Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e31352e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          zKy1mZUR2gT61xqDRUqFzy7H3ughOXJfFrLWy7P1dDM=
Subject key identifier:   E6:B6:88:B1:27:95:3C:30:BD:35:F8:32:C2:1E:61:81:21:AE:5E:06
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       37C8D1C0FC3BAD46E8B3399A79BDCBECA6AF7BDB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa
Signing time:             Sun 24 May 2026 09:24:29 +0000
ROA not before:           Sun 24 May 2026 09:19:29 +0000
ROA not after:            Sun 23 May 2027 09:24:29 +0000
asID:                     63473
IP address blocks:        31.220.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:c8:d1:c0:fc:3b:ad:46:e8:b3:39:9a:79:bd:cb:ec:a6:af:7b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 24 09:19:29 2026 GMT
            Not After : May 23 09:24:29 2027 GMT
        Subject: CN=E6B688B127953C30BD35F832C21E618121AE5E06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:61:1a:c4:37:3a:5b:84:b6:2a:52:e5:c2:41:
                    4d:06:1e:12:d2:7c:5f:46:04:f0:99:44:c7:55:82:
                    11:a9:30:7f:91:13:34:59:be:ef:3a:e5:fd:3f:b2:
                    83:7e:f6:83:6c:84:52:88:0b:4f:dc:8f:9e:20:f7:
                    23:e1:db:b6:fe:f7:a6:7c:a7:1e:f9:03:fd:9b:61:
                    9b:33:a3:a7:47:20:82:08:8e:ca:83:7b:e2:46:5f:
                    66:0f:16:0f:97:6a:53:1e:26:be:37:58:bb:73:b5:
                    7a:c8:5a:46:fd:65:d2:ab:21:ce:0c:da:37:8d:73:
                    25:04:2d:ea:53:11:c2:42:a4:16:da:d8:60:f7:a3:
                    6c:c1:f5:8d:bc:45:e6:44:56:89:df:66:9b:9c:7c:
                    0d:60:95:3d:2b:c5:c2:41:61:60:14:a6:14:ac:4c:
                    8f:54:ba:da:61:80:02:93:a8:39:35:0b:8e:e1:86:
                    f4:83:b2:e3:54:9d:9a:01:19:bc:97:3d:0b:04:6f:
                    93:00:d9:73:b0:2e:bd:4a:bb:f2:6a:2b:f3:2a:b3:
                    cf:d8:e5:ad:09:93:c9:da:a9:82:2a:d2:ff:f5:39:
                    d8:a1:0d:8a:f5:98:19:87:f0:3b:8d:2f:a9:4c:dd:
                    98:93:98:a6:b1:ba:e5:4f:97:38:4d:bb:b0:21:ec:
                    1a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:B6:88:B1:27:95:3C:30:BD:35:F8:32:C2:1E:61:81:21:AE:5E:06
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e31352e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:7d:e7:da:a6:14:b9:20:32:aa:ea:fe:08:cb:04:9a:ea:c5:
         ac:ab:d0:ca:71:25:21:57:c4:c2:c6:e9:10:6f:e7:f4:40:ae:
         82:dc:c1:6c:55:e0:e2:f0:3e:17:3d:eb:0c:2d:52:14:3e:40:
         2c:5f:1f:de:24:9c:fc:0d:5c:db:c9:e7:aa:1a:7b:6a:17:54:
         4c:d9:50:05:b8:57:ee:b5:c2:52:cf:34:0a:00:db:2f:93:3a:
         bb:cb:1e:2d:2c:d4:d9:db:d1:8e:16:d6:e5:27:e0:b1:c5:21:
         e9:23:8d:fe:ee:4b:a7:df:41:a7:34:25:37:04:6d:b9:89:48:
         8f:7b:87:7a:f7:0a:0d:12:51:76:38:41:06:5b:b9:d1:ea:94:
         08:33:3b:f0:bb:c1:cb:a8:ae:0d:4c:23:d0:9d:45:26:c6:41:
         e8:ee:a3:ba:0a:fb:0d:12:c6:f9:46:63:95:88:a6:38:44:5b:
         b3:d4:7e:3b:fb:74:b4:e1:ff:1d:ae:5c:b8:05:2f:12:66:a8:
         bb:b0:ba:70:39:a6:a2:82:f1:cc:77:ea:51:9b:e3:fe:89:50:
         2d:3d:22:b3:fe:7c:68:3e:de:e8:80:a7:b2:f3:c6:f0:75:fc:
         ef:ef:4e:09:e8:43:cb:5e:e2:e0:a2:eb:43:0b:5c:4e:05:b9:
         94:48:6c:bb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUN8jRwPw7rUboszmaeb3L7Kave9swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjQwOTE5MjlaFw0yNzA1MjMwOTI0MjlaMDMxMTAvBgNV
BAMTKEU2QjY4OEIxMjc5NTNDMzBCRDM1RjgzMkMyMUU2MTgxMjFBRTVFMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRYRrENzpbhLYqUuXCQU0GHhLS
fF9GBPCZRMdVghGpMH+REzRZvu865f0/soN+9oNshFKIC0/cj54g9yPh27b+96Z8
px75A/2bYZszo6dHIIIIjsqDe+JGX2YPFg+XalMeJr43WLtztXrIWkb9ZdKrIc4M
2jeNcyUELepTEcJCpBba2GD3o2zB9Y28ReZEVonfZpucfA1glT0rxcJBYWAUphSs
TI9UutphgAKTqDk1C47hhvSDsuNUnZoBGbyXPQsEb5MA2XOwLr1Ku/JqK/Mqs8/Y
5a0Jk8naqYIq0v/1OdihDYr1mBmH8DuNL6lM3ZiTmKaxuuVPlzhNu7Ah7BodAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5raIsSeVPDC9Nfgywh5hgSGuXgYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
DzANBgkqhkiG9w0BAQsFAAOCAQEATH3n2qYUuSAyqur+CMsEmurFrKvQynElIVfE
wsbpEG/n9ECugtzBbFXg4vA+Fz3rDC1SFD5ALF8f3iSc/A1c28nnqhp7ahdUTNlQ
BbhX7rXCUs80CgDbL5M6u8seLSzU2dvRjhbW5SfgscUh6SON/u5Lp99BpzQlNwRt
uYlIj3uHevcKDRJRdjhBBlu50eqUCDM78LvBy6iuDUwj0J1FJsZB6O6jugr7DRLG
+UZjlYimOERbs9R+O/t0tOH/Ha5cuAUvEmaou7C6cDmmooLxzHfqUZvj/olQLT0i
s/58aD7e6ICnsvPG8HX87+9OCehDy17i4KLrQwtcTgW5lEhsuw==
-----END CERTIFICATE-----