Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa
File:                     33312e3232302e372e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          jaGBaLJzj5nqyEt6oeVoSQae5QNqQGGDbFg+7I37rbI=
Subject key identifier:   93:05:4E:72:D0:13:52:CB:56:56:03:04:17:FA:3C:9A:0A:C6:39:DE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7B97491512D158E5081B74FEB6DDFC9077FB32BF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa
Signing time:             Sun 22 Jun 2025 08:46:42 +0000
ROA not before:           Sun 22 Jun 2025 08:41:42 +0000
ROA not after:            Sun 21 Jun 2026 08:46:42 +0000
asID:                     63473
IP address blocks:        31.220.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:97:49:15:12:d1:58:e5:08:1b:74:fe:b6:dd:fc:90:77:fb:32:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 22 08:41:42 2025 GMT
            Not After : Jun 21 08:46:42 2026 GMT
        Subject: CN=93054E72D01352CB5656030417FA3C9A0AC639DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c6:78:b5:d7:3b:ec:27:9d:9b:ee:e4:b8:ed:
                    d4:4b:8b:7e:90:0f:04:f1:f4:ba:2b:48:c5:b5:75:
                    de:af:95:39:a9:fe:df:3d:1b:2a:e2:e1:fc:c6:f4:
                    08:91:1a:91:70:64:b9:26:05:a1:12:ca:ea:45:05:
                    e7:2e:7a:b7:24:19:dc:63:54:a6:2a:7b:1d:e2:d9:
                    9b:c9:38:a8:5d:44:80:08:12:1b:42:26:ab:88:70:
                    66:8a:30:56:5c:6f:ca:f8:a3:ee:f7:e0:00:57:f7:
                    61:71:18:6c:21:37:7a:2e:a2:55:c7:30:f7:6c:ca:
                    e1:67:3d:ba:f1:64:df:3d:f8:3c:4e:42:40:1e:cb:
                    74:4a:75:33:71:4f:33:9f:cb:08:c2:93:9c:e5:4b:
                    9d:d1:c0:12:ba:e7:05:32:1d:d1:4e:d0:2b:f5:77:
                    b5:4d:6c:28:bb:45:30:d6:1b:1b:6a:52:bc:aa:74:
                    1e:46:2c:c0:80:f0:6a:5b:97:f1:ef:70:53:f9:bd:
                    d4:98:1e:e5:d5:e1:cf:b0:df:31:a5:c9:d9:87:fe:
                    bd:ad:ed:49:68:b0:4e:44:34:75:78:e9:9f:7e:c6:
                    ec:01:ba:4d:ed:20:3c:ce:cb:e2:52:77:20:4f:95:
                    73:a6:50:ca:78:7a:03:c9:ca:dd:7f:89:13:c0:17:
                    dc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:05:4E:72:D0:13:52:CB:56:56:03:04:17:FA:3C:9A:0A:C6:39:DE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e372e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:9c:f9:0c:60:18:3e:e0:2f:ef:82:4b:c1:59:45:d8:71:69:
         2d:c3:64:94:65:d4:4e:d2:c1:fd:49:38:31:c0:68:99:56:6e:
         8e:0c:6b:10:6c:32:52:76:3d:29:b3:79:65:89:38:14:42:51:
         98:3f:f5:72:e9:f8:8a:59:3b:3c:d1:e6:e7:8d:b4:0c:7c:60:
         5b:b5:cb:62:5b:db:5a:4b:4f:39:17:c4:c4:99:36:e9:28:de:
         c5:d7:c2:e6:a9:fe:eb:6d:a2:2e:c6:04:10:1b:da:24:25:3c:
         ee:19:ed:34:ed:ba:d1:f4:ce:24:96:94:ee:8b:0f:03:b2:6b:
         13:31:2f:c6:5a:8f:f7:63:9d:10:1c:f8:68:64:62:00:59:db:
         4c:b2:35:67:1e:99:25:d4:60:d3:7a:86:bb:72:55:9d:61:07:
         05:3c:85:c0:95:81:bf:db:f9:6b:59:d2:41:fc:7a:d4:43:87:
         21:71:23:24:ed:0c:0d:1d:7f:56:72:c6:87:c1:65:cd:c1:ef:
         3d:71:fe:07:18:e1:26:f4:dc:18:a0:8f:c6:90:bb:a1:c9:70:
         07:c4:48:3b:aa:b5:06:67:26:21:1a:20:86:0f:17:e5:75:3f:
         b6:3c:7c:e9:77:6a:18:2a:03:5f:2d:b7:d4:2f:b8:f2:3f:1b:
         f2:1b:ed:23
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUe5dJFRLRWOUIG3T+tt38kHf7Mr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA2MjIwODQxNDJaFw0yNjA2MjEwODQ2NDJaMDMxMTAvBgNV
BAMTKDkzMDU0RTcyRDAxMzUyQ0I1NjU2MDMwNDE3RkEzQzlBMEFDNjM5REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2xni11zvsJ52b7uS47dRLi36Q
DwTx9LorSMW1dd6vlTmp/t89Gyri4fzG9AiRGpFwZLkmBaESyupFBecuerckGdxj
VKYqex3i2ZvJOKhdRIAIEhtCJquIcGaKMFZcb8r4o+734ABX92FxGGwhN3ouolXH
MPdsyuFnPbrxZN89+DxOQkAey3RKdTNxTzOfywjCk5zlS53RwBK65wUyHdFO0Cv1
d7VNbCi7RTDWGxtqUryqdB5GLMCA8Gpbl/HvcFP5vdSYHuXV4c+w3zGlydmH/r2t
7UlosE5ENHV46Z9+xuwBuk3tIDzOy+JSdyBPlXOmUMp4egPJyt1/iRPAF9yLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUkwVOctATUstWVgMEF/o8mgrGOd4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAf3Acw
DQYJKoZIhvcNAQELBQADggEBAJGc+QxgGD7gL++CS8FZRdhxaS3DZJRl1E7Swf1J
ODHAaJlWbo4MaxBsMlJ2PSmzeWWJOBRCUZg/9XLp+IpZOzzR5ueNtAx8YFu1y2Jb
21pLTzkXxMSZNuko3sXXwuap/uttoi7GBBAb2iQlPO4Z7TTtutH0ziSWlO6LDwOy
axMxL8Zaj/djnRAc+GhkYgBZ20yyNWcemSXUYNN6hrtyVZ1hBwU8hcCVgb/b+WtZ
0kH8etRDhyFxIyTtDA0df1ZyxofBZc3B7z1x/gcY4Sb03Bigj8aQu6HJcAfESDuq
tQZnJiEaIIYPF+V1P7Y8fOl3ahgqA18tt9QvuPI/G/Ib7SM=
-----END CERTIFICATE-----