Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34342e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34342e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          b6Pi7CxQFt2xY3P7ISXuv4A97+RjnWHQ15YDKsX1kH8=
Subject key identifier:   DC:73:6F:54:14:A7:68:6E:F7:37:F4:3D:DC:7F:34:10:EC:B5:00:1F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       28C0428E341D5DEB4158B48AE331B003345A89BA
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34342e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:25 +0000
ROA not before:           Mon 02 Oct 2023 05:17:25 +0000
ROA not after:            Mon 30 Sep 2024 05:22:25 +0000
asID:                     22363
IP address blocks:        31.6.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:c0:42:8e:34:1d:5d:eb:41:58:b4:8a:e3:31:b0:03:34:5a:89:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:25 2023 GMT
            Not After : Sep 30 05:22:25 2024 GMT
        Subject: CN=DC736F5414A7686EF737F43DDC7F3410ECB5001F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:02:d4:0a:fd:f5:a8:dd:37:66:ba:4a:32:72:
                    30:4a:32:8e:e1:d8:0d:cc:62:37:57:19:39:1e:7b:
                    c2:aa:c9:15:03:26:11:af:2a:48:19:76:fd:bc:a4:
                    5a:a5:a2:e3:a1:47:fd:f2:37:aa:83:3a:6f:e3:ed:
                    2d:53:a2:7d:32:dc:e3:6e:67:3e:af:59:0f:8b:32:
                    c1:79:d1:76:ee:c2:1c:fe:ba:fa:5f:93:ab:13:96:
                    5b:7c:86:ec:c8:dc:8b:c2:08:3f:b2:c1:ac:ae:6c:
                    6a:34:3d:35:b0:a1:31:6e:a0:34:c7:6f:92:e8:6f:
                    92:c7:7e:77:02:91:72:92:d8:91:b9:e5:b1:1f:8d:
                    71:e0:f1:dd:e6:9b:39:ba:cc:ee:e5:b6:47:6d:57:
                    60:de:12:23:3d:4a:4d:72:d8:6a:cd:45:ae:8d:27:
                    82:a7:55:77:0a:ec:f1:5e:ee:33:02:f8:bd:5b:c2:
                    65:d5:82:f8:2d:03:45:04:85:75:a9:fe:aa:93:35:
                    fd:87:ac:04:69:94:62:5a:b2:47:51:8c:46:58:6f:
                    61:9c:c9:bf:34:3e:13:a7:b6:80:26:84:99:08:4a:
                    ad:82:6a:f8:43:11:72:62:bb:31:01:77:09:1b:e2:
                    35:6e:df:c4:50:c0:a5:a2:85:5a:57:87:c4:5b:d3:
                    d4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:73:6F:54:14:A7:68:6E:F7:37:F4:3D:DC:7F:34:10:EC:B5:00:1F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34342e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:d7:b6:89:56:2f:79:70:25:a8:7b:d2:b3:76:e2:3b:7e:8c:
         35:ce:c8:74:38:15:5a:7e:4c:48:c6:ba:61:6b:53:fd:42:40:
         d4:30:26:67:e4:53:89:11:06:1b:55:22:d5:c9:1f:48:a6:4b:
         2c:35:48:6d:86:f5:4b:d5:70:52:cf:af:cc:66:46:d9:f7:74:
         d1:bc:4d:f4:a9:80:24:63:1e:4f:e7:8d:05:82:4c:ab:93:8e:
         03:9b:b4:90:44:9a:68:f1:85:9d:a1:10:d4:b1:e3:5b:1b:c4:
         6b:b0:37:d2:67:18:f8:6d:0a:ad:d1:08:91:2d:6d:f9:84:72:
         32:7e:87:98:f7:b4:f1:57:4a:2d:89:d5:7b:b4:28:d2:cb:ed:
         bc:d9:13:31:7f:bd:5f:80:ef:64:df:dd:b8:43:59:f4:be:9c:
         51:5b:f5:7e:d6:c4:3a:41:d0:1b:81:79:17:2f:35:9a:ee:7a:
         5b:af:d2:ec:2d:fc:43:e1:86:66:67:19:76:ad:ca:ce:db:e1:
         b9:2b:6e:4f:27:2b:8c:43:41:c7:35:c3:01:b5:5a:e6:fb:0f:
         11:6c:ab:16:4d:d6:b4:e5:7a:79:6c:8d:8c:6e:94:80:ce:0b:
         4d:67:07:89:eb:e7:2d:21:99:3b:61:d8:fb:f6:64:70:b7:6d:
         e5:1e:50:af
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUKMBCjjQdXetBWLSK4zGwAzRaibowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3MjVaFw0yNDA5MzAwNTIyMjVaMDMxMTAvBgNV
BAMTKERDNzM2RjU0MTRBNzY4NkVGNzM3RjQzRERDN0YzNDEwRUNCNTAwMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4AtQK/fWo3TdmukoycjBKMo7h
2A3MYjdXGTkee8KqyRUDJhGvKkgZdv28pFqlouOhR/3yN6qDOm/j7S1Ton0y3ONu
Zz6vWQ+LMsF50Xbuwhz+uvpfk6sTllt8huzI3IvCCD+ywayubGo0PTWwoTFuoDTH
b5Lob5LHfncCkXKS2JG55bEfjXHg8d3mmzm6zO7ltkdtV2DeEiM9Sk1y2GrNRa6N
J4KnVXcK7PFe7jMC+L1bwmXVgvgtA0UEhXWp/qqTNf2HrARplGJaskdRjEZYb2Gc
yb80PhOntoAmhJkISq2CavhDEXJiuzEBdwkb4jVu38RQwKWihVpXh8Rb09THAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU3HNvVBSnaG73N/Q93H80EOy1AB8wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYsMA0G
CSqGSIb3DQEBCwUAA4IBAQBj17aJVi95cCWoe9KzduI7fow1zsh0OBVafkxIxrph
a1P9QkDUMCZn5FOJEQYbVSLVyR9IpkssNUhthvVL1XBSz6/MZkbZ93TRvE30qYAk
Yx5P540Fgkyrk44Dm7SQRJpo8YWdoRDUseNbG8RrsDfSZxj4bQqt0QiRLW35hHIy
foeY97TxV0otidV7tCjSy+282RMxf71fgO9k3924Q1n0vpxRW/V+1sQ6QdAbgXkX
LzWa7npbr9LsLfxD4YZmZxl2rcrO2+G5K25PJyuMQ0HHNcMBtVrm+w8RbKsWTda0
5Xp5bI2MbpSAzgtNZweJ6+ctIZk7Ydj79mRwt23lHlCv
-----END CERTIFICATE-----