Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203432373038.roa
File:                     33312e3232302e34342e302f32332d3233203d3e203432373038.roa (raw, json)
Hash identifier:          9sAQUfVOwM2NV3MyCFyyvKVldVzPQQ2Zxj+wdpN+xIs=
Subject key identifier:   60:2B:90:62:04:A4:C7:A0:CB:9D:F5:2B:2A:79:B8:D8:B1:A9:0C:4D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       45DD8C29BAEBDEDD8A70BD6D22C69A177E3CE132
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203432373038.roa
Signing time:             Mon 26 Feb 2024 08:53:10 +0000
ROA not before:           Mon 26 Feb 2024 08:48:10 +0000
ROA not after:            Mon 24 Feb 2025 08:53:10 +0000
asID:                     42708
IP address blocks:        31.220.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:dd:8c:29:ba:eb:de:dd:8a:70:bd:6d:22:c6:9a:17:7e:3c:e1:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:10 2024 GMT
            Not After : Feb 24 08:53:10 2025 GMT
        Subject: CN=602B906204A4C7A0CB9DF52B2A79B8D8B1A90C4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:cb:47:2a:93:4c:c2:2f:5d:af:a1:59:81:32:
                    71:90:69:b7:f5:60:e6:28:25:31:33:e4:ab:69:9d:
                    2a:76:df:0f:e2:51:6c:ce:8d:19:1b:a5:34:18:e8:
                    fb:a5:93:d8:c3:66:42:b8:8c:e9:e7:70:6b:6d:87:
                    63:dc:19:f0:e1:76:dc:07:84:44:03:a2:d2:9c:f3:
                    29:c7:38:5e:ec:e2:ba:42:b7:21:ba:b2:d9:f4:8a:
                    34:7d:88:aa:7e:56:10:71:10:e6:15:f2:67:68:c5:
                    d9:5b:94:a6:34:f5:9c:bb:96:b5:7d:99:5c:1a:07:
                    73:48:54:06:30:88:d1:fa:6f:6e:c3:3e:5c:ab:9f:
                    d3:a0:f9:f7:a3:c8:64:a0:97:3b:00:4e:80:2b:ef:
                    f3:44:c9:9d:8b:b5:53:eb:f1:59:e5:8b:79:14:10:
                    16:fa:12:28:0f:99:00:c3:c4:3b:41:9a:ad:68:39:
                    5d:31:9d:ea:ee:4b:30:1b:27:2a:2d:54:0a:42:62:
                    3d:7a:2c:e3:bc:ce:64:64:29:ff:7e:05:67:05:2f:
                    16:e1:90:3d:83:44:a6:b6:30:b1:16:64:f6:a4:57:
                    78:22:48:d5:20:cf:fa:01:78:f3:64:a1:cb:81:bd:
                    3b:7c:fa:5a:a5:35:c9:71:b8:cd:da:ca:f5:10:69:
                    84:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:2B:90:62:04:A4:C7:A0:CB:9D:F5:2B:2A:79:B8:D8:B1:A9:0C:4D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203432373038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:4c:be:d4:98:e6:b6:cb:9a:9e:00:6e:47:65:60:84:b3:f1:
         ac:ec:21:93:75:4d:87:bb:f9:a8:7c:10:aa:3e:dd:ab:0d:fb:
         35:b4:c9:75:38:72:e7:33:80:72:78:13:9e:08:1a:56:1d:7d:
         a1:33:c9:8c:7b:f6:e1:4b:77:9f:46:aa:44:de:35:14:3a:b1:
         37:98:03:b8:4b:70:3e:ad:cc:78:3a:89:5f:d0:84:ee:cf:e2:
         7a:fc:1d:7d:2e:ee:ee:78:05:dd:8d:28:a6:48:c9:df:dc:79:
         f1:50:22:d2:ff:36:87:6e:80:e8:3d:a2:f2:d5:38:5c:3d:14:
         f1:35:7c:66:5c:f8:15:45:79:3a:c2:a8:c3:d3:81:c1:c5:0d:
         fb:d0:d1:e1:11:5e:13:79:dc:8f:81:20:86:a8:54:29:5b:b3:
         ce:e4:e4:96:8e:47:8d:75:78:d3:ae:ef:cd:53:9c:1e:17:5a:
         10:b7:09:91:69:ab:4f:ae:f0:c1:38:4a:ea:eb:a9:f4:8e:9d:
         12:1e:19:e9:78:8c:ae:22:a6:4d:e3:1c:06:f0:7a:68:95:91:
         f2:ab:00:0e:ce:82:97:fe:09:2b:d3:c3:41:b2:57:8d:94:66:
         87:55:b9:21:7e:05:cd:99:b9:f6:00:36:da:50:b8:2a:58:36:
         84:9f:a1:31
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURd2MKbrr3t2KcL1tIsaaF3484TIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTBaFw0yNTAyMjQwODUzMTBaMDMxMTAvBgNV
BAMTKDYwMkI5MDYyMDRBNEM3QTBDQjlERjUyQjJBNzlCOEQ4QjFBOTBDNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoy0cqk0zCL12voVmBMnGQabf1
YOYoJTEz5KtpnSp23w/iUWzOjRkbpTQY6Pulk9jDZkK4jOnncGtth2PcGfDhdtwH
hEQDotKc8ynHOF7s4rpCtyG6stn0ijR9iKp+VhBxEOYV8mdoxdlblKY09Zy7lrV9
mVwaB3NIVAYwiNH6b27DPlyrn9Og+fejyGSglzsAToAr7/NEyZ2LtVPr8Vnli3kU
EBb6EigPmQDDxDtBmq1oOV0xneruSzAbJyotVApCYj16LOO8zmRkKf9+BWcFLxbh
kD2DRKa2MLEWZPakV3giSNUgz/oBePNkocuBvTt8+lqlNclxuM3ayvUQaYRXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYCuQYgSkx6DLnfUrKnm42LGpDE0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDM0
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzMjM3MzAzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAR/c
LDANBgkqhkiG9w0BAQsFAAOCAQEAXky+1JjmtsuangBuR2VghLPxrOwhk3VNh7v5
qHwQqj7dqw37NbTJdThy5zOAcngTnggaVh19oTPJjHv24Ut3n0aqRN41FDqxN5gD
uEtwPq3MeDqJX9CE7s/ievwdfS7u7ngF3Y0opkjJ39x58VAi0v82h26A6D2i8tU4
XD0U8TV8Zlz4FUV5OsKow9OBwcUN+9DR4RFeE3ncj4EghqhUKVuzzuTklo5HjXV4
067vzVOcHhdaELcJkWmrT67wwThK6uup9I6dEh4Z6XiMriKmTeMcBvB6aJWR8qsA
Ds6Cl/4JK9PDQbJXjZRmh1W5IX4FzZm59gA22lC4Klg2hJ+hMQ==
-----END CERTIFICATE-----