Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e34332e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          9+HVke9fC/jY1kil99VPxk26KG9dx48p4xYhdC3f8m8=
Subject key identifier:   C0:2D:D3:18:08:4C:A2:A8:DA:0A:32:3F:71:D2:F3:91:75:C1:A0:C3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6BEF71AB8051D744CD16CEDB6EA9873A47278F58
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 27 Jan 2025 09:45:19 +0000
ROA not before:           Mon 27 Jan 2025 09:40:19 +0000
ROA not after:            Mon 26 Jan 2026 09:45:19 +0000
asID:                     63473
IP address blocks:        31.220.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:ef:71:ab:80:51:d7:44:cd:16:ce:db:6e:a9:87:3a:47:27:8f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:19 2025 GMT
            Not After : Jan 26 09:45:19 2026 GMT
        Subject: CN=C02DD318084CA2A8DA0A323F71D2F39175C1A0C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a0:a9:04:3d:32:51:3c:ad:80:4d:00:3f:68:
                    f3:99:84:27:f8:28:ee:04:1c:13:98:fb:5c:2d:f0:
                    cb:e1:df:b9:c5:35:d6:8e:9f:4e:81:08:a3:7d:b6:
                    30:e3:a0:92:33:8e:20:c9:12:ba:45:75:aa:b6:e5:
                    bd:5b:83:38:16:ce:1d:ac:8d:36:e2:b3:47:d8:2b:
                    7e:1f:21:ae:50:15:2e:06:7d:7d:7a:75:cc:e8:9a:
                    55:0e:b4:2b:26:bb:28:a1:b6:08:5c:51:68:2e:88:
                    51:bf:e0:9e:26:80:7c:03:9b:94:2e:44:e8:61:00:
                    df:6b:75:be:a8:6e:b2:74:90:94:a2:38:e8:af:f6:
                    a6:2a:8a:97:73:b8:b0:0c:87:98:04:6a:33:87:3d:
                    27:6d:5e:ac:87:d7:f7:bf:26:cf:1e:53:85:75:2a:
                    de:bf:b3:b8:10:00:b6:fb:10:ad:fe:d0:0f:0e:16:
                    53:33:89:da:30:9a:48:34:69:73:d2:80:6d:57:17:
                    f0:9f:1e:eb:7a:fe:15:15:c8:8c:29:01:9f:0b:46:
                    94:d3:85:4f:b1:6a:da:9a:5b:de:ff:22:3f:1c:3d:
                    65:e3:0d:df:1b:93:ff:49:6c:8a:d9:28:fb:68:ac:
                    12:c6:aa:14:96:59:b6:b0:59:c4:80:f9:75:32:7b:
                    61:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:2D:D3:18:08:4C:A2:A8:DA:0A:32:3F:71:D2:F3:91:75:C1:A0:C3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:e6:93:67:c8:28:2a:d3:3f:d8:c9:19:3e:7f:66:7b:50:a9:
         af:70:4a:a0:ea:69:ba:f5:7b:c9:bb:f9:7b:52:0d:20:85:43:
         70:c7:6b:04:c7:f3:a0:77:ef:15:54:87:05:28:a2:91:3f:16:
         72:05:1a:a8:9c:e0:52:b6:0c:66:52:0f:25:28:68:90:27:a0:
         96:99:81:00:59:67:05:6e:ec:b6:61:39:5e:72:62:4f:5d:25:
         e9:d0:88:0c:1f:30:1d:c8:4a:15:7f:ec:eb:df:ae:ac:fa:55:
         8c:77:5e:d1:45:fd:f8:ea:71:07:cd:d4:8a:08:91:a6:38:95:
         92:ce:9f:7e:6f:22:21:54:0b:0b:45:8b:d6:a7:e2:cb:f3:45:
         28:99:b4:fc:eb:6c:ef:4b:ba:9a:48:11:04:3f:97:89:5d:e1:
         1f:02:89:a6:07:70:18:0f:be:4d:b2:eb:8e:f6:11:df:ae:6d:
         57:5b:da:8d:3b:8a:14:cd:e1:7a:c7:16:4c:78:ca:a6:40:ac:
         ee:5b:ab:15:80:15:78:17:25:49:8c:ce:13:1e:92:41:75:47:
         01:d3:23:f7:e1:20:48:03:58:06:74:77:66:24:8d:0c:7f:f4:
         4f:78:9d:f9:f3:ae:6d:f8:f5:f5:c4:f1:01:a7:e7:c3:28:6a:
         d8:89:68:c4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUa+9xq4BR10TNFs7bbqmHOkcnj1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMTlaFw0yNjAxMjYwOTQ1MTlaMDMxMTAvBgNV
BAMTKEMwMkREMzE4MDg0Q0EyQThEQTBBMzIzRjcxRDJGMzkxNzVDMUEwQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfoKkEPTJRPK2ATQA/aPOZhCf4
KO4EHBOY+1wt8Mvh37nFNdaOn06BCKN9tjDjoJIzjiDJErpFdaq25b1bgzgWzh2s
jTbis0fYK34fIa5QFS4GfX16dczomlUOtCsmuyihtghcUWguiFG/4J4mgHwDm5Qu
ROhhAN9rdb6obrJ0kJSiOOiv9qYqipdzuLAMh5gEajOHPSdtXqyH1/e/Js8eU4V1
Kt6/s7gQALb7EK3+0A8OFlMzidowmkg0aXPSgG1XF/CfHut6/hUVyIwpAZ8LRpTT
hU+xatqaW97/Ij8cPWXjDd8bk/9JbIrZKPtorBLGqhSWWbawWcSA+XUye2EPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwC3TGAhMoqjaCjI/cdLzkXXBoMMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
KzANBgkqhkiG9w0BAQsFAAOCAQEAdOaTZ8goKtM/2MkZPn9me1Cpr3BKoOppuvV7
ybv5e1INIIVDcMdrBMfzoHfvFVSHBSiikT8WcgUaqJzgUrYMZlIPJShokCeglpmB
AFlnBW7stmE5XnJiT10l6dCIDB8wHchKFX/s69+urPpVjHde0UX9+OpxB83UigiR
pjiVks6ffm8iIVQLC0WL1qfiy/NFKJm0/Ots70u6mkgRBD+XiV3hHwKJpgdwGA++
TbLrjvYR365tV1vajTuKFM3hescWTHjKpkCs7lurFYAVeBclSYzOEx6SQXVHAdMj
9+EgSANYBnR3ZiSNDH/0T3id+fOubfj19cTxAafnwyhq2IloxA==
-----END CERTIFICATE-----