Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33312e32322e31312e302f32342d3234203d3e20313336373837.roa
File:                     33312e32322e31312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          b+pSt0gJnfSCCP6WMCdVPlRgKE+gC4Fjx4zTm9AjvZI=
Subject key identifier:   AB:80:34:03:72:AB:CF:F8:C3:99:15:89:7C:0C:FA:15:C1:2B:99:BF
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       56321ABDF262D98771983CBB847D8B99A0B0C77A
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33312e32322e31312e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 03 Jun 2025 20:14:38 +0000
ROA not before:           Tue 03 Jun 2025 20:09:38 +0000
ROA not after:            Tue 02 Jun 2026 20:14:38 +0000
asID:                     136787
IP address blocks:        31.22.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:32:1a:bd:f2:62:d9:87:71:98:3c:bb:84:7d:8b:99:a0:b0:c7:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun  3 20:09:38 2025 GMT
            Not After : Jun  2 20:14:38 2026 GMT
        Subject: CN=AB80340372ABCFF8C39915897C0CFA15C12B99BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2b:4b:94:37:b7:70:e1:1d:8a:88:45:ce:7a:
                    e6:1d:4b:ab:61:3a:04:91:1f:36:0c:0c:77:4f:0a:
                    b3:ba:c5:2a:ef:f3:4e:0c:37:56:43:87:80:5e:65:
                    b4:a0:6e:05:6c:56:2d:78:24:b2:9b:fa:04:94:49:
                    cb:bb:3e:ad:ef:77:cb:d6:fc:5a:cd:87:14:d1:6f:
                    87:9a:d8:ab:2d:c9:04:27:2a:4c:03:3e:bc:cd:3e:
                    33:e7:a5:05:5e:d5:4b:bb:ff:87:a7:76:04:2a:0f:
                    d0:3e:09:2d:50:6a:06:0a:f2:9f:0a:dc:a0:2e:b6:
                    cd:69:d1:19:f4:74:09:01:a0:9e:fe:17:44:88:9b:
                    b3:be:73:cc:de:e4:a5:77:79:dc:0d:34:f5:25:05:
                    88:45:4c:f7:11:73:43:2c:8e:92:bd:14:df:e4:86:
                    a1:72:9c:e1:83:cc:bb:74:ca:b2:02:6c:c2:7a:4d:
                    62:34:2d:1e:b8:dc:d1:fa:e1:fd:4c:dd:bb:e4:61:
                    07:c4:2d:b4:50:46:5f:55:8a:ef:d2:e4:3b:f7:c1:
                    2f:32:2f:05:50:c0:eb:8e:07:93:07:4b:61:c2:de:
                    82:a4:2d:49:66:eb:ec:95:b8:b0:72:c0:48:32:8a:
                    ae:f4:84:82:81:57:ea:f0:5a:d0:ad:d5:29:f0:7c:
                    c1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:80:34:03:72:AB:CF:F8:C3:99:15:89:7C:0C:FA:15:C1:2B:99:BF
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33312e32322e31312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a5:15:07:b1:1a:dc:60:4d:66:4a:e1:2e:e8:b0:cc:53:cb:
         b7:e4:b5:a9:f5:83:d6:06:41:77:80:00:b6:c0:4d:3f:25:79:
         f0:53:ba:0d:c7:07:08:96:ad:ad:d0:44:e7:09:1c:a2:fa:24:
         8c:fc:a5:9e:8d:36:7b:20:95:f8:1f:38:e3:99:51:61:ce:39:
         73:d3:0e:3e:1b:fc:86:73:cb:6e:03:2e:be:35:7a:99:53:56:
         de:d6:48:18:04:c5:e4:7a:fd:31:c4:7f:5a:5e:f1:d6:c5:15:
         3b:96:fe:58:e8:5a:5d:af:3f:6a:8d:1b:7a:a1:6c:92:ca:cd:
         6c:ef:1c:c3:1c:6d:2f:c1:6e:81:35:ca:b6:0f:9c:89:f3:58:
         3e:ab:35:44:f1:2f:02:2a:26:45:60:e7:dc:d7:d4:2d:7b:86:
         d5:84:86:fe:91:7c:8a:b0:0d:84:43:b1:31:06:2b:9b:b2:07:
         38:6d:75:38:8f:72:69:e6:62:c9:cf:94:f3:46:47:e0:c6:47:
         4a:80:11:78:ae:b8:95:fe:a1:8e:a7:b4:4a:63:73:95:f4:01:
         66:c9:b0:91:f0:40:40:3c:14:9b:69:ce:ba:04:84:ce:05:13:
         ef:aa:11:73:f5:92:bb:4a:01:bd:39:0c:9e:99:a5:a6:67:75:
         93:e4:36:81
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVjIavfJi2YdxmDy7hH2LmaCwx3owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA2MDMyMDA5MzhaFw0yNjA2MDIyMDE0MzhaMDMxMTAvBgNV
BAMTKEFCODAzNDAzNzJBQkNGRjhDMzk5MTU4OTdDMENGQTE1QzEyQjk5QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJK0uUN7dw4R2KiEXOeuYdS6th
OgSRHzYMDHdPCrO6xSrv804MN1ZDh4BeZbSgbgVsVi14JLKb+gSUScu7Pq3vd8vW
/FrNhxTRb4ea2KstyQQnKkwDPrzNPjPnpQVe1Uu7/4endgQqD9A+CS1QagYK8p8K
3KAuts1p0Rn0dAkBoJ7+F0SIm7O+c8ze5KV3edwNNPUlBYhFTPcRc0MsjpK9FN/k
hqFynOGDzLt0yrICbMJ6TWI0LR643NH64f1M3bvkYQfELbRQRl9Viu/S5Dv3wS8y
LwVQwOuOB5MHS2HC3oKkLUlm6+yVuLBywEgyiq70hIKBV+rwWtCt1SnwfMHVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUq4A0A3Krz/jDmRWJfAz6FcErmb8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzMzMTJlMzIzMjJlMzEzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8W
CzANBgkqhkiG9w0BAQsFAAOCAQEAmKUVB7Ea3GBNZkrhLuiwzFPLt+S1qfWD1gZB
d4AAtsBNPyV58FO6DccHCJatrdBE5wkcovokjPylno02eyCV+B8445lRYc45c9MO
Phv8hnPLbgMuvjV6mVNW3tZIGATF5Hr9McR/Wl7x1sUVO5b+WOhaXa8/ao0beqFs
ksrNbO8cwxxtL8FugTXKtg+cifNYPqs1RPEvAiomRWDn3NfULXuG1YSG/pF8irAN
hEOxMQYrm7IHOG11OI9yaeZiyc+U80ZH4MZHSoAReK64lf6hjqe0SmNzlfQBZsmw
kfBAQDwUm2nOugSEzgUT76oRc/WSu0oBvTkMnpmlpmd1k+Q2gQ==
-----END CERTIFICATE-----