Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203530363733.roa
File:                     33312e3232302e33302e302f32342d3234203d3e203530363733.roa (raw, json)
Hash identifier:          MZjpTNjjop0jWnUaR6csk36vaKsEEorVZIjRhEUQ2BI=
Subject key identifier:   C5:9E:84:F8:33:12:B6:5F:E9:21:7C:13:AE:AE:A7:82:4A:D8:4F:B0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4690E83AB51A3CEFBF239BD1301680FCF63BFB7B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203530363733.roa
Signing time:             Mon 26 Feb 2024 08:53:28 +0000
ROA not before:           Mon 26 Feb 2024 08:48:28 +0000
ROA not after:            Mon 24 Feb 2025 08:53:28 +0000
asID:                     50673
IP address blocks:        31.220.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:90:e8:3a:b5:1a:3c:ef:bf:23:9b:d1:30:16:80:fc:f6:3b:fb:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:28 2024 GMT
            Not After : Feb 24 08:53:28 2025 GMT
        Subject: CN=C59E84F83312B65FE9217C13AEAEA7824AD84FB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2f:86:36:58:2f:68:02:39:71:3a:a5:88:98:
                    58:37:11:16:37:e0:97:f9:ff:93:97:26:c4:d1:36:
                    6f:f5:2a:50:0d:bf:03:32:92:14:00:6e:4b:61:dc:
                    8c:e2:20:4f:30:a1:a0:59:98:36:bf:c8:bf:37:a4:
                    7c:28:d9:9c:f2:b3:b4:ab:24:9e:dc:a9:25:27:f3:
                    97:e7:0f:6a:c1:2f:76:ed:f3:e7:ab:82:7b:1c:27:
                    9e:60:ae:0c:ff:db:83:27:4f:f8:33:85:8d:0a:63:
                    5d:8e:5f:90:e1:f6:86:6e:14:24:fb:a2:69:1b:16:
                    7b:36:f1:6d:92:62:5d:c8:9a:df:c9:ee:6a:0e:72:
                    af:97:cc:95:4e:aa:87:4a:40:e6:2e:33:3f:c1:07:
                    53:5c:a5:13:2b:b7:de:50:12:46:55:79:33:3b:d8:
                    00:00:4e:b9:e2:36:f5:13:3b:56:00:91:e8:33:3a:
                    1b:4a:ca:cc:71:19:cd:c0:a4:64:26:ff:96:0c:33:
                    b8:a5:65:1e:47:7b:5c:5e:49:09:65:cc:b2:f0:d3:
                    35:b6:ce:6b:f1:9c:0a:69:3b:4d:c8:53:ac:de:ce:
                    22:93:c2:bd:cf:81:9c:2f:38:8f:66:bf:36:a3:98:
                    bc:2b:bb:a8:19:a1:fb:f8:16:5d:aa:67:0b:fe:8c:
                    3b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9E:84:F8:33:12:B6:5F:E9:21:7C:13:AE:AE:A7:82:4A:D8:4F:B0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33302e302f32342d3234203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:a9:92:4f:72:00:af:1a:cd:25:18:50:3e:0e:63:40:72:36:
         95:ea:d7:12:a5:46:1a:20:cc:f2:c8:ba:8a:59:6d:da:5b:f5:
         f9:01:48:53:f0:ea:eb:5c:55:17:61:d7:55:64:aa:11:72:c2:
         74:86:5a:a7:a3:e8:b1:cf:da:d3:3c:15:f0:43:93:35:17:7f:
         a6:a5:9b:50:aa:0d:fa:3d:a2:90:5d:a6:e0:48:0d:4c:db:52:
         f4:89:b4:f3:98:84:60:be:17:58:a0:1e:ba:28:c9:03:2e:64:
         7b:5f:1d:7a:93:2c:4f:f8:20:ed:ff:4b:86:de:6a:f8:89:c6:
         9e:bc:81:a3:78:8d:b9:4b:46:91:81:39:57:db:a6:f8:35:dc:
         e4:cd:ca:02:09:9e:e4:86:fb:a7:da:1b:1d:11:01:9b:5f:71:
         51:38:97:3a:a7:aa:2a:ec:74:df:fd:18:42:82:d2:e9:dc:6c:
         43:80:7e:83:67:b1:bc:d7:91:ba:d0:1a:28:70:7d:7f:9f:a9:
         1b:9e:40:c8:75:8c:ee:73:db:d6:6b:98:f3:7c:9c:df:6d:3e:
         69:0c:0e:d6:cf:4c:1f:b8:e6:be:01:de:cb:ad:33:49:d1:4e:
         1d:02:86:3d:7b:29:f4:21:d4:a4:f3:67:cf:9a:69:1d:73:53:
         8f:10:ee:e1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURpDoOrUaPO+/I5vRMBaA/PY7+3swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjhaFw0yNTAyMjQwODUzMjhaMDMxMTAvBgNV
BAMTKEM1OUU4NEY4MzMxMkI2NUZFOTIxN0MxM0FFQUVBNzgyNEFEODRGQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClL4Y2WC9oAjlxOqWImFg3ERY3
4Jf5/5OXJsTRNm/1KlANvwMykhQAbkth3IziIE8woaBZmDa/yL83pHwo2Zzys7Sr
JJ7cqSUn85fnD2rBL3bt8+ergnscJ55grgz/24MnT/gzhY0KY12OX5Dh9oZuFCT7
omkbFns28W2SYl3Imt/J7moOcq+XzJVOqodKQOYuMz/BB1NcpRMrt95QEkZVeTM7
2AAATrniNvUTO1YAkegzOhtKysxxGc3ApGQm/5YMM7ilZR5He1xeSQllzLLw0zW2
zmvxnAppO03IU6zeziKTwr3PgZwvOI9mvzajmLwru6gZofv4Fl2qZwv+jDsxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxZ6E+DMStl/pIXwTrq6ngkrYT7AwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
HjANBgkqhkiG9w0BAQsFAAOCAQEAbamST3IArxrNJRhQPg5jQHI2lerXEqVGGiDM
8si6illt2lv1+QFIU/Dq61xVF2HXVWSqEXLCdIZap6Posc/a0zwV8EOTNRd/pqWb
UKoN+j2ikF2m4EgNTNtS9Im085iEYL4XWKAeuijJAy5ke18depMsT/gg7f9Lht5q
+InGnryBo3iNuUtGkYE5V9um+DXc5M3KAgme5Ib7p9obHREBm19xUTiXOqeqKux0
3/0YQoLS6dxsQ4B+g2exvNeRutAaKHB9f5+pG55AyHWM7nPb1muY83yc320+aQwO
1s9MH7jmvgHey60zSdFOHQKGPXsp9CHUpPNnz5ppHXNTjxDu4Q==
-----END CERTIFICATE-----