Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e38382e302f32312d3332203d3e203531313637.roa
File:                     33312e3232302e38382e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          pYS3a+PDzfOfXgGUpEDguHEHV/iXglEbPK/iYH7tJOc=
Subject key identifier:   14:F6:CF:36:C2:E9:2A:83:AB:09:4C:FC:98:10:73:EB:65:6D:46:D0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4346D9D394A9FEBE276D63FFD1AB362CFE911A2B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e38382e302f32312d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:28 +0000
ROA not before:           Mon 26 Feb 2024 08:48:28 +0000
ROA not after:            Mon 24 Feb 2025 08:53:28 +0000
asID:                     51167
IP address blocks:        31.220.88.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:46:d9:d3:94:a9:fe:be:27:6d:63:ff:d1:ab:36:2c:fe:91:1a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:28 2024 GMT
            Not After : Feb 24 08:53:28 2025 GMT
        Subject: CN=14F6CF36C2E92A83AB094CFC981073EB656D46D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b1:d2:b9:58:f6:14:9a:2c:93:e9:ce:56:0f:
                    bc:5f:de:ba:56:60:cd:c5:bf:53:10:98:1a:44:99:
                    1e:a6:78:46:af:eb:06:6e:02:ab:73:8a:39:9d:5f:
                    df:ec:92:95:04:14:8f:d4:ae:30:d6:d4:1b:43:6b:
                    3e:87:e4:19:54:11:76:47:00:9f:6d:f3:81:5a:05:
                    f6:a8:b0:5e:9d:1d:b1:00:4e:12:7d:13:41:a4:5e:
                    44:08:b2:97:49:b6:78:1c:00:55:73:2e:64:17:f8:
                    25:12:05:ad:00:0f:43:07:e3:02:de:ac:53:0c:d3:
                    0b:3a:cc:eb:4f:e3:73:e1:41:9c:e3:54:cc:8e:6c:
                    59:8a:04:de:c4:f3:e0:73:42:71:b0:0d:9a:20:19:
                    e7:39:85:fd:d7:4c:cb:91:0d:01:1f:04:28:ef:f8:
                    22:d3:28:4f:e4:9e:43:8e:d9:0d:86:18:ed:3a:a6:
                    c2:ae:ad:24:a5:c2:cb:99:a3:44:1c:c2:84:9f:6b:
                    e1:a6:4c:f2:49:09:43:36:f4:ab:e6:32:b6:69:90:
                    cf:3b:bd:81:be:05:08:37:02:5b:d0:af:63:e1:fb:
                    17:13:09:b0:e5:16:7a:48:d8:ad:75:5c:25:72:52:
                    57:ce:45:75:3e:15:20:25:28:18:2b:46:7d:d6:84:
                    dd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:F6:CF:36:C2:E9:2A:83:AB:09:4C:FC:98:10:73:EB:65:6D:46:D0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e38382e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2d:be:21:af:dc:b8:3f:aa:e2:00:91:d4:eb:92:73:3a:ab:09:
         8a:1e:66:0d:34:d8:f2:27:b6:d7:48:b2:86:6e:a2:49:5c:7a:
         d0:5a:3f:8f:68:aa:aa:c4:4e:83:74:81:68:b5:cb:3c:6f:f9:
         9c:26:2d:02:23:cd:e9:d1:d2:45:48:75:21:d7:6f:c0:28:92:
         e4:6a:36:90:7b:50:c8:82:af:b9:b4:a5:19:0d:0c:c4:d9:47:
         47:ca:e7:e3:46:4d:7c:42:4c:01:24:4a:c6:b9:0c:bc:69:6e:
         7c:98:f8:be:f9:e5:60:a4:d3:f8:43:60:ac:01:8e:c0:7f:dc:
         e9:26:61:e7:17:5b:a4:bc:48:3d:98:e9:42:70:85:e5:9c:f1:
         a3:15:f7:1f:27:6d:64:b9:b7:52:b8:ac:b4:1a:a9:c9:2f:1f:
         30:79:a9:48:d4:31:d4:e6:ff:55:32:19:c2:35:b3:b1:39:e3:
         9e:32:32:da:29:77:56:17:62:b6:f4:f7:52:a2:d6:95:a2:51:
         c2:1e:7e:aa:6c:a9:8b:29:53:40:35:61:67:2b:c9:37:09:1b:
         bc:4b:d1:2d:72:73:4a:d9:ea:8c:14:c2:16:cf:66:8a:d8:65:
         ec:e3:89:e9:3f:8b:df:db:06:1a:f7:86:d0:3f:a9:3b:54:87:
         bf:36:9c:2d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQ0bZ05Sp/r4nbWP/0as2LP6RGiswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjhaFw0yNTAyMjQwODUzMjhaMDMxMTAvBgNV
BAMTKDE0RjZDRjM2QzJFOTJBODNBQjA5NENGQzk4MTA3M0VCNjU2RDQ2RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7sdK5WPYUmiyT6c5WD7xf3rpW
YM3Fv1MQmBpEmR6meEav6wZuAqtzijmdX9/skpUEFI/UrjDW1BtDaz6H5BlUEXZH
AJ9t84FaBfaosF6dHbEAThJ9E0GkXkQIspdJtngcAFVzLmQX+CUSBa0AD0MH4wLe
rFMM0ws6zOtP43PhQZzjVMyObFmKBN7E8+BzQnGwDZogGec5hf3XTMuRDQEfBCjv
+CLTKE/knkOO2Q2GGO06psKurSSlwsuZo0QcwoSfa+GmTPJJCUM29KvmMrZpkM87
vYG+BQg3AlvQr2Ph+xcTCbDlFnpI2K11XCVyUlfORXU+FSAlKBgrRn3WhN1bAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFPbPNsLpKoOrCUz8mBBz62VtRtAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzODM4
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAx/c
WDANBgkqhkiG9w0BAQsFAAOCAQEALb4hr9y4P6riAJHU65JzOqsJih5mDTTY8ie2
10iyhm6iSVx60Fo/j2iqqsROg3SBaLXLPG/5nCYtAiPN6dHSRUh1IddvwCiS5Go2
kHtQyIKvubSlGQ0MxNlHR8rn40ZNfEJMASRKxrkMvGlufJj4vvnlYKTT+ENgrAGO
wH/c6SZh5xdbpLxIPZjpQnCF5ZzxoxX3HydtZLm3UristBqpyS8fMHmpSNQx1Ob/
VTIZwjWzsTnjnjIy2il3VhditvT3UqLWlaJRwh5+qmypiylTQDVhZyvJNwkbvEvR
LXJzStnqjBTCFs9mithl7OOJ6T+L39sGGveG0D+pO1SHvzacLQ==
-----END CERTIFICATE-----