Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e39362e302f32312d3332203d3e203430303231.roa
File:                     33312e3232302e39362e302f32312d3332203d3e203430303231.roa (raw, json)
Hash identifier:          dZ1q9fQx54f0we1mLVVqdzgGggYOhaWQunC0YCWuiZw=
Subject key identifier:   26:8D:F2:BC:9F:8A:33:5E:A5:F8:FB:D8:95:75:D2:65:ED:D2:47:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       11929C4AC560D9D60974E3B64D3FD6A3637780BC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e39362e302f32312d3332203d3e203430303231.roa
Signing time:             Mon 26 Feb 2024 08:53:32 +0000
ROA not before:           Mon 26 Feb 2024 08:48:32 +0000
ROA not after:            Mon 24 Feb 2025 08:53:32 +0000
asID:                     40021
IP address blocks:        31.220.96.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:92:9c:4a:c5:60:d9:d6:09:74:e3:b6:4d:3f:d6:a3:63:77:80:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:32 2024 GMT
            Not After : Feb 24 08:53:32 2025 GMT
        Subject: CN=268DF2BC9F8A335EA5F8FBD89575D265EDD247BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:6d:af:5b:45:36:11:c9:bb:8a:02:13:c0:76:
                    d0:95:74:10:38:35:a8:b0:e9:f4:e9:69:82:1b:0e:
                    02:1b:ce:7c:a9:f4:a4:7c:43:2c:7d:bf:c0:bf:ac:
                    35:96:be:22:c9:a7:76:88:f1:38:13:b7:25:1f:57:
                    24:f8:06:73:a0:4f:67:cc:07:19:51:9c:9b:dd:e5:
                    bd:77:c4:88:31:a0:6b:e7:9e:ae:21:86:5e:d6:41:
                    06:95:75:ee:2b:b0:74:fb:34:f0:13:e3:05:00:d9:
                    07:d1:8d:05:4d:74:5f:81:9a:72:39:1a:3b:b6:3b:
                    25:06:e6:7d:7c:bd:f7:62:a0:64:f8:99:1e:39:94:
                    6d:69:65:82:be:45:71:58:73:be:28:12:a1:78:67:
                    98:19:7a:4c:00:5a:d7:1c:ba:1e:20:69:a8:0d:a1:
                    ce:43:74:6b:d8:3b:8b:6e:71:09:d6:08:65:f6:86:
                    b9:f8:ac:54:6c:be:3d:27:a5:01:67:b9:b4:e8:eb:
                    e6:05:e9:12:5f:46:37:31:c3:af:7d:e9:53:d1:f5:
                    06:f1:a0:ce:74:6a:61:c1:c5:b3:a8:6d:24:1f:45:
                    26:0e:dc:2e:8a:cd:d1:67:e5:43:3e:b9:1d:f4:37:
                    24:a4:8f:0f:4a:d9:76:e6:ce:4e:04:19:d1:a0:b2:
                    2b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:8D:F2:BC:9F:8A:33:5E:A5:F8:FB:D8:95:75:D2:65:ED:D2:47:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e39362e302f32312d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         31:48:85:82:d0:14:38:a9:20:d8:70:ae:4e:40:8d:b8:21:3c:
         9a:6a:4c:2a:1f:5d:30:34:2a:d9:0a:e7:37:4d:a4:ee:ae:72:
         21:23:fb:36:ed:e5:a2:a2:68:74:6d:13:c2:69:63:d6:49:e9:
         3d:23:30:27:4e:40:54:d1:05:2b:b7:f2:c7:e8:eb:89:cf:8b:
         d5:a7:7e:53:cb:59:7d:b9:62:39:19:cb:9a:55:e0:56:fd:9f:
         f9:ae:49:3b:17:3f:7a:fa:fd:0e:e0:a5:21:fc:00:a1:82:64:
         b9:50:d4:ba:a3:22:b6:c4:eb:9b:d7:98:81:96:0a:34:ba:67:
         d4:ab:2d:a3:19:c2:fe:8e:b0:c8:44:55:4d:5c:de:6d:59:bd:
         57:03:73:f5:07:99:54:c5:06:a6:c1:d1:b5:c6:ee:56:f1:6f:
         4f:0e:c3:0f:fb:03:15:ac:9c:36:f8:2f:28:d3:62:18:0e:65:
         a6:53:d5:a7:1c:88:76:08:df:35:8e:5c:61:5c:bb:4b:0b:6a:
         26:3c:ee:62:de:05:d5:ef:9e:af:63:0d:94:cc:f7:ee:f5:e9:
         89:d5:85:94:52:aa:0c:00:26:ee:c6:f0:d3:91:4d:93:0f:e1:
         07:c1:ba:d4:23:14:39:1a:0a:76:1e:2e:23:3b:ce:21:50:4f:
         80:b8:0b:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEZKcSsVg2dYJdOO2TT/Wo2N3gLwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MzJaFw0yNTAyMjQwODUzMzJaMDMxMTAvBgNV
BAMTKDI2OERGMkJDOUY4QTMzNUVBNUY4RkJEODk1NzVEMjY1RUREMjQ3QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUba9bRTYRybuKAhPAdtCVdBA4
Naiw6fTpaYIbDgIbznyp9KR8Qyx9v8C/rDWWviLJp3aI8TgTtyUfVyT4BnOgT2fM
BxlRnJvd5b13xIgxoGvnnq4hhl7WQQaVde4rsHT7NPAT4wUA2QfRjQVNdF+BmnI5
Gju2OyUG5n18vfdioGT4mR45lG1pZYK+RXFYc74oEqF4Z5gZekwAWtccuh4gaagN
oc5DdGvYO4tucQnWCGX2hrn4rFRsvj0npQFnubTo6+YF6RJfRjcxw6996VPR9Qbx
oM50amHBxbOobSQfRSYO3C6KzdFn5UM+uR30NySkjw9K2Xbmzk4EGdGgsispAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJo3yvJ+KM16l+PvYlXXSZe3SR7owHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzOTM2
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAx/c
YDANBgkqhkiG9w0BAQsFAAOCAQEAMUiFgtAUOKkg2HCuTkCNuCE8mmpMKh9dMDQq
2QrnN02k7q5yISP7Nu3loqJodG0Twmlj1knpPSMwJ05AVNEFK7fyx+jric+L1ad+
U8tZfbliORnLmlXgVv2f+a5JOxc/evr9DuClIfwAoYJkuVDUuqMitsTrm9eYgZYK
NLpn1KstoxnC/o6wyERVTVzebVm9VwNz9QeZVMUGpsHRtcbuVvFvTw7DD/sDFayc
NvgvKNNiGA5lplPVpxyIdgjfNY5cYVy7SwtqJjzuYt4F1e+er2MNlMz37vXpidWF
lFKqDAAm7sbw05FNkw/hB8G61CMUORoKdh4uIzvOIVBPgLgL+A==
-----END CERTIFICATE-----