Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33312e302f32342d3234203d3e203437353833.roa
File:                     33312e3232302e33312e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          la2tG3Wz4UxPgJOtJA5ysqKEqEi0WykTFLXryjG/Apg=
Subject key identifier:   4E:54:73:C3:0B:3D:28:CE:D1:6A:6C:37:4D:8E:F9:58:71:BF:8E:EF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       742299446BF1479A8687FA84CF7020108D248724
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33312e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:45:20 +0000
ROA not before:           Mon 27 Jan 2025 09:40:20 +0000
ROA not after:            Mon 26 Jan 2026 09:45:20 +0000
asID:                     47583
IP address blocks:        31.220.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:22:99:44:6b:f1:47:9a:86:87:fa:84:cf:70:20:10:8d:24:87:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:20 2025 GMT
            Not After : Jan 26 09:45:20 2026 GMT
        Subject: CN=4E5473C30B3D28CED16A6C374D8EF95871BF8EEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:91:e6:bc:e5:66:10:92:4b:32:40:bc:fe:
                    0b:e4:84:5f:04:7b:5b:fd:0c:08:b5:32:72:ae:c5:
                    c4:0d:44:61:ad:74:44:e9:47:b9:f1:6f:f7:bb:6e:
                    50:88:9b:a6:ce:d3:ff:b4:1e:76:4d:4c:12:24:ce:
                    81:6c:a2:fa:81:11:5b:7d:f3:45:98:e0:02:17:bd:
                    e2:4d:ed:ef:a5:12:33:99:75:ad:ed:a0:52:0c:03:
                    35:f0:7a:2a:07:53:63:39:53:22:ae:5a:96:9a:fb:
                    11:9a:61:81:85:40:1b:cb:ef:2d:f1:da:f0:79:a1:
                    16:8b:76:d3:27:a1:d6:d7:d8:fc:65:4d:f6:e7:c3:
                    df:9c:4f:81:3f:96:cb:39:27:73:4d:ec:bf:45:61:
                    80:73:7f:95:ba:38:55:b6:9e:5f:40:f5:d2:37:14:
                    77:cd:95:cb:4d:90:11:46:04:65:42:30:c5:4b:f7:
                    4f:61:aa:3b:c7:85:a5:92:31:4c:ef:6a:c5:34:04:
                    56:83:2d:7d:1b:a8:f6:fd:6c:0b:08:93:20:a8:b3:
                    04:a8:45:7e:f6:5e:e8:90:be:dc:73:20:52:fa:61:
                    b9:41:2c:bc:c6:b9:4d:78:7f:5a:6f:67:8c:55:a4:
                    65:17:c2:19:b0:5c:9c:e5:0d:42:82:ae:c1:d3:01:
                    97:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:54:73:C3:0B:3D:28:CE:D1:6A:6C:37:4D:8E:F9:58:71:BF:8E:EF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33312e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:52:49:50:9c:9e:0a:5b:92:0b:cb:9b:91:8e:db:af:84:39:
         2c:bf:28:95:59:2d:75:b2:6c:df:d1:7e:bb:c0:55:2d:75:4f:
         ee:9a:83:d0:45:84:0d:0b:91:cc:0f:f3:85:a0:4a:14:b3:80:
         c9:a2:10:9a:79:bb:46:75:82:33:d8:be:08:12:e2:32:41:26:
         2b:61:ca:db:14:d5:fb:e4:c7:28:35:8a:d7:b1:f6:46:fd:30:
         fa:e1:2e:08:1d:46:d5:31:cc:fb:b8:2f:d2:a7:4c:0d:a8:79:
         27:b7:c9:a0:83:7b:d1:66:29:0e:b4:35:a6:b0:dd:71:54:82:
         fc:40:97:2b:2b:00:ae:b4:2b:0f:ec:1f:4a:ad:d7:5a:c8:f9:
         8e:92:43:5e:08:ae:14:21:87:72:11:0b:13:91:aa:7c:0d:48:
         ee:e2:38:28:99:08:cf:ce:28:a3:f0:23:91:d9:3b:0f:89:f5:
         3b:3c:c0:6e:d5:ce:1c:45:5d:d3:6d:ef:3a:43:8b:4f:d6:4e:
         c9:8b:d8:a3:04:55:7a:fe:3a:f4:0c:3d:f7:08:de:e8:41:f8:
         7b:0c:19:85:ae:c6:59:5a:9e:29:1c:46:92:73:bd:e4:67:ef:
         1f:7f:aa:8b:43:58:21:db:b9:91:98:96:4d:fe:24:d4:3d:c4:
         28:b0:e6:71
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdCKZRGvxR5qGh/qEz3AgEI0khyQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMjBaFw0yNjAxMjYwOTQ1MjBaMDMxMTAvBgNV
BAMTKDRFNTQ3M0MzMEIzRDI4Q0VEMTZBNkMzNzREOEVGOTU4NzFCRjhFRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0G5HmvOVmEJJLMkC8/gvkhF8E
e1v9DAi1MnKuxcQNRGGtdETpR7nxb/e7blCIm6bO0/+0HnZNTBIkzoFsovqBEVt9
80WY4AIXveJN7e+lEjOZda3toFIMAzXweioHU2M5UyKuWpaa+xGaYYGFQBvL7y3x
2vB5oRaLdtMnodbX2PxlTfbnw9+cT4E/lss5J3NN7L9FYYBzf5W6OFW2nl9A9dI3
FHfNlctNkBFGBGVCMMVL909hqjvHhaWSMUzvasU0BFaDLX0bqPb9bAsIkyCoswSo
RX72XuiQvtxzIFL6YblBLLzGuU14f1pvZ4xVpGUXwhmwXJzlDUKCrsHTAZfxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUTlRzwws9KM7Ramw3TY75WHG/ju8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
HzANBgkqhkiG9w0BAQsFAAOCAQEAoVJJUJyeCluSC8ubkY7br4Q5LL8olVktdbJs
39F+u8BVLXVP7pqD0EWEDQuRzA/zhaBKFLOAyaIQmnm7RnWCM9i+CBLiMkEmK2HK
2xTV++THKDWK17H2Rv0w+uEuCB1G1THM+7gv0qdMDah5J7fJoIN70WYpDrQ1prDd
cVSC/ECXKysArrQrD+wfSq3XWsj5jpJDXgiuFCGHchELE5GqfA1I7uI4KJkIz84o
o/Ajkdk7D4n1OzzAbtXOHEVd023vOkOLT9ZOyYvYowRVev469Aw99wje6EH4ewwZ
ha7GWVqeKRxGknO95GfvH3+qi0NYIdu5kZiWTf4k1D3EKLDmcQ==
-----END CERTIFICATE-----