:39:96:b0:10:8d:fa:93:
         0b:c5:53:b3:f7:2e:bc:b5:98:12:70:64:31:7e:87:b7:a0:29:
         48:ec:94:b1:bb:e8:40:cb:ee:3c:6f:67:a2:6a:ce:53:34:e8:
         05:f9:15:8b:28:66:e5:4f:0a:04:0f:85:cc:cd:58:fd:ba:3c:
         e1:63:ff:e4:87:44:80:66:d6:02:b7:ae:40:d2:c3:c7:9b:e3:
         6c:15:2d:33:37:76:87:ac:e0:3d:03:f5:23:d2:bd:8a:df:29:
         bb:1d:ae:59:be:51:16:a9:72:98:24:31:0d:b4:d2:d8:de:af:
         de:e0:87:5c:1d:75:26:da:c3:fa:c8:3c:ce:05:5c:7e:a7:cf:
         71:81:da:34:7f:0b:da:89:d0:c4:b5:38:6e:9b:3b:8a:2c:fa:
         c7:3f:64:5e:0d:5f:cb:fe:c0:d5:6d:3e:45:55:7d:88:cd:eb:
         36:92:b8:99:a9:5e:de:d2:d7:1c:9d:3b:6f:a6:31:20:b0:b3:
         95:f7:d3:31
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWm1sZNQZ6o8Vi4dv21nyEbga37gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MjEwNzU5MThaFw0yNTA3MjAwODA0MThaMDMxMTAvBgNV
BAMTKDcwOTk2MkI2NTU5OUJGQjdCNUYxRDA0OUUxNjUyNjI2RUZCMzJCQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeCfky7YwcGHbazYSX8PfkPXWS
rWzNH/9kXaF3Y5oGnhGleMspXoA3Mv2dSTDXb/fts1mH1p4fgOhGwmkaD6pm4e+W
vR+o5vGRsONCpSr6jkVHNEH9iZ5iGo+75fonf+yUurWOgkz+XoSBbBB4AA9iRAvp
X0w0txsPRyDb8HG0uF6R08XJS+sRLX+TjwXYcUHvngSPLerF4Z3Bt8+PphTsMasE
ZRc58xep2WLV9d6iwmBihxoY32J8D23q9ryjfNiPhYaYssvmrsvGb85RJuWoLVDO
nAJDMwhJ39CC147yXYJ6CEagaud9FwWn3XOxJvQAZZhgEvvhgFz09Y/Of3SjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcJlitlWZv7e18dBJ4WUmJu+zK6QwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
DzANBgkqhkiG9w0BAQsFAAOCAQEAT1POlLTkureB3HRNiG439JNrKE2ed0oYQNSo
xN9xLIP6uv634Ksywr2dFltvy5xrLMuz5WjPVmr9P+IKaDJRFv85lrAQjfqTC8VT
s/cuvLWYEnBkMX6Ht6ApSOyUsbvoQMvuPG9nomrOUzToBfkViyhm5U8KBA+FzM1Y
/bo84WP/5IdEgGbWAreuQNLDx5vjbBUtMzd2h6zgPQP1I9K9it8pux2uWb5RFqly
mCQxDbTS2N6v3uCHXB11JtrD+sg8zgVcfqfPcYHaNH8L2onQxLU4bps7iiz6xz9k
Xg1fy/7A1W0+RVV9iM3rNpK4male3tLXHJ07b6YxILCzlffTMQ==
-----END CERTIFICATE-----