Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e34332e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          BHDiqkmtnLy+lykM1l6ni5pZZHjrnmQUyvbyjSsbXG4=
Subject key identifier:   C3:35:9B:37:55:64:AA:3A:83:AD:DE:38:BA:16:3E:CE:ED:D1:43:3A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2EB2BFA9C5E4E3A4E030D5F14FD4E97AE0B7240F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 26 Feb 2024 08:53:04 +0000
ROA not before:           Mon 26 Feb 2024 08:48:04 +0000
ROA not after:            Mon 24 Feb 2025 08:53:04 +0000
asID:                     63473
IP address blocks:        31.220.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:b2:bf:a9:c5:e4:e3:a4:e0:30:d5:f1:4f:d4:e9:7a:e0:b7:24:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:04 2024 GMT
            Not After : Feb 24 08:53:04 2025 GMT
        Subject: CN=C3359B375564AA3A83ADDE38BA163ECEEDD1433A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:dd:1e:f3:4d:76:19:85:f3:b4:39:e0:6c:b2:
                    b9:d4:2c:d2:04:d6:5c:f6:71:67:a0:da:c1:73:82:
                    e2:e2:08:dd:54:7c:af:0c:1b:0a:7c:49:ce:96:f9:
                    03:68:b9:04:34:48:6e:ab:a9:dd:3e:19:2c:b9:81:
                    44:be:ac:53:01:0e:a3:ce:1d:84:38:a6:0b:ca:27:
                    51:46:c0:ca:f4:12:96:c4:78:64:76:f4:5a:52:1a:
                    56:bb:77:76:8e:91:24:66:2a:58:6a:f9:a3:31:31:
                    07:0c:99:5b:7c:32:ea:38:65:ed:6b:36:f5:fc:63:
                    8e:46:f1:58:90:6a:b2:f5:57:a3:e6:81:22:ec:97:
                    39:62:d8:0c:0b:72:0d:b7:46:55:7a:4d:53:a5:48:
                    07:71:2d:28:ef:15:52:e3:e8:39:cf:c5:d3:f2:73:
                    96:44:5a:10:71:51:64:58:6b:a8:4d:df:b4:c0:2e:
                    b4:a6:3d:1c:2f:7a:50:2a:8e:d7:1f:7a:cf:e2:07:
                    5c:11:ad:ed:8f:1e:3a:0b:42:75:d5:76:46:0c:65:
                    41:3b:57:95:97:57:1b:c9:30:05:8a:3e:88:d7:58:
                    e9:5b:c6:0f:b4:17:ea:1e:04:9c:85:16:53:44:56:
                    6d:e4:06:02:5d:d0:e9:09:78:3c:0f:37:13:1e:4f:
                    a6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:35:9B:37:55:64:AA:3A:83:AD:DE:38:BA:16:3E:CE:ED:D1:43:3A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34332e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:d4:b0:71:95:f2:2d:0e:87:8a:fb:e8:cd:1e:87:cc:4c:71:
         f7:90:47:ca:49:d2:be:ac:65:8e:31:3a:c7:fb:3a:9a:fa:44:
         e0:f9:58:22:c2:e1:53:26:48:9b:bc:b1:81:48:c0:f5:d5:c1:
         5c:03:91:76:8a:70:03:72:1f:1d:b5:99:6b:6a:4c:bd:c9:35:
         8e:ea:ae:3c:52:13:80:65:fb:3c:b2:d9:75:52:9d:88:b7:71:
         71:5a:1e:c6:11:b4:c4:81:fc:85:75:3f:ee:5c:c6:77:ab:dd:
         95:ad:62:e8:44:74:08:38:04:cf:c5:7e:cc:c4:49:b9:fc:c5:
         6d:9e:ba:44:a9:0d:2e:4d:59:88:3a:e2:64:04:92:dc:7e:08:
         2e:8a:59:63:ae:3a:05:2c:49:32:81:bd:cf:04:73:62:65:e6:
         70:30:be:f7:86:16:fc:bb:f8:61:b7:b3:8a:8c:e3:4e:e5:9d:
         4c:d0:c5:60:b8:d0:b9:a0:bf:a3:34:f7:e4:09:2f:a2:b7:33:
         8a:1c:10:12:0e:3d:a0:fe:a2:d6:6f:73:8b:81:6c:70:82:d4:
         3c:fb:93:70:14:96:39:c3:b6:a6:08:e2:c7:4a:53:da:9e:57:
         2b:ce:33:cf:9c:db:32:b8:e4:28:7d:17:79:26:e4:a9:b9:20:
         20:f5:57:0c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULrK/qcXk46TgMNXxT9TpeuC3JA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDRaFw0yNTAyMjQwODUzMDRaMDMxMTAvBgNV
BAMTKEMzMzU5QjM3NTU2NEFBM0E4M0FEREUzOEJBMTYzRUNFRUREMTQzM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC3R7zTXYZhfO0OeBssrnULNIE
1lz2cWeg2sFzguLiCN1UfK8MGwp8Sc6W+QNouQQ0SG6rqd0+GSy5gUS+rFMBDqPO
HYQ4pgvKJ1FGwMr0EpbEeGR29FpSGla7d3aOkSRmKlhq+aMxMQcMmVt8Muo4Ze1r
NvX8Y45G8ViQarL1V6PmgSLslzli2AwLcg23RlV6TVOlSAdxLSjvFVLj6DnPxdPy
c5ZEWhBxUWRYa6hN37TALrSmPRwvelAqjtcfes/iB1wRre2PHjoLQnXVdkYMZUE7
V5WXVxvJMAWKPojXWOlbxg+0F+oeBJyFFlNEVm3kBgJd0OkJeDwPNxMeT6ZbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwzWbN1VkqjqDrd44uhY+zu3RQzowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB/c
KzANBgkqhkiG9w0BAQsFAAOCAQEAb9SwcZXyLQ6HivvozR6HzExx95BHyknSvqxl
jjE6x/s6mvpE4PlYIsLhUyZIm7yxgUjA9dXBXAORdopwA3IfHbWZa2pMvck1juqu
PFITgGX7PLLZdVKdiLdxcVoexhG0xIH8hXU/7lzGd6vdla1i6ER0CDgEz8V+zMRJ
ufzFbZ66RKkNLk1ZiDriZASS3H4ILopZY646BSxJMoG9zwRzYmXmcDC+94YW/Lv4
YbeziozjTuWdTNDFYLjQuaC/ozT35AkvorczihwQEg49oP6i1m9zi4FscILUPPuT
cBSWOcO2pgjix0pT2p5XK84zz5zbMrjkKH0XeSbkqbkgIPVXDA==
-----END CERTIFICATE-----