Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e372e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          o8ZRwijea+a2NR/pi/0xk9YxBi05uZxN7vqyddArXMw=
Subject key identifier:   24:CF:B8:28:FE:15:BD:65:83:0B:64:48:FD:91:36:F5:75:7C:66:BD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1AF7719D955B08FD34599ECB3832F80063C08863
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa
Signing time:             Sun 24 May 2026 09:24:30 +0000
ROA not before:           Sun 24 May 2026 09:19:30 +0000
ROA not after:            Sun 23 May 2027 09:24:30 +0000
asID:                     63473
IP address blocks:        31.220.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:f7:71:9d:95:5b:08:fd:34:59:9e:cb:38:32:f8:00:63:c0:88:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 24 09:19:30 2026 GMT
            Not After : May 23 09:24:30 2027 GMT
        Subject: CN=24CFB828FE15BD65830B6448FD9136F5757C66BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:27:74:9c:38:4f:0f:dc:50:d7:72:2e:4b:ff:
                    75:a5:8e:79:7d:bb:35:b9:d4:fa:e6:8f:e0:83:30:
                    32:83:52:ab:4d:e4:0f:45:f1:df:79:6e:7c:ba:64:
                    ed:15:e9:a6:ce:85:7d:59:76:a4:39:a6:8b:31:ef:
                    89:7f:1f:62:82:40:cc:65:cb:e7:23:77:d0:5e:11:
                    bb:1e:c1:bc:e6:aa:d1:4d:f6:c9:78:06:cd:e1:11:
                    77:8e:ee:23:54:5b:a7:f4:3e:e7:5b:53:a2:48:54:
                    82:a8:ea:6c:21:cb:8d:c5:6b:5d:fd:02:3d:7e:41:
                    e3:21:51:c6:64:f5:47:65:01:49:93:2f:c1:44:11:
                    f4:90:3f:96:53:2a:4a:e1:31:27:1b:7f:c3:d1:98:
                    83:d8:da:84:89:30:f4:8e:d9:9e:53:63:96:2b:1b:
                    e8:bb:1b:2f:b2:a2:49:c5:96:a1:b6:97:5a:67:7e:
                    7f:c9:d5:c2:d8:73:37:a1:77:40:ae:33:05:72:47:
                    d0:f6:ff:f1:b3:1c:88:b2:93:e3:8b:92:61:6f:bd:
                    10:af:4f:55:14:42:0e:65:6b:d3:5c:88:5e:69:30:
                    38:62:35:f8:fa:22:5e:a2:18:25:ae:6d:14:51:6b:
                    6f:68:de:bf:7f:9c:e0:a3:83:1f:99:63:55:e1:96:
                    0b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:CF:B8:28:FE:15:BD:65:83:0B:64:48:FD:91:36:F5:75:7C:66:BD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:26:b7:15:7f:90:ce:01:3e:42:f9:07:70:50:0d:77:ba:be:
         5a:df:bf:31:f2:47:51:3b:6f:65:6e:b8:32:30:83:f2:9f:0a:
         89:f6:3c:25:82:fd:36:fc:26:4b:66:7d:14:77:a6:66:31:b3:
         22:cc:d7:8b:9a:9f:0f:6c:a4:bc:32:4a:fa:5d:36:d7:cc:90:
         f8:6a:a7:29:e8:57:3f:7d:af:d1:25:77:38:61:43:e8:be:88:
         9b:77:2c:03:d4:4a:68:b1:f7:90:84:a2:9a:05:43:11:6d:2c:
         31:2f:fb:08:1a:ab:98:e1:99:cd:8d:f5:74:86:c2:0b:4f:9e:
         f8:7e:7f:7f:d4:00:72:ba:c2:55:ff:6f:19:c1:ed:d7:72:24:
         88:ae:dc:d6:5b:cd:ea:06:08:1e:f1:54:0f:d9:0d:a4:82:32:
         97:8c:94:cc:9d:a3:14:fb:dc:aa:22:f3:13:ac:fd:5f:11:17:
         38:ce:c2:93:dc:ee:8e:14:c5:f5:cd:df:f7:e3:85:6b:a7:98:
         b6:f4:d3:28:95:4b:78:e9:25:39:45:50:f3:83:d0:31:c4:c4:
         d4:d2:b0:07:32:19:31:f2:ba:89:a9:54:e2:e8:26:57:06:93:
         f9:d6:b0:a0:bd:45:cb:c9:b6:54:e9:3f:0b:53:af:a8:d5:61:
         a1:8e:6c:0b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGvdxnZVbCP00WZ7LODL4AGPAiGMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjQwOTE5MzBaFw0yNzA1MjMwOTI0MzBaMDMxMTAvBgNV
BAMTKDI0Q0ZCODI4RkUxNUJENjU4MzBCNjQ0OEZEOTEzNkY1NzU3QzY2QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ3ScOE8P3FDXci5L/3Wljnl9
uzW51Prmj+CDMDKDUqtN5A9F8d95bny6ZO0V6abOhX1ZdqQ5posx74l/H2KCQMxl
y+cjd9BeEbsewbzmqtFN9sl4Bs3hEXeO7iNUW6f0PudbU6JIVIKo6mwhy43Fa139
Aj1+QeMhUcZk9UdlAUmTL8FEEfSQP5ZTKkrhMScbf8PRmIPY2oSJMPSO2Z5TY5Yr
G+i7Gy+yoknFlqG2l1pnfn/J1cLYczehd0CuMwVyR9D2//GzHIiyk+OLkmFvvRCv
T1UUQg5la9NciF5pMDhiNfj6Il6iGCWubRRRa29o3r9/nOCjgx+ZY1Xhlgv9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJM+4KP4VvWWDC2RI/ZE29XV8Zr0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAf3Acw
DQYJKoZIhvcNAQELBQADggEBAJUmtxV/kM4BPkL5B3BQDXe6vlrfvzHyR1E7b2Vu
uDIwg/KfCon2PCWC/Tb8JktmfRR3pmYxsyLM14uanw9spLwySvpdNtfMkPhqpyno
Vz99r9EldzhhQ+i+iJt3LAPUSmix95CEopoFQxFtLDEv+wgaq5jhmc2N9XSGwgtP
nvh+f3/UAHK6wlX/bxnB7ddyJIiu3NZbzeoGCB7xVA/ZDaSCMpeMlMydoxT73Koi
8xOs/V8RFzjOwpPc7o4UxfXN3/fjhWunmLb00yiVS3jpJTlFUPOD0DHExNTSsAcy
GTHyuompVOLoJlcGk/nWsKC9RcvJtlTpPwtTr6jVYaGObAs=
-----END CERTIFICATE-----