Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33362e302f32342d3234203d3e20383334.roa
File:                     33312e362e33362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          cVvxo72Zk4WglhDCDJ4hCJFsDvSlgVaprJHDKmqABc0=
Subject key identifier:   75:05:4E:6A:B3:1E:38:A2:E6:EA:73:C1:AF:46:39:34:B1:9F:CB:1F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       40FDA15EDB684C8422D2A5D67CFEFD2E0C4A6FEB
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33362e302f32342d3234203d3e20383334.roa
Signing time:             Fri 03 May 2024 00:00:33 +0000
ROA not before:           Thu 02 May 2024 23:55:33 +0000
ROA not after:            Fri 02 May 2025 00:00:33 +0000
asID:                     834
IP address blocks:        31.6.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:fd:a1:5e:db:68:4c:84:22:d2:a5:d6:7c:fe:fd:2e:0c:4a:6f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May  2 23:55:33 2024 GMT
            Not After : May  2 00:00:33 2025 GMT
        Subject: CN=75054E6AB31E38A2E6EA73C1AF463934B19FCB1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:59:cb:94:11:60:b4:a0:d3:6d:8c:84:e8:de:
                    3a:99:da:ff:7d:08:f4:4b:29:64:70:a9:49:5e:5c:
                    81:10:fa:26:3e:22:6d:14:99:ab:dd:4d:e2:8e:62:
                    2c:2d:95:eb:48:f4:b2:18:9d:71:b7:45:be:89:a7:
                    57:38:9d:70:aa:ea:81:e5:cd:ce:b8:c5:c5:35:96:
                    a4:70:1e:de:6d:24:4e:03:50:ce:fb:fc:cd:cb:40:
                    b1:5a:5a:72:69:08:64:91:ea:6e:26:b1:c4:b8:27:
                    7a:09:f3:d1:e7:e4:67:a0:5f:7d:a4:36:36:aa:e0:
                    e2:4c:51:43:9d:b9:6d:8c:94:01:2d:0f:db:ea:f5:
                    6f:ed:38:31:b6:84:ee:97:f9:d2:6a:8e:17:32:15:
                    a9:20:80:1f:a0:81:3a:ff:9c:f0:45:3e:6b:6d:aa:
                    71:ce:b5:9d:6a:03:be:6a:8a:d4:c6:7c:dd:67:c1:
                    10:e6:2f:00:77:ff:6e:44:dd:9e:73:ad:fa:24:93:
                    b5:bc:a6:4e:14:7b:9f:7f:72:dc:b5:0c:6b:1a:a5:
                    ed:ad:8d:f5:87:12:ae:9d:32:40:c1:74:90:fd:cc:
                    47:43:61:98:69:ea:20:d1:ff:a7:23:2c:45:02:f4:
                    cf:c6:1d:5b:6f:15:1b:0c:c1:65:5d:00:22:11:c8:
                    87:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:05:4E:6A:B3:1E:38:A2:E6:EA:73:C1:AF:46:39:34:B1:9F:CB:1F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:e7:97:f8:3c:ad:e1:28:da:96:8c:ac:cc:46:17:d6:37:b5:
         e4:f8:ac:fe:27:6c:3e:26:ff:bd:d2:b6:37:76:8e:d1:76:64:
         c6:b5:7b:f7:37:c4:4b:30:b5:6c:7a:d0:a6:35:30:87:24:7b:
         42:59:a4:15:fc:03:e8:1b:4c:44:9d:8d:bd:6a:bc:9d:cc:6f:
         d7:e3:35:9b:9e:80:32:3b:4f:0a:4f:3b:95:8c:35:3c:13:68:
         6d:57:17:dc:7d:e7:9b:14:73:07:19:3d:75:94:3d:a1:88:76:
         4a:dc:b4:e0:d9:87:30:e9:b7:fd:b7:45:88:59:21:12:90:b9:
         e3:bb:23:0c:46:ad:a3:a7:87:f8:2c:15:6b:f2:e1:b3:79:90:
         2c:f4:c0:c5:38:c7:b0:aa:67:2f:20:5d:b2:c9:6a:71:5f:28:
         b6:8c:f0:0a:82:d6:fd:e0:fc:28:3b:4f:e0:37:91:33:d6:fa:
         55:dc:46:b5:77:a6:b0:3c:63:eb:bd:81:a3:7f:41:3f:e0:26:
         b0:1e:4b:25:e8:cd:45:7b:1e:a4:47:68:20:75:5a:8e:fd:1a:
         e4:f2:17:cf:2e:1d:de:43:be:86:3d:46:98:69:b9:79:4f:5d:
         0e:a8:b6:bd:34:3b:30:60:ed:71:ed:38:08:e9:16:63:ec:e5:
         43:ac:41:56
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUQP2hXttoTIQi0qXWfP79LgxKb+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA1MDIyMzU1MzNaFw0yNTA1MDIwMDAwMzNaMDMxMTAvBgNV
BAMTKDc1MDU0RTZBQjMxRTM4QTJFNkVBNzNDMUFGNDYzOTM0QjE5RkNCMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgWcuUEWC0oNNtjITo3jqZ2v99
CPRLKWRwqUleXIEQ+iY+Im0UmavdTeKOYiwtletI9LIYnXG3Rb6Jp1c4nXCq6oHl
zc64xcU1lqRwHt5tJE4DUM77/M3LQLFaWnJpCGSR6m4mscS4J3oJ89Hn5GegX32k
Njaq4OJMUUOduW2MlAEtD9vq9W/tODG2hO6X+dJqjhcyFakggB+ggTr/nPBFPmtt
qnHOtZ1qA75qitTGfN1nwRDmLwB3/25E3Z5zrfokk7W8pk4Ue59/cty1DGsape2t
jfWHEq6dMkDBdJD9zEdDYZhp6iDR/6cjLEUC9M/GHVtvFRsMwWVdACIRyIcDAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUdQVOarMeOKLm6nPBr0Y5NLGfyx8wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBiQwDQYJKoZI
hvcNAQELBQADggEBAGvnl/g8reEo2paMrMxGF9Y3teT4rP4nbD4m/73Stjd2jtF2
ZMa1e/c3xEswtWx60KY1MIcke0JZpBX8A+gbTESdjb1qvJ3Mb9fjNZuegDI7TwpP
O5WMNTwTaG1XF9x955sUcwcZPXWUPaGIdkrctODZhzDpt/23RYhZIRKQueO7IwxG
raOnh/gsFWvy4bN5kCz0wMU4x7CqZy8gXbLJanFfKLaM8AqC1v3g/Cg7T+A3kTPW
+lXcRrV3prA8Y+u9gaN/QT/gJrAeSyXozUV7HqRHaCB1Wo79GuTyF88uHd5DvoY9
RphpuXlPXQ6otr00OzBg7XHtOAjpFmPs5UOsQVY=
-----END CERTIFICATE-----