Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203530363733.roa
File:                     33312e3232302e34332e302f32342d3234203d3e203530363733.roa (raw, json)
Hash identifier:          hmWmOUhxvAIPz1727pMjbDt3n+hUNLqNanCrWxje2KU=
Subject key identifier:   AC:C2:EE:DF:2D:2E:C1:B8:F7:12:B3:CC:29:9D:45:F9:5E:9A:0A:6B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1FFCC9D7CDF204562AAC4F6D95C8C130D71444A8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203530363733.roa
Signing time:             Mon 26 Feb 2024 08:53:05 +0000
ROA not before:           Mon 26 Feb 2024 08:48:05 +0000
ROA not after:            Mon 24 Feb 2025 08:53:05 +0000
asID:                     50673
IP address blocks:        31.220.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:fc:c9:d7:cd:f2:04:56:2a:ac:4f:6d:95:c8:c1:30:d7:14:44:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:05 2024 GMT
            Not After : Feb 24 08:53:05 2025 GMT
        Subject: CN=ACC2EEDF2D2EC1B8F712B3CC299D45F95E9A0A6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8d:fe:4d:37:d6:68:e6:10:9f:ce:7c:95:07:
                    71:bf:82:9c:7f:21:d6:56:89:70:1f:9b:67:bc:f7:
                    4d:da:e4:12:9e:2d:e1:3b:6b:c3:40:99:fb:b5:dd:
                    50:9f:8d:0f:50:c7:40:71:8c:61:b8:71:6c:64:8b:
                    d1:03:8a:1c:1d:6f:d2:fd:72:db:d8:a5:f0:1b:c2:
                    ee:64:f9:7b:86:2b:33:aa:b0:33:88:fb:90:18:04:
                    69:c5:b0:66:38:9d:63:85:11:5b:fe:a1:c4:da:9f:
                    bb:0d:64:74:55:7c:1b:1e:0f:1e:06:ba:e5:da:19:
                    b2:a8:8b:9e:91:7a:1e:35:3b:eb:12:c1:40:8f:68:
                    c8:60:7a:0c:3f:8c:97:77:85:a1:f9:d5:28:8d:15:
                    e1:41:59:08:ea:c2:6c:95:1d:e3:e5:49:af:8d:99:
                    55:f2:cb:5f:a0:ef:12:ef:1e:c4:71:66:0b:27:9d:
                    23:d2:8c:94:a0:e3:09:c0:c5:db:3e:c2:92:aa:ea:
                    9c:9e:d7:af:db:f2:db:eb:d5:00:ce:1c:4d:34:78:
                    b4:45:f4:83:e8:ab:bd:f3:12:88:a6:27:1a:40:53:
                    90:ee:f8:85:7c:cb:27:b8:df:c1:cb:4e:15:ed:ed:
                    26:dc:9f:58:4b:2f:a7:87:2e:78:bb:6b:2e:b0:40:
                    63:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C2:EE:DF:2D:2E:C1:B8:F7:12:B3:CC:29:9D:45:F9:5E:9A:0A:6B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e9:f2:42:d8:49:b4:02:92:ec:59:92:49:d4:fa:bc:d8:46:
         6f:66:85:66:c3:88:85:45:34:7c:71:bf:24:fe:6c:ac:f1:aa:
         2b:37:59:5a:f3:c3:be:11:3b:b8:72:23:ff:78:9e:9c:da:c5:
         b4:9d:90:ff:59:1b:3a:47:c6:2e:aa:15:e2:81:5e:c6:c4:cf:
         91:a5:4e:7a:fc:b4:b4:01:76:95:b7:6e:c3:0c:55:9b:39:93:
         5a:1a:d1:27:34:3b:c0:35:80:cf:a2:6e:f5:8c:3b:06:05:7e:
         5b:f0:7a:8c:e8:ca:f3:53:21:e7:0d:c3:0d:14:96:56:cc:bb:
         41:39:bb:86:e8:b0:88:5e:2a:b9:d8:e5:42:e5:a4:0b:47:3e:
         10:e5:d1:48:3b:ac:bf:fc:68:40:81:06:82:28:ad:a3:f1:2e:
         95:11:bf:2a:10:03:f0:3b:43:d9:44:24:38:cc:1d:0a:85:c7:
         c9:51:91:f3:56:c8:9f:4a:62:bc:aa:eb:df:dd:05:09:35:68:
         3e:33:3e:e0:c0:89:67:c6:62:3c:5d:eb:9e:19:2d:14:66:5a:
         59:24:48:59:39:c2:9a:f5:6a:c7:98:fb:72:41:cd:b8:df:3c:
         e1:fb:3e:24:00:7b:2e:81:5b:71:59:a8:bd:c7:d3:f2:8c:05:
         88:9d:70:8f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUH/zJ183yBFYqrE9tlcjBMNcURKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDVaFw0yNTAyMjQwODUzMDVaMDMxMTAvBgNV
BAMTKEFDQzJFRURGMkQyRUMxQjhGNzEyQjNDQzI5OUQ0NUY5NUU5QTBBNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxjf5NN9Zo5hCfznyVB3G/gpx/
IdZWiXAfm2e8903a5BKeLeE7a8NAmfu13VCfjQ9Qx0BxjGG4cWxki9EDihwdb9L9
ctvYpfAbwu5k+XuGKzOqsDOI+5AYBGnFsGY4nWOFEVv+ocTan7sNZHRVfBseDx4G
uuXaGbKoi56Reh41O+sSwUCPaMhgegw/jJd3haH51SiNFeFBWQjqwmyVHePlSa+N
mVXyy1+g7xLvHsRxZgsnnSPSjJSg4wnAxds+wpKq6pye16/b8tvr1QDOHE00eLRF
9IPoq73zEoimJxpAU5Du+IV8yye438HLThXt7Sbcn1hLL6eHLni7ay6wQGMpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrMLu3y0uwbj3ErPMKZ1F+V6aCmswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
KzANBgkqhkiG9w0BAQsFAAOCAQEAeunyQthJtAKS7FmSSdT6vNhGb2aFZsOIhUU0
fHG/JP5srPGqKzdZWvPDvhE7uHIj/3ienNrFtJ2Q/1kbOkfGLqoV4oFexsTPkaVO
evy0tAF2lbduwwxVmzmTWhrRJzQ7wDWAz6Ju9Yw7BgV+W/B6jOjK81Mh5w3DDRSW
Vsy7QTm7huiwiF4qudjlQuWkC0c+EOXRSDusv/xoQIEGgiito/EulRG/KhAD8DtD
2UQkOMwdCoXHyVGR81bIn0pivKrr390FCTVoPjM+4MCJZ8ZiPF3rnhktFGZaWSRI
WTnCmvVqx5j7ckHNuN884fs+JAB7LoFbcVmovcfT8owFiJ1wjw==
-----END CERTIFICATE-----