Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203530363733.roa
File:                     33312e3232302e34342e302f32332d3233203d3e203530363733.roa (raw, json)
Hash identifier:          curZHNHyRUHrN0njMT3SQsGDeo/FFHvlAkmX1aCFJFE=
Subject key identifier:   3C:8F:C7:0F:18:60:54:10:13:6C:5D:DC:52:52:90:82:CD:A1:AF:7C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       27295BCA60CCA96ADB1331EB95CFDA8905461F11
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203530363733.roa
Signing time:             Mon 27 Jan 2025 09:45:22 +0000
ROA not before:           Mon 27 Jan 2025 09:40:22 +0000
ROA not after:            Mon 26 Jan 2026 09:45:22 +0000
asID:                     50673
IP address blocks:        31.220.44.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:29:5b:ca:60:cc:a9:6a:db:13:31:eb:95:cf:da:89:05:46:1f:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:22 2025 GMT
            Not After : Jan 26 09:45:22 2026 GMT
        Subject: CN=3C8FC70F18605410136C5DDC52529082CDA1AF7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f2:ac:34:89:ca:c2:cb:1c:3d:f4:07:c1:1d:
                    03:fc:e6:98:69:05:a2:79:96:90:b0:8c:e8:6e:e4:
                    c6:56:f4:95:57:e6:41:54:a0:4b:34:4c:f2:aa:a0:
                    2f:2f:5a:e5:39:b5:5c:9b:a5:2b:19:04:33:23:5d:
                    2f:be:85:b8:9d:76:2a:c5:03:87:b1:82:80:f6:ec:
                    77:40:d5:30:28:24:c5:71:b8:0b:1f:58:34:a0:9c:
                    9e:5a:fc:7e:20:7d:c6:b8:b4:27:6a:1a:c9:f0:ea:
                    59:3c:9e:06:fa:33:5b:27:eb:fa:7e:a7:74:83:9a:
                    2e:b0:c7:be:78:ca:62:6f:30:bc:a9:ea:91:62:f6:
                    fc:07:d1:40:f0:9b:25:a0:33:2c:47:ae:c9:57:db:
                    73:ab:95:d4:18:8a:b5:dc:3f:38:2e:1b:3a:b7:f0:
                    10:ce:f2:c8:8f:56:de:91:1b:0f:78:69:9c:1e:00:
                    8a:9d:ca:f0:6a:83:20:f5:6c:29:b2:84:fd:7e:50:
                    fd:06:d8:27:86:00:1e:88:34:a6:65:bf:b1:24:a3:
                    9f:b6:69:28:c0:ee:67:41:74:e5:dc:37:ab:7c:71:
                    47:89:4a:6c:ec:0e:fa:77:f5:2b:f9:91:44:cd:e2:
                    5e:ba:2d:eb:83:f5:95:72:53:83:db:c7:8b:e9:ec:
                    c5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:8F:C7:0F:18:60:54:10:13:6C:5D:DC:52:52:90:82:CD:A1:AF:7C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e34342e302f32332d3233203d3e203530363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:3b:25:45:97:ee:ad:16:7b:5e:d3:b7:5e:d8:40:70:8e:45:
         44:db:84:a4:66:df:85:c3:43:2f:d0:05:af:7f:96:98:3b:73:
         3f:04:07:3d:86:04:e6:04:84:e7:6b:6e:79:95:3d:82:04:59:
         60:09:0c:e6:2c:9d:87:0f:dd:e0:a3:d0:5d:59:d9:b9:31:2d:
         4c:bf:1e:6e:04:d3:af:58:7b:56:a1:02:a8:23:e5:26:20:f9:
         fa:16:0f:c3:90:b2:11:46:9b:c5:ea:99:93:0a:bb:b0:a5:2a:
         39:69:35:8b:96:12:f0:9b:fc:b6:c0:2b:ab:78:7d:e2:41:a8:
         fa:9d:e1:e1:ee:0f:4d:28:25:8b:3b:55:b9:b2:57:b1:29:88:
         d3:c4:4a:cb:3f:4a:89:12:21:b3:3b:12:6c:92:e0:4f:b6:26:
         3f:b1:3f:1e:6d:64:67:8b:a5:3a:c9:4a:2c:08:18:cb:37:d2:
         6e:5d:84:54:a6:1e:ff:9a:cc:18:4c:3b:f6:a5:ed:e5:de:71:
         e4:0e:05:5c:62:41:e6:ab:28:bc:aa:5a:5d:6a:db:f4:04:c0:
         fb:69:b8:16:e3:ec:a3:18:0d:89:2f:d6:f2:25:11:47:ab:01:
         5d:16:fb:42:da:e2:38:12:6d:d6:0e:98:bf:d5:19:fe:b0:44:
         27:61:18:62
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJylbymDMqWrbEzHrlc/aiQVGHxEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMjJaFw0yNjAxMjYwOTQ1MjJaMDMxMTAvBgNV
BAMTKDNDOEZDNzBGMTg2MDU0MTAxMzZDNUREQzUyNTI5MDgyQ0RBMUFGN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC8qw0icrCyxw99AfBHQP85php
BaJ5lpCwjOhu5MZW9JVX5kFUoEs0TPKqoC8vWuU5tVybpSsZBDMjXS++hbiddirF
A4exgoD27HdA1TAoJMVxuAsfWDSgnJ5a/H4gfca4tCdqGsnw6lk8ngb6M1sn6/p+
p3SDmi6wx754ymJvMLyp6pFi9vwH0UDwmyWgMyxHrslX23OrldQYirXcPzguGzq3
8BDO8siPVt6RGw94aZweAIqdyvBqgyD1bCmyhP1+UP0G2CeGAB6INKZlv7Eko5+2
aSjA7mdBdOXcN6t8cUeJSmzsDvp39Sv5kUTN4l66LeuD9ZVyU4Pbx4vp7MUDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPI/HDxhgVBATbF3cUlKQgs2hr3wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNDM0
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzUzMDM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAR/c
LDANBgkqhkiG9w0BAQsFAAOCAQEAKDslRZfurRZ7XtO3XthAcI5FRNuEpGbfhcND
L9AFr3+WmDtzPwQHPYYE5gSE52tueZU9ggRZYAkM5iydhw/d4KPQXVnZuTEtTL8e
bgTTr1h7VqECqCPlJiD5+hYPw5CyEUabxeqZkwq7sKUqOWk1i5YS8Jv8tsArq3h9
4kGo+p3h4e4PTSgliztVubJXsSmI08RKyz9KiRIhszsSbJLgT7YmP7E/Hm1kZ4ul
OslKLAgYyzfSbl2EVKYe/5rMGEw79qXt5d5x5A4FXGJB5qsovKpaXWrb9ATA+2m4
FuPsoxgNiS/W8iURR6sBXRb7QtriOBJt1g6Yv9UZ/rBEJ2EYYg==
-----END CERTIFICATE-----