Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33302e302f32342d3234203d3e203232333633.roa
File:                     33312e362e33302e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          4WEpjG8mG1GN5eraOzV4g22d+amDJRitKZxKVifec2M=
Subject key identifier:   B2:6E:2A:20:2B:04:75:64:EA:73:2B:DC:C2:F2:10:B1:22:08:83:CE
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       1734022038150AAB9FD1DA10AFCC8E69DB5B3046
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33302e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:19 +0000
ROA not before:           Mon 02 Oct 2023 05:17:19 +0000
ROA not after:            Mon 30 Sep 2024 05:22:19 +0000
asID:                     22363
IP address blocks:        31.6.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:34:02:20:38:15:0a:ab:9f:d1:da:10:af:cc:8e:69:db:5b:30:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:19 2023 GMT
            Not After : Sep 30 05:22:19 2024 GMT
        Subject: CN=B26E2A202B047564EA732BDCC2F210B1220883CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a7:c8:18:3a:d4:aa:cb:5a:fe:c8:bc:a4:80:
                    ca:a9:b4:fc:ee:2c:4d:fd:04:80:e9:f6:91:9f:1c:
                    e0:93:e6:1a:d3:2d:26:d8:71:00:34:be:d6:5a:c4:
                    68:7c:04:2f:43:53:df:67:c4:64:70:b3:e4:60:d1:
                    fa:eb:49:07:2a:4d:ce:df:88:4d:2d:b8:e3:13:4e:
                    e8:f7:17:99:a0:de:d6:45:0d:5c:3d:07:1e:69:60:
                    6c:3e:b1:af:83:95:ec:c5:2b:92:bb:c1:32:28:d4:
                    b9:4f:46:26:47:03:24:ed:e0:40:6b:5b:ca:7f:6c:
                    24:69:94:86:21:f4:9e:c8:5b:9e:84:26:95:9d:dd:
                    6e:43:3b:1c:f3:b0:3b:73:8d:a4:fb:87:97:4e:f2:
                    56:30:47:44:96:59:4f:4f:94:5f:a2:b8:7c:1b:57:
                    d3:0b:05:80:ea:74:ff:a8:da:d6:5f:ef:d6:7d:10:
                    19:8c:4d:42:b0:17:07:e3:39:6c:29:f9:e6:d4:4a:
                    20:28:0f:27:49:5d:e7:73:6b:02:2b:e9:89:bd:57:
                    f6:26:50:8c:33:62:23:84:32:49:7b:99:16:ed:19:
                    b2:0a:c4:62:6c:9a:a4:4e:c7:b3:7d:99:5b:3d:fd:
                    76:e8:92:f4:f3:97:67:09:38:1f:40:dd:c7:c7:e0:
                    c3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:6E:2A:20:2B:04:75:64:EA:73:2B:DC:C2:F2:10:B1:22:08:83:CE
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33302e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:77:ec:9a:0e:1e:32:9d:35:68:47:dd:1d:02:67:1b:9c:e9:
         d3:e8:d8:a8:c9:7d:99:7a:51:64:b9:4c:d2:bd:1e:f9:07:7c:
         63:73:e8:0f:e1:68:e6:20:94:1d:0f:8d:9c:0b:1c:ee:54:b0:
         6e:c9:51:7d:80:39:01:d7:9c:2d:77:eb:0e:44:3f:fa:a6:89:
         7b:e1:a4:50:36:1e:74:05:44:7a:d1:73:14:12:a1:3a:ca:40:
         ed:55:e1:90:76:8e:b0:17:66:40:53:2a:aa:1a:a2:66:33:37:
         9c:26:22:0e:d6:91:b6:05:d4:02:5e:1a:fc:ab:b3:9b:ab:7a:
         a3:22:0f:f7:90:e4:4d:73:ea:19:fb:83:73:d7:96:4f:7a:53:
         e3:57:9f:03:e4:9b:79:74:79:8f:d9:1c:c6:3c:76:22:a8:89:
         45:44:e6:ed:4c:87:8a:07:da:f1:7d:cf:ab:73:45:a6:4a:1e:
         04:ef:83:ca:3e:d8:4c:8a:4d:ec:cb:84:81:0f:51:13:9d:b4:
         c0:7e:d4:14:94:87:1d:b4:3f:15:96:30:29:65:b4:3f:33:1d:
         a6:e9:09:4e:48:31:cb:2d:62:5c:09:ec:3a:22:60:30:f2:fd:
         98:24:66:27:77:ef:03:11:a1:16:2b:5b:21:b9:49:3f:c1:45:
         45:27:64:23
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUFzQCIDgVCquf0doQr8yOadtbMEYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3MTlaFw0yNDA5MzAwNTIyMTlaMDMxMTAvBgNV
BAMTKEIyNkUyQTIwMkIwNDc1NjRFQTczMkJEQ0MyRjIxMEIxMjIwODgzQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5p8gYOtSqy1r+yLykgMqptPzu
LE39BIDp9pGfHOCT5hrTLSbYcQA0vtZaxGh8BC9DU99nxGRws+Rg0frrSQcqTc7f
iE0tuOMTTuj3F5mg3tZFDVw9Bx5pYGw+sa+DlezFK5K7wTIo1LlPRiZHAyTt4EBr
W8p/bCRplIYh9J7IW56EJpWd3W5DOxzzsDtzjaT7h5dO8lYwR0SWWU9PlF+iuHwb
V9MLBYDqdP+o2tZf79Z9EBmMTUKwFwfjOWwp+ebUSiAoDydJXedzawIr6Ym9V/Ym
UIwzYiOEMkl7mRbtGbIKxGJsmqROx7N9mVs9/XbokvTzl2cJOB9A3cfH4MMZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUsm4qICsEdWTqcyvcwvIQsSIIg84wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYeMA0G
CSqGSIb3DQEBCwUAA4IBAQA+d+yaDh4ynTVoR90dAmcbnOnT6NioyX2ZelFkuUzS
vR75B3xjc+gP4WjmIJQdD42cCxzuVLBuyVF9gDkB15wtd+sORD/6pol74aRQNh50
BUR60XMUEqE6ykDtVeGQdo6wF2ZAUyqqGqJmMzecJiIO1pG2BdQCXhr8q7Obq3qj
Ig/3kORNc+oZ+4Nz15ZPelPjV58D5Jt5dHmP2RzGPHYiqIlFRObtTIeKB9rxfc+r
c0WmSh4E74PKPthMik3sy4SBD1ETnbTAftQUlIcdtD8VljApZbQ/Mx2m6QlOSDHL
LWJcCew6ImAw8v2YJGYnd+8DEaEWK1shuUk/wUVFJ2Qj
-----END CERTIFICATE-----