Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31382e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31382e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          2B366iG3pd+dIehlgRe+M91hvza7wrIiKPza3AoaRzI=
Subject key identifier:   9F:F4:0A:13:2A:C0:AF:FB:E5:14:7D:71:4D:4A:4F:D5:A0:8D:2D:12
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       5AA7E0043B40AC84CF02FA46F94921FFED458454
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31382e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:38 +0000
ROA not before:           Mon 02 Oct 2023 05:17:38 +0000
ROA not after:            Mon 30 Sep 2024 05:22:38 +0000
asID:                     22363
IP address blocks:        31.6.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:a7:e0:04:3b:40:ac:84:cf:02:fa:46:f9:49:21:ff:ed:45:84:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:38 2023 GMT
            Not After : Sep 30 05:22:38 2024 GMT
        Subject: CN=9FF40A132AC0AFFBE5147D714D4A4FD5A08D2D12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:65:5d:4d:05:c3:7f:92:7f:ef:9c:71:6d:3d:
                    ae:37:d0:d1:dc:c0:d2:0d:4f:26:3a:a2:40:cd:6c:
                    f7:39:7e:6d:a6:25:aa:c5:9f:ab:80:be:21:b0:ed:
                    2d:e4:e8:cf:ee:77:d2:9a:57:64:a4:8a:7b:de:46:
                    43:ea:ff:64:f5:0e:e6:99:29:e6:84:03:e9:df:df:
                    1b:6d:0d:a2:1a:f0:54:2f:bd:04:7a:f4:86:09:7e:
                    87:25:11:58:a3:43:56:0e:b5:0d:81:a8:c6:ef:30:
                    e1:8e:6f:c3:f9:c0:88:52:5b:8d:01:a0:6c:5e:dd:
                    7c:65:bc:e4:ac:1b:ca:19:c3:03:24:8d:44:ad:b6:
                    d3:7d:62:3e:40:d6:f5:bc:70:90:e5:69:26:da:f7:
                    8b:78:06:60:bc:85:7b:ee:a2:b1:05:38:39:01:df:
                    b0:d0:a1:98:97:62:e5:93:65:d3:e4:60:d3:03:f3:
                    25:3c:9a:fa:98:0f:d1:cd:1c:45:72:2b:b8:ec:fd:
                    35:4f:52:47:b5:95:f8:e9:96:e7:5e:41:6e:75:9c:
                    7b:a0:7f:e8:30:89:1b:4c:db:e4:3c:32:97:4c:64:
                    ce:ca:66:06:6e:67:8f:1a:c8:f1:94:92:75:95:51:
                    2b:9a:04:f8:38:23:02:44:30:a4:9b:95:35:77:bd:
                    f5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F4:0A:13:2A:C0:AF:FB:E5:14:7D:71:4D:4A:4F:D5:A0:8D:2D:12
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31382e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:25:f1:58:81:35:ac:af:ff:b4:76:3a:ab:f8:9a:6a:22:15:
         9d:05:0d:61:92:76:77:64:59:29:b4:9f:78:a8:e5:f6:81:d8:
         34:28:7b:19:09:ac:84:c8:36:2c:f9:d8:4b:10:1b:f7:2d:a7:
         fa:b3:56:09:bd:2b:b0:a4:ae:51:82:16:40:4e:b5:74:1a:c7:
         64:12:bd:ec:9d:8f:8e:c7:72:b7:7e:bc:59:46:c5:dc:fc:d4:
         37:ea:f1:76:8e:a0:23:b7:ba:0c:7e:89:69:01:06:8f:e0:12:
         0a:27:64:68:fc:19:37:53:c4:1a:a0:34:68:f3:5e:b6:02:7d:
         b2:7f:5c:2f:7d:33:50:4d:6f:73:85:de:c7:69:af:ec:39:05:
         76:f5:93:82:0d:f2:60:98:37:3d:b2:e1:c3:84:54:70:73:b9:
         e6:7f:1a:a5:1b:9a:1b:8c:85:69:a7:f6:c6:7d:8f:ee:f0:e3:
         79:93:cd:50:a8:1c:3b:f5:c4:a1:8e:c2:c7:bf:29:cd:f7:04:
         f6:ff:d5:b7:53:cf:89:31:f2:f9:76:8a:36:eb:1d:47:43:d0:
         e5:00:f7:bf:24:e9:f7:66:20:bf:9a:d0:34:10:a6:6a:4b:c6:
         b0:32:68:db:ff:02:60:1c:42:59:aa:d2:bd:e0:31:b2:5a:f2:
         46:d8:70:4f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUWqfgBDtArITPAvpG+Ukh/+1FhFQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3MzhaFw0yNDA5MzAwNTIyMzhaMDMxMTAvBgNV
BAMTKDlGRjQwQTEzMkFDMEFGRkJFNTE0N0Q3MTRENEE0RkQ1QTA4RDJEMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXZV1NBcN/kn/vnHFtPa430NHc
wNINTyY6okDNbPc5fm2mJarFn6uAviGw7S3k6M/ud9KaV2SkinveRkPq/2T1DuaZ
KeaEA+nf3xttDaIa8FQvvQR69IYJfoclEVijQ1YOtQ2BqMbvMOGOb8P5wIhSW40B
oGxe3XxlvOSsG8oZwwMkjUStttN9Yj5A1vW8cJDlaSba94t4BmC8hXvuorEFODkB
37DQoZiXYuWTZdPkYNMD8yU8mvqYD9HNHEVyK7js/TVPUke1lfjpludeQW51nHug
f+gwiRtM2+Q8MpdMZM7KZgZuZ48ayPGUknWVUSuaBPg4IwJEMKSblTV3vfXxAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUn/QKEyrAr/vlFH1xTUpP1aCNLRIwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYSMA0G
CSqGSIb3DQEBCwUAA4IBAQCYJfFYgTWsr/+0djqr+JpqIhWdBQ1hknZ3ZFkptJ94
qOX2gdg0KHsZCayEyDYs+dhLEBv3Laf6s1YJvSuwpK5RghZATrV0GsdkEr3snY+O
x3K3frxZRsXc/NQ36vF2jqAjt7oMfolpAQaP4BIKJ2Ro/Bk3U8QaoDRo8162An2y
f1wvfTNQTW9zhd7Haa/sOQV29ZOCDfJgmDc9suHDhFRwc7nmfxqlG5objIVpp/bG
fY/u8ON5k81QqBw79cShjsLHvynN9wT2/9W3U8+JMfL5doo26x1HQ9DlAPe/JOn3
ZiC/mtA0EKZqS8awMmjb/wJgHEJZqtK94DGyWvJG2HBP
-----END CERTIFICATE-----