Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203432373038.roa
File:                     33312e3232302e34332e302f32342d3234203d3e203432373038.roa (raw, json)
Hash identifier:          0+9ShSFA9z/HWrd6JUZ+raAWfzE5avVlHXBVTvU52Fo=
Subject key identifier:   8A:CC:7E:07:24:E0:60:AB:6F:5A:11:90:25:E1:F1:63:F8:63:FF:41
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       10267ACD74DB9B03646DB5BC000DDA206B9A9DC5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203432373038.roa
Signing time:             Mon 26 Feb 2024 08:53:15 +0000
ROA not before:           Mon 26 Feb 2024 08:48:15 +0000
ROA not after:            Mon 24 Feb 2025 08:53:15 +0000
asID:                     42708
IP address blocks:        31.220.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:26:7a:cd:74:db:9b:03:64:6d:b5:bc:00:0d:da:20:6b:9a:9d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:15 2024 GMT
            Not After : Feb 24 08:53:15 2025 GMT
        Subject: CN=8ACC7E0724E060AB6F5A119025E1F163F863FF41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:af:46:3e:92:8c:2d:25:2a:23:b7:f4:0d:a7:
                    2e:71:5a:fb:aa:6d:5e:c4:d9:b9:14:a2:3a:55:11:
                    68:36:0b:72:c9:91:9c:aa:8f:97:1d:f3:90:6c:91:
                    e3:b8:9c:9b:61:46:f5:48:4a:b9:80:3c:6b:29:f5:
                    8b:be:d5:dc:ae:f7:34:e5:63:a8:78:52:e8:db:62:
                    8d:68:84:4e:c0:e5:cc:5e:b3:10:8b:a2:e0:22:70:
                    30:56:6b:16:15:31:fc:0b:22:cc:19:09:01:2c:c6:
                    f5:6c:55:91:90:f8:48:9b:31:8d:a6:b8:23:37:d1:
                    58:32:26:bb:e8:4b:81:4f:71:34:7a:90:b0:82:1b:
                    cd:b6:43:6e:06:07:b3:b1:8a:bb:03:3b:cb:84:b2:
                    59:f2:3a:9a:e0:53:cb:ac:b4:42:f0:e9:b6:1a:ac:
                    3c:9f:c4:89:b6:be:84:6d:87:2c:d1:70:98:84:97:
                    79:2c:b1:90:ce:b4:a2:a7:6d:55:e9:06:89:df:38:
                    f6:69:0f:81:8a:57:b6:bf:ca:53:31:66:61:fa:11:
                    34:68:a8:66:d0:f0:1d:31:7e:82:58:76:d5:37:28:
                    dd:9b:3b:6c:14:7a:a6:0d:32:3e:29:fd:48:d3:5b:
                    4b:78:b2:37:88:08:1f:3a:c3:0e:f9:b4:19:71:0d:
                    2d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:CC:7E:07:24:E0:60:AB:6F:5A:11:90:25:E1:F1:63:F8:63:FF:41
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203432373038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:1d:0e:ea:f7:eb:c6:75:5e:39:76:b4:c0:5a:91:05:d7:7a:
         75:85:48:3b:77:4b:39:d7:76:dc:cd:23:c4:cf:49:5a:b0:dd:
         30:42:ac:9b:bd:9d:cc:b5:f0:6a:93:6f:8e:d7:e9:f5:15:1a:
         d5:f5:eb:d0:13:a3:d7:50:b0:a8:10:4a:64:a8:6b:08:c1:dd:
         9c:4b:85:d7:37:c2:dd:58:a1:1a:f9:37:04:6b:84:59:df:74:
         b2:3c:b3:3d:43:a6:a5:83:c2:03:02:7d:42:f7:4d:1b:2e:78:
         e1:3f:79:0d:ab:a8:d4:fb:32:80:8b:71:f2:d6:29:60:4c:eb:
         bb:3d:dc:0b:cd:13:c5:48:a7:32:5f:34:29:c6:49:ba:48:89:
         d5:76:10:ad:b7:d0:1c:43:90:e6:c3:cb:74:59:ac:6f:e7:20:
         a3:a4:b0:15:9d:d9:80:ad:e2:89:75:50:35:c9:08:d7:8e:7e:
         05:e0:2c:cb:97:c5:69:90:fd:0d:b1:c5:35:4c:db:95:7e:68:
         59:7d:41:d3:d2:db:a3:f2:02:76:37:2b:90:ca:62:6a:b3:91:
         c0:f3:11:82:d1:3f:91:5a:24:88:35:15:0f:3d:5e:54:f1:11:
         ca:9b:67:3d:89:b4:0a:d0:85:6b:70:07:21:b8:ac:46:73:3e:
         39:bc:31:41
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUECZ6zXTbmwNkbbW8AA3aIGuancUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTVaFw0yNTAyMjQwODUzMTVaMDMxMTAvBgNV
BAMTKDhBQ0M3RTA3MjRFMDYwQUI2RjVBMTE5MDI1RTFGMTYzRjg2M0ZGNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1r0Y+kowtJSojt/QNpy5xWvuq
bV7E2bkUojpVEWg2C3LJkZyqj5cd85BskeO4nJthRvVISrmAPGsp9Yu+1dyu9zTl
Y6h4UujbYo1ohE7A5cxesxCLouAicDBWaxYVMfwLIswZCQEsxvVsVZGQ+EibMY2m
uCM30VgyJrvoS4FPcTR6kLCCG822Q24GB7OxirsDO8uEslnyOprgU8ustELw6bYa
rDyfxIm2voRthyzRcJiEl3kssZDOtKKnbVXpBonfOPZpD4GKV7a/ylMxZmH6ETRo
qGbQ8B0xfoJYdtU3KN2bO2wUeqYNMj4p/UjTW0t4sjeICB86ww75tBlxDS2BAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUisx+ByTgYKtvWhGQJeHxY/hj/0EwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM3MzAzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
KzANBgkqhkiG9w0BAQsFAAOCAQEAgx0O6vfrxnVeOXa0wFqRBdd6dYVIO3dLOdd2
3M0jxM9JWrDdMEKsm72dzLXwapNvjtfp9RUa1fXr0BOj11CwqBBKZKhrCMHdnEuF
1zfC3VihGvk3BGuEWd90sjyzPUOmpYPCAwJ9QvdNGy544T95Dauo1PsygItx8tYp
YEzruz3cC80TxUinMl80KcZJukiJ1XYQrbfQHEOQ5sPLdFmsb+cgo6SwFZ3ZgK3i
iXVQNckI145+BeAsy5fFaZD9DbHFNUzblX5oWX1B09Lbo/ICdjcrkMpiarORwPMR
gtE/kVokiDUVDz1eVPERyptnPYm0CtCFa3AHIbisRnM+ObwxQQ==
-----END CERTIFICATE-----