Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203530363733.roa
File:                     33312e3232302e34332e302f32342d3234203d3e203530363733.roa (raw, json)
Hash identifier:          Wt1STXELemwM0m81uuTaAf3Ggt41RszrkPxnKDEGPq0=
Subject key identifier:   4B:A2:AB:73:7C:F0:1A:0C:02:2F:9E:AC:5C:12:F9:53:A0:6F:78:C9
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       564699A5D754DCA771C50375DF410D257048F66A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203530363733.roa
Signing time:             Mon 27 Jan 2025 09:45:08 +0000
ROA not before:           Mon 27 Jan 2025 09:40:08 +0000
ROA not after:            Mon 26 Jan 2026 09:45:08 +0000
asID:                     50673
IP address blocks:        31.220.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:46:99:a5:d7:54:dc:a7:71:c5:03:75:df:41:0d:25:70:48:f6:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:08 2025 GMT
            Not After : Jan 26 09:45:08 2026 GMT
        Subject: CN=4BA2AB737CF01A0C022F9EAC5C12F953A06F78C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:62:88:13:53:81:26:66:5b:3d:40:59:ad:d2:
                    59:3a:7e:e7:0c:a7:3c:a0:d7:73:52:05:22:42:8d:
                    4a:55:0a:0f:cf:6d:38:8b:79:a0:d4:cf:3a:15:45:
                    9a:a7:c3:f4:03:3d:60:95:dd:b5:b2:91:fe:57:ad:
                    ad:0d:54:2d:b7:38:64:e7:be:22:c7:1f:d9:70:0b:
                    80:07:1e:5d:a1:0c:0e:c0:40:45:ca:23:80:53:ff:
                    a8:da:ba:38:5a:bc:43:22:c5:37:ce:62:72:34:96:
                    76:60:06:a2:e2:a6:98:19:c2:ed:ca:27:f7:95:85:
                    aa:48:4f:bf:8e:1d:3c:49:72:40:47:1b:c6:c3:7b:
                    60:37:93:a2:2e:3b:c4:41:9f:cc:cd:9f:b2:03:83:
                    a8:4c:3f:7a:e1:e7:ce:05:d6:e0:0c:02:38:ea:e2:
                    92:93:96:ce:a6:97:75:c2:b3:5d:10:63:6f:58:73:
                    4a:7b:2a:f5:09:47:3c:22:d9:c3:1d:2e:65:6b:cc:
                    85:bb:11:d0:6c:fa:6b:bf:f8:88:fe:11:57:bf:67:
                    06:f1:18:b7:30:90:7a:ef:11:42:af:b9:cc:7c:b0:
                    2e:00:41:3c:94:f8:b6:47:b4:93:8a:62:c5:65:ed:
                    4b:eb:a8:74:28:8a:b0:e5:e5:3c:e1:30:c1:c2:96:
                    a4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A2:AB:73:7C:F0:1A:0C:02:2F:9E:AC:5C:12:F9:53:A0:6F:78:C9
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:26:c3:f2:08:d8:d0:94:a1:f2:52:04:e2:45:fe:a9:08:3e:
         31:28:3c:2f:2f:02:84:b6:e2:98:fc:78:30:ec:e8:e2:68:00:
         36:29:c6:00:0c:b3:95:8a:07:a4:73:0a:a2:d5:6f:b2:16:c2:
         1b:47:0c:6d:5c:2e:64:70:b9:d0:0e:3e:5e:f0:31:eb:1e:b9:
         cd:ca:de:0b:b4:93:1d:81:13:ce:43:ec:08:62:8a:bd:98:c5:
         f1:46:3f:88:c9:7e:01:86:de:44:4b:4e:99:a6:0f:a3:4f:a8:
         fc:0e:95:4f:7b:ba:52:d5:1a:65:6b:ae:30:da:e8:6e:a3:e0:
         44:42:c8:42:dc:04:b9:97:49:05:1a:2d:6d:b2:64:fe:d6:5e:
         f1:c7:7e:fe:75:e2:c8:66:54:c4:1e:a9:d4:d4:05:6d:0a:5f:
         26:4d:e3:0e:78:02:fc:07:bc:2f:7e:5f:a2:c8:51:e8:c8:ba:
         a4:ef:43:b7:c4:9a:ae:00:f0:19:2a:28:cb:46:02:30:2c:a0:
         af:fb:86:5d:93:40:de:b3:02:08:7b:66:b8:39:27:dd:c8:a0:
         24:24:77:8b:58:a0:4f:5b:12:9c:9f:5c:8e:60:4a:e3:26:24:
         07:9e:d0:cc:be:fd:7d:63:ab:d8:5d:7f:22:8f:3b:4f:88:4b:
         48:11:b2:be
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVkaZpddU3KdxxQN130ENJXBI9mowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMDhaFw0yNjAxMjYwOTQ1MDhaMDMxMTAvBgNV
BAMTKDRCQTJBQjczN0NGMDFBMEMwMjJGOUVBQzVDMTJGOTUzQTA2Rjc4QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIYogTU4EmZls9QFmt0lk6fucM
pzyg13NSBSJCjUpVCg/PbTiLeaDUzzoVRZqnw/QDPWCV3bWykf5Xra0NVC23OGTn
viLHH9lwC4AHHl2hDA7AQEXKI4BT/6jaujhavEMixTfOYnI0lnZgBqLippgZwu3K
J/eVhapIT7+OHTxJckBHG8bDe2A3k6IuO8RBn8zNn7IDg6hMP3rh584F1uAMAjjq
4pKTls6ml3XCs10QY29Yc0p7KvUJRzwi2cMdLmVrzIW7EdBs+mu/+Ij+EVe/Zwbx
GLcwkHrvEUKvucx8sC4AQTyU+LZHtJOKYsVl7UvrqHQoirDl5TzhMMHClqSlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUS6Krc3zwGgwCL56sXBL5U6BveMkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
KzANBgkqhkiG9w0BAQsFAAOCAQEAWCbD8gjY0JSh8lIE4kX+qQg+MSg8Ly8ChLbi
mPx4MOzo4mgANinGAAyzlYoHpHMKotVvshbCG0cMbVwuZHC50A4+XvAx6x65zcre
C7STHYETzkPsCGKKvZjF8UY/iMl+AYbeREtOmaYPo0+o/A6VT3u6UtUaZWuuMNro
bqPgRELIQtwEuZdJBRotbbJk/tZe8cd+/nXiyGZUxB6p1NQFbQpfJk3jDngC/Ae8
L35foshR6Mi6pO9Dt8SargDwGSooy0YCMCygr/uGXZNA3rMCCHtmuDkn3cigJCR3
i1igT1sSnJ9cjmBK4yYkB57QzL79fWOr2F1/Io87T4hLSBGyvg==
-----END CERTIFICATE-----