Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e37322e302f32312d3332203d3e203531313637.roa
File:                     33312e3232302e37322e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          tcqoZLwmTd19NrlBTwsQATHDsa6HOfp6ZJyyWCtOZ3s=
Subject key identifier:   52:9C:7A:81:AD:78:E8:8F:4E:7C:E9:41:F4:C2:67:62:E7:B5:05:1A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       672067CFE55956F8CC66573464F3ABAFC30DE2C1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e37322e302f32312d3332203d3e203531313637.roa
Signing time:             Mon 27 Jan 2025 09:45:02 +0000
ROA not before:           Mon 27 Jan 2025 09:40:02 +0000
ROA not after:            Mon 26 Jan 2026 09:45:02 +0000
asID:                     51167
IP address blocks:        31.220.72.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:20:67:cf:e5:59:56:f8:cc:66:57:34:64:f3:ab:af:c3:0d:e2:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:02 2025 GMT
            Not After : Jan 26 09:45:02 2026 GMT
        Subject: CN=529C7A81AD78E88F4E7CE941F4C26762E7B5051A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ed:b4:09:fb:bb:3d:75:18:60:ca:8a:15:b5:
                    53:69:c9:a9:4a:4e:b6:43:f5:54:1d:e0:c9:04:f5:
                    fd:bc:bd:81:85:2d:08:fa:29:da:31:ee:33:1f:47:
                    30:17:8d:44:b2:84:b3:3f:e8:09:90:26:98:33:b5:
                    d6:d6:71:d9:ed:3d:a8:5c:3c:9c:02:ac:6e:ab:5a:
                    d1:0c:60:0b:39:38:ab:69:eb:53:56:08:8d:aa:ec:
                    c0:9d:6f:72:29:d4:7c:e4:71:df:d3:cf:1e:db:65:
                    7f:64:42:a8:a9:2c:df:27:91:81:42:df:d8:68:c1:
                    d3:16:7e:aa:7a:a5:da:82:f5:c8:64:a1:30:06:27:
                    16:94:9a:b1:3c:70:17:6a:b4:7b:00:c1:73:54:68:
                    9a:ab:d5:1b:b3:5b:9b:db:5e:9e:3a:e9:51:88:50:
                    45:b3:36:a2:89:8b:64:b2:9c:f0:17:d7:84:ac:b6:
                    f9:03:3d:46:ed:b4:8b:17:30:86:d5:d7:37:20:6a:
                    c7:b7:2c:71:88:8a:42:95:17:ff:4c:69:9b:b2:5a:
                    b6:09:7c:a0:5f:71:6e:84:c7:d4:1d:a5:1e:c1:b4:
                    ec:ae:20:98:15:c3:3a:0d:aa:b3:57:69:69:62:30:
                    11:e7:8b:f5:12:ba:b9:bc:1c:3c:cf:3d:23:4a:e1:
                    06:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:9C:7A:81:AD:78:E8:8F:4E:7C:E9:41:F4:C2:67:62:E7:B5:05:1A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e37322e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0f:69:29:33:7e:11:74:fa:a1:16:ee:fc:38:44:ce:50:01:69:
         8f:c5:43:91:f9:e1:d1:e6:b5:57:70:62:00:9d:f1:95:93:e2:
         4c:f9:11:05:06:54:10:b7:1b:68:6b:fa:5f:72:15:ca:88:7f:
         5e:1f:af:1c:a3:10:21:dc:ed:6e:c3:21:63:6b:40:26:ae:b3:
         34:8b:c4:2f:3d:53:e0:b1:27:94:29:e1:ac:73:10:3c:a9:d0:
         20:df:c4:d5:36:c4:cc:68:9d:b7:09:2b:23:91:6f:16:53:4f:
         14:3a:ec:e7:81:be:c6:de:36:60:5b:d5:ce:94:d2:1d:47:06:
         b1:3a:23:28:1f:51:29:66:6e:58:bf:7b:85:06:4a:a6:a5:75:
         eb:16:90:9e:49:c3:13:b6:bc:ba:d6:82:f2:73:e3:55:58:79:
         77:56:a1:97:2b:07:42:82:ec:9f:e0:6c:da:22:28:c7:af:c7:
         73:10:74:d6:c0:19:df:a3:fb:6e:40:23:2c:2c:45:0d:04:da:
         00:4a:9a:ab:eb:05:4b:7a:da:80:4a:8b:9d:ec:62:a1:96:06:
         90:b9:f4:d9:a0:03:38:59:0b:cf:0d:0b:90:18:f0:4f:8b:fe:
         0b:dc:f0:45:3c:98:d7:18:b0:4b:1f:7c:d0:4a:fc:29:13:3f:
         9b:54:2a:19
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZyBnz+VZVvjMZlc0ZPOrr8MN4sEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMDJaFw0yNjAxMjYwOTQ1MDJaMDMxMTAvBgNV
BAMTKDUyOUM3QTgxQUQ3OEU4OEY0RTdDRTk0MUY0QzI2NzYyRTdCNTA1MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj7bQJ+7s9dRhgyooVtVNpyalK
TrZD9VQd4MkE9f28vYGFLQj6Kdox7jMfRzAXjUSyhLM/6AmQJpgztdbWcdntPahc
PJwCrG6rWtEMYAs5OKtp61NWCI2q7MCdb3Ip1Hzkcd/Tzx7bZX9kQqipLN8nkYFC
39howdMWfqp6pdqC9chkoTAGJxaUmrE8cBdqtHsAwXNUaJqr1RuzW5vbXp466VGI
UEWzNqKJi2SynPAX14SstvkDPUbttIsXMIbV1zcgase3LHGIikKVF/9MaZuyWrYJ
fKBfcW6Ex9QdpR7BtOyuIJgVwzoNqrNXaWliMBHni/USurm8HDzPPSNK4QZFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUpx6ga146I9OfOlB9MJnYue1BRowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNzMy
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAx/c
SDANBgkqhkiG9w0BAQsFAAOCAQEAD2kpM34RdPqhFu78OETOUAFpj8VDkfnh0ea1
V3BiAJ3xlZPiTPkRBQZUELcbaGv6X3IVyoh/Xh+vHKMQIdztbsMhY2tAJq6zNIvE
Lz1T4LEnlCnhrHMQPKnQIN/E1TbEzGidtwkrI5FvFlNPFDrs54G+xt42YFvVzpTS
HUcGsTojKB9RKWZuWL97hQZKpqV16xaQnknDE7a8utaC8nPjVVh5d1ahlysHQoLs
n+Bs2iIox6/HcxB01sAZ36P7bkAjLCxFDQTaAEqaq+sFS3ragEqLnexioZYGkLn0
2aADOFkLzw0LkBjwT4v+C9zwRTyY1xiwSx980Er8KRM/m1QqGQ==
-----END CERTIFICATE-----