Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203530363733.roa
File:                     33312e3232302e33302e302f32342d3234203d3e203530363733.roa (raw, json)
Hash identifier:          9/JqIP69+i/IGT/lA6MzRlu7+izI/wB75UN3FPUvwZA=
Subject key identifier:   BE:39:F4:04:61:47:D2:ED:BE:B8:69:6D:2A:0E:AD:C7:44:44:2D:0B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       50B59F715B886D2D3246837ECED039DF2B9F5182
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203530363733.roa
Signing time:             Mon 27 Jan 2025 09:44:58 +0000
ROA not before:           Mon 27 Jan 2025 09:39:58 +0000
ROA not after:            Mon 26 Jan 2026 09:44:58 +0000
asID:                     50673
IP address blocks:        31.220.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:b5:9f:71:5b:88:6d:2d:32:46:83:7e:ce:d0:39:df:2b:9f:51:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:39:58 2025 GMT
            Not After : Jan 26 09:44:58 2026 GMT
        Subject: CN=BE39F4046147D2EDBEB8696D2A0EADC744442D0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3a:cb:ee:2a:23:e3:ef:38:92:2d:ff:09:7d:
                    c1:69:46:e1:5e:26:32:65:34:c9:cb:24:1b:5b:1e:
                    98:ce:94:0b:27:1d:17:2a:b6:02:c0:f5:e0:b4:6b:
                    c5:c8:a1:5d:43:e5:9e:2e:91:7e:2e:fe:86:5d:1a:
                    be:63:32:4d:00:70:1b:80:9f:0d:ff:9f:34:40:9f:
                    39:09:6c:b4:33:43:a4:ef:a8:86:72:51:49:dc:97:
                    bd:b3:66:a5:8e:c5:cc:c9:d4:ea:67:6f:46:0a:55:
                    35:11:5a:bc:ca:9d:53:49:d1:51:f0:3d:c4:b9:ca:
                    bd:04:9a:9d:e7:fa:d4:0a:c1:c1:2e:74:e8:6a:09:
                    09:ff:b8:4c:8c:ef:7d:7d:7e:10:05:05:17:e7:30:
                    5f:6a:cc:2f:68:73:f3:1b:0d:35:42:5d:5e:2f:cb:
                    ae:9d:5a:b9:46:dc:c0:64:b3:00:71:f4:1d:22:1d:
                    4f:c4:8d:7d:07:52:e7:23:40:83:5d:e9:e8:74:fd:
                    eb:f4:4f:d3:08:8b:99:d2:57:66:4a:68:b3:87:18:
                    f5:12:f5:a6:68:16:ee:ca:ff:34:cd:21:70:6b:30:
                    57:35:eb:b6:3d:6a:a3:28:60:8c:6e:22:4b:b9:f0:
                    83:9d:90:ed:8a:b5:67:5b:e9:37:03:42:21:cf:ef:
                    19:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:39:F4:04:61:47:D2:ED:BE:B8:69:6D:2A:0E:AD:C7:44:44:2D:0B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ef:fe:c6:c4:b6:38:af:33:3d:7f:37:b3:1b:7d:9a:15:bc:
         ff:7b:48:e9:0e:c3:42:50:c3:c8:7c:20:06:09:ac:7e:1e:f2:
         80:bb:a9:7b:62:f1:ba:d3:c9:7c:33:4a:0e:ff:5a:7b:fa:e4:
         8e:ee:b1:ca:1d:dc:4b:19:dd:99:e6:b7:75:8f:6e:1e:97:d3:
         de:f8:5c:ed:28:70:31:1a:36:85:bc:3f:2f:00:2f:72:c3:66:
         85:81:b9:1b:2e:19:58:aa:a2:ed:54:13:e8:ca:54:01:10:df:
         ba:f2:2c:2f:11:18:e4:62:26:c2:78:d4:cc:77:1b:f2:b3:91:
         8a:ce:5f:bd:f9:61:67:b5:32:3f:ee:d2:de:70:b5:f1:a3:fd:
         7d:eb:f4:7a:b1:b5:fa:5a:04:dc:a8:83:60:52:ab:d9:64:ce:
         40:19:81:dc:cb:bb:98:3c:76:4b:fe:e5:40:b1:fe:65:86:b8:
         01:4e:8d:fe:e5:36:46:1f:ee:8a:e6:f8:09:12:b7:96:c4:ca:
         b4:61:9f:8b:64:2d:02:d7:f5:5a:19:34:11:30:e6:da:23:df:
         68:9a:aa:fa:1e:cd:26:4a:9a:83:f7:74:1f:25:f9:ac:55:e4:
         50:ca:12:72:d4:18:4d:0e:e2:a8:9f:6d:3c:a4:8f:96:14:b9:
         0a:48:80:47
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUULWfcVuIbS0yRoN+ztA53yufUYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTM5NThaFw0yNjAxMjYwOTQ0NThaMDMxMTAvBgNV
BAMTKEJFMzlGNDA0NjE0N0QyRURCRUI4Njk2RDJBMEVBREM3NDQ0NDJEMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGOsvuKiPj7ziSLf8JfcFpRuFe
JjJlNMnLJBtbHpjOlAsnHRcqtgLA9eC0a8XIoV1D5Z4ukX4u/oZdGr5jMk0AcBuA
nw3/nzRAnzkJbLQzQ6TvqIZyUUncl72zZqWOxczJ1Opnb0YKVTURWrzKnVNJ0VHw
PcS5yr0Emp3n+tQKwcEudOhqCQn/uEyM7319fhAFBRfnMF9qzC9oc/MbDTVCXV4v
y66dWrlG3MBkswBx9B0iHU/EjX0HUucjQINd6eh0/ev0T9MIi5nSV2ZKaLOHGPUS
9aZoFu7K/zTNIXBrMFc167Y9aqMoYIxuIku58IOdkO2KtWdb6TcDQiHP7xkFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvjn0BGFH0u2+uGltKg6tx0RELQswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
HjANBgkqhkiG9w0BAQsFAAOCAQEAcu/+xsS2OK8zPX83sxt9mhW8/3tI6Q7DQlDD
yHwgBgmsfh7ygLupe2LxutPJfDNKDv9ae/rkju6xyh3cSxndmea3dY9uHpfT3vhc
7ShwMRo2hbw/LwAvcsNmhYG5Gy4ZWKqi7VQT6MpUARDfuvIsLxEY5GImwnjUzHcb
8rORis5fvflhZ7UyP+7S3nC18aP9fev0erG1+loE3KiDYFKr2WTOQBmB3Mu7mDx2
S/7lQLH+ZYa4AU6N/uU2Rh/uiub4CRK3lsTKtGGfi2QtAtf1Whk0ETDm2iPfaJqq
+h7NJkqag/d0HyX5rFXkUMoSctQYTQ7iqJ9tPKSPlhS5CkiARw==
-----END CERTIFICATE-----