Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e342e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e342e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          IZh8plrO3njJgB2G7L990vs+mRDeH99YWczibjgLzlE=
Subject key identifier:   07:27:B6:46:70:EA:CC:86:5C:F0:4F:E9:E4:E6:6B:7D:09:C3:0D:A2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2815728588B4376C14B3470FF618A30B8281ACA4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e342e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 26 Feb 2024 08:53:22 +0000
ROA not before:           Mon 26 Feb 2024 08:48:22 +0000
ROA not after:            Mon 24 Feb 2025 08:53:22 +0000
asID:                     63473
IP address blocks:        31.220.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:15:72:85:88:b4:37:6c:14:b3:47:0f:f6:18:a3:0b:82:81:ac:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:22 2024 GMT
            Not After : Feb 24 08:53:22 2025 GMT
        Subject: CN=0727B64670EACC865CF04FE9E4E66B7D09C30DA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:56:b8:18:f3:93:42:0c:d7:c0:8d:ef:be:7a:
                    51:fd:9e:7d:fa:90:05:47:52:6b:a9:ef:7a:38:eb:
                    87:3b:ef:82:1f:8c:94:e6:31:3c:1b:39:4c:71:5f:
                    d4:80:29:5e:cc:12:70:ba:1e:db:33:1a:72:60:0d:
                    57:29:e3:23:94:b8:ce:60:c6:03:68:9f:a9:9b:ee:
                    d4:ec:92:4d:4f:a9:83:ce:ae:e8:31:26:5e:d3:a0:
                    c5:58:57:b7:ef:9e:f0:07:27:64:d7:42:98:71:2b:
                    d8:ce:ca:18:d1:36:ae:55:3c:73:d7:13:6d:ed:63:
                    3b:00:5d:fb:f0:2d:12:cb:87:3b:21:a9:04:c6:da:
                    41:55:67:73:47:da:fa:53:5d:e7:67:b1:bf:e9:55:
                    a8:95:d2:96:05:f2:34:6e:54:8e:15:43:6b:82:ab:
                    bb:9b:30:d8:f4:0b:81:0d:3c:66:ba:34:b8:5a:bf:
                    5a:85:2f:21:ad:b7:6f:6b:c4:e5:43:87:1d:51:82:
                    cc:f9:97:98:9c:5d:f0:33:fd:a4:43:9f:07:c0:b1:
                    16:c2:4a:06:7f:9f:c9:23:60:aa:f1:69:a5:6d:6a:
                    ef:b6:59:27:b2:e2:52:96:60:9c:6c:ca:58:c5:be:
                    54:ac:c3:bb:34:3a:3d:49:c3:92:b8:c5:04:98:9d:
                    8c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:27:B6:46:70:EA:CC:86:5C:F0:4F:E9:E4:E6:6B:7D:09:C3:0D:A2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e342e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ec:06:e2:88:e0:eb:ac:d7:04:7c:f8:1d:6c:75:66:dc:e7:
         4c:17:7b:2e:1c:ce:12:d7:ef:3d:97:64:88:23:2c:73:cf:bf:
         81:0b:84:1a:bb:f5:70:06:46:7e:a7:b6:33:a3:04:ff:53:f9:
         e6:db:b3:d9:ad:e9:63:0b:9c:9d:d9:0e:a5:ae:ff:43:c5:d4:
         3d:ea:51:48:89:12:f3:02:5a:50:f4:25:eb:1b:f2:20:6d:da:
         be:be:ba:5d:3b:cd:78:25:d9:2c:06:3f:3b:37:f1:aa:c7:38:
         51:a8:16:a1:70:d2:43:02:4e:f5:7a:5c:79:2d:cf:95:65:98:
         46:a1:15:fe:8e:d2:65:88:f7:7a:8d:44:ea:76:04:10:cb:8f:
         d4:72:0e:df:25:ec:52:0a:c6:06:d1:0a:b4:3f:01:0c:bc:8f:
         a7:95:f0:e5:d1:4b:ac:c3:56:15:7b:df:c5:a1:e5:7e:e1:8a:
         46:77:8f:c3:b4:25:59:1b:f1:4c:c0:70:f8:f8:0c:2b:71:ec:
         ae:b2:48:55:f1:a2:8a:91:0a:2f:fe:81:17:91:ed:93:44:82:
         85:7a:0a:fe:d9:62:43:45:42:43:53:9b:70:5b:e2:c1:b2:ff:
         67:1e:e1:ea:01:3a:67:7b:69:de:16:0e:d6:2e:a4:07:57:e4:
         f4:f6:bf:47
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKBVyhYi0N2wUs0cP9hijC4KBrKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjJaFw0yNTAyMjQwODUzMjJaMDMxMTAvBgNV
BAMTKDA3MjdCNjQ2NzBFQUNDODY1Q0YwNEZFOUU0RTY2QjdEMDlDMzBEQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmVrgY85NCDNfAje++elH9nn36
kAVHUmup73o464c774IfjJTmMTwbOUxxX9SAKV7MEnC6HtszGnJgDVcp4yOUuM5g
xgNon6mb7tTskk1PqYPOrugxJl7ToMVYV7fvnvAHJ2TXQphxK9jOyhjRNq5VPHPX
E23tYzsAXfvwLRLLhzshqQTG2kFVZ3NH2vpTXednsb/pVaiV0pYF8jRuVI4VQ2uC
q7ubMNj0C4ENPGa6NLhav1qFLyGtt29rxOVDhx1Rgsz5l5icXfAz/aRDnwfAsRbC
SgZ/n8kjYKrxaaVtau+2WSey4lKWYJxsyljFvlSsw7s0Oj1Jw5K4xQSYnYxzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBye2RnDqzIZc8E/p5OZrfQnDDaIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAf3AQw
DQYJKoZIhvcNAQELBQADggEBACDsBuKI4Ous1wR8+B1sdWbc50wXey4czhLX7z2X
ZIgjLHPPv4ELhBq79XAGRn6ntjOjBP9T+ebbs9mt6WMLnJ3ZDqWu/0PF1D3qUUiJ
EvMCWlD0Jesb8iBt2r6+ul07zXgl2SwGPzs38arHOFGoFqFw0kMCTvV6XHktz5Vl
mEahFf6O0mWI93qNROp2BBDLj9RyDt8l7FIKxgbRCrQ/AQy8j6eV8OXRS6zDVhV7
38Wh5X7hikZ3j8O0JVkb8UzAcPj4DCtx7K6ySFXxooqRCi/+gReR7ZNEgoV6Cv7Z
YkNFQkNTm3Bb4sGy/2ce4eoBOmd7ad4WDtYupAdX5PT2v0c=
-----END CERTIFICATE-----