Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34322e302f32342d3234203d3e203530363733.roa
File:                     33312e3232302e34322e302f32342d3234203d3e203530363733.roa (raw, json)
Hash identifier:          T6vvkvJH/rxzMccTW2ITqe32hU3dOKlbq7JplKhxzIo=
Subject key identifier:   59:76:CD:36:5B:B6:5F:80:23:29:4B:BC:7D:C0:F1:2D:FB:BC:04:F0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       02DC988FBE4423265D70621E485D46A49BE8F21C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34322e302f32342d3234203d3e203530363733.roa
Signing time:             Mon 26 Feb 2024 08:53:07 +0000
ROA not before:           Mon 26 Feb 2024 08:48:07 +0000
ROA not after:            Mon 24 Feb 2025 08:53:07 +0000
asID:                     50673
IP address blocks:        31.220.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:dc:98:8f:be:44:23:26:5d:70:62:1e:48:5d:46:a4:9b:e8:f2:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:07 2024 GMT
            Not After : Feb 24 08:53:07 2025 GMT
        Subject: CN=5976CD365BB65F8023294BBC7DC0F12DFBBC04F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e1:fa:46:65:1b:0b:c7:4f:f6:3e:91:07:a2:
                    5a:89:23:c6:0a:7d:25:a4:b0:09:d1:05:c4:09:92:
                    1d:c1:10:f2:84:a1:de:d4:aa:44:a5:31:28:47:77:
                    72:3f:ec:41:40:a5:c9:04:f2:44:71:bd:4c:73:11:
                    61:ce:dc:0e:8b:a8:9c:c9:fe:16:e6:c5:91:23:8a:
                    de:0e:74:b9:2d:7a:49:4c:a5:57:c3:ed:f4:ef:dc:
                    79:5b:40:97:77:de:5d:95:92:67:d3:13:ec:bc:73:
                    82:d0:96:5f:df:d6:62:6d:d1:77:03:bd:c8:df:ed:
                    44:89:f8:0c:eb:c0:8f:ae:e4:cf:5b:e0:9b:46:90:
                    1c:e6:4b:ce:d4:bd:98:3b:10:b0:85:21:82:58:05:
                    ea:89:92:f8:21:3f:96:61:3b:c3:e7:8a:c5:14:df:
                    b8:ff:f6:9f:1e:55:07:b3:21:1b:e7:39:6d:5a:93:
                    21:9e:2a:da:38:ab:49:61:3b:de:b1:01:00:d5:81:
                    f3:cd:5a:1e:d7:28:bc:85:40:78:68:13:77:bd:d9:
                    3b:db:11:19:7b:9b:46:37:9b:6d:bc:26:bc:ba:9d:
                    2f:c3:85:2e:b3:72:fa:cc:83:1a:2e:a9:59:49:48:
                    e5:36:60:64:b9:12:cc:c0:dc:84:84:b2:47:83:ed:
                    ef:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:76:CD:36:5B:B6:5F:80:23:29:4B:BC:7D:C0:F1:2D:FB:BC:04:F0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34322e302f32342d3234203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:fd:76:0f:b9:90:0c:b1:86:30:bc:33:4e:67:cb:ea:d7:c2:
         1f:6f:bf:f0:8b:1c:9b:fa:f6:62:4c:e3:b2:7a:32:b5:16:78:
         cf:c5:ee:22:4a:99:ce:d1:07:bd:3b:2e:ba:d1:19:c3:5b:70:
         42:06:6f:6d:0a:02:94:a2:25:9e:bd:f6:3a:59:66:74:8c:9d:
         3f:8f:75:07:f6:3e:d3:2c:41:22:86:48:00:e9:7a:ca:8c:31:
         a2:4a:2c:7c:66:44:7e:ca:11:f2:98:8e:d3:5e:68:4b:10:41:
         89:ce:43:7f:80:ac:4e:16:c1:5d:2a:05:38:a2:3b:cb:b4:ef:
         1c:1d:20:27:63:a7:0d:79:6b:05:70:0c:76:d8:04:eb:bb:f6:
         22:52:20:05:b1:96:f2:42:2b:c4:2d:1a:8e:5e:07:6d:56:78:
         0f:4f:a6:0e:c1:05:ba:5f:59:12:49:96:ac:ce:2d:65:ea:09:
         97:16:22:a3:b4:3c:54:1a:0f:60:c2:09:bd:81:2f:73:09:89:
         8c:b1:4c:ac:dc:88:5d:f8:d0:fb:47:68:11:8d:46:e6:1a:1c:
         75:c6:d8:7c:96:31:6f:2c:3c:0e:7d:28:fa:c5:4c:51:ef:16:
         d9:ea:f3:17:a8:31:92:0e:21:cc:14:39:2c:82:b2:c7:2a:e9:
         0e:62:09:34
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAtyYj75EIyZdcGIeSF1GpJvo8hwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDdaFw0yNTAyMjQwODUzMDdaMDMxMTAvBgNV
BAMTKDU5NzZDRDM2NUJCNjVGODAyMzI5NEJCQzdEQzBGMTJERkJCQzA0RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv4fpGZRsLx0/2PpEHolqJI8YK
fSWksAnRBcQJkh3BEPKEod7UqkSlMShHd3I/7EFApckE8kRxvUxzEWHO3A6LqJzJ
/hbmxZEjit4OdLkteklMpVfD7fTv3HlbQJd33l2VkmfTE+y8c4LQll/f1mJt0XcD
vcjf7USJ+AzrwI+u5M9b4JtGkBzmS87UvZg7ELCFIYJYBeqJkvghP5ZhO8PnisUU
37j/9p8eVQezIRvnOW1akyGeKto4q0lhO96xAQDVgfPNWh7XKLyFQHhoE3e92Tvb
ERl7m0Y3m228Jry6nS/DhS6zcvrMgxouqVlJSOU2YGS5EszA3ISEskeD7e91AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWXbNNlu2X4AjKUu8fcDxLfu8BPAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
KjANBgkqhkiG9w0BAQsFAAOCAQEAHf12D7mQDLGGMLwzTmfL6tfCH2+/8Iscm/r2
YkzjsnoytRZ4z8XuIkqZztEHvTsuutEZw1twQgZvbQoClKIlnr32OllmdIydP491
B/Y+0yxBIoZIAOl6yowxokosfGZEfsoR8piO015oSxBBic5Df4CsThbBXSoFOKI7
y7TvHB0gJ2OnDXlrBXAMdtgE67v2IlIgBbGW8kIrxC0ajl4HbVZ4D0+mDsEFul9Z
EkmWrM4tZeoJlxYio7Q8VBoPYMIJvYEvcwmJjLFMrNyIXfjQ+0doEY1G5hocdcbY
fJYxbyw8Dn0o+sVMUe8W2erzF6gxkg4hzBQ5LIKyxyrpDmIJNA==
-----END CERTIFICATE-----