Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20323132323338.roa
File:                     33312e362e34372e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          +qd6MlIHz+w154Iq/dPJLtF/P3JHgQlQ/4U2NOFkFME=
Subject key identifier:   97:0D:04:62:9F:2C:68:45:9F:86:38:12:F5:C1:18:8E:6F:18:04:AE
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       3D0F6336A0E9AD7AF13C635C82A4C865D99173E1
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20323132323338.roa
Signing time:             Fri 26 Apr 2024 06:40:05 +0000
ROA not before:           Fri 26 Apr 2024 06:35:05 +0000
ROA not after:            Fri 25 Apr 2025 06:40:05 +0000
asID:                     212238
IP address blocks:        31.6.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:0f:63:36:a0:e9:ad:7a:f1:3c:63:5c:82:a4:c8:65:d9:91:73:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Apr 26 06:35:05 2024 GMT
            Not After : Apr 25 06:40:05 2025 GMT
        Subject: CN=970D04629F2C68459F863812F5C1188E6F1804AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cf:65:8e:44:73:47:15:4d:d9:87:e4:90:46:
                    d8:0b:04:cb:e1:55:1c:3e:3d:2c:84:d3:f4:e4:ae:
                    87:dd:f7:93:c5:f5:9a:ed:9a:63:72:1f:b9:d4:0d:
                    86:e6:e8:77:64:f0:e3:f1:c5:12:eb:9c:a2:3a:c9:
                    0e:cd:bd:cc:7b:9b:31:6d:04:af:75:18:dd:0f:0d:
                    5b:55:f0:95:b7:c7:ac:6b:59:7d:88:c4:e7:23:91:
                    d6:0f:f9:bb:fb:06:d3:94:2e:26:bc:bf:c6:11:9f:
                    ab:6f:7f:ff:99:97:84:96:35:06:b9:5d:7c:66:d2:
                    8d:64:f5:d1:9d:31:34:75:fb:c9:fc:b4:f8:f6:5c:
                    30:be:0b:de:a0:da:4c:20:87:1b:40:97:14:2c:3a:
                    6a:37:a9:77:f2:a5:74:6f:72:e1:3f:7e:24:1d:35:
                    53:06:65:9d:89:86:74:52:60:3c:54:bb:01:69:32:
                    3d:3d:61:4c:ff:9c:24:85:5b:7d:04:c3:3f:5a:c4:
                    9b:bb:57:a4:e6:54:9d:86:5b:5c:b7:2a:3c:74:f2:
                    7f:31:ed:a9:1d:79:4d:57:27:14:47:0e:46:b1:46:
                    68:77:8c:63:d2:38:76:0c:cc:70:f3:7b:76:30:f5:
                    8c:76:12:8b:43:2a:25:66:7b:3e:34:d8:27:e6:be:
                    88:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0D:04:62:9F:2C:68:45:9F:86:38:12:F5:C1:18:8E:6F:18:04:AE
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:cd:61:0b:ce:85:ed:9f:33:d1:51:3c:6c:45:f5:d7:22:52:
         b4:2f:e8:ec:6f:52:39:a0:8b:71:da:d2:81:3c:80:2b:6f:59:
         d5:6c:d6:b3:2e:3b:60:9f:c4:9e:e4:64:d3:60:cf:9e:8f:d6:
         3f:db:54:8c:d6:9b:ad:ab:14:f5:66:75:dd:64:3b:a1:0b:73:
         91:3a:dd:91:7b:58:76:7f:bd:15:31:fb:05:c2:fd:70:71:8f:
         68:1c:7b:fa:f0:37:cc:05:39:95:2d:1d:0d:ba:5d:57:9f:27:
         f2:cc:d4:7a:39:d0:9c:48:a6:b8:5a:5e:d6:0b:82:59:9f:54:
         9c:68:33:23:88:7a:ca:2d:79:3f:ef:59:34:76:95:2f:c9:01:
         18:d6:6c:e1:03:6f:da:c9:c1:0e:59:c2:41:e4:a9:f1:90:e8:
         1b:1d:82:fa:7b:b2:c9:b9:0e:7f:1d:da:59:6c:72:fb:fe:7b:
         5a:a9:a7:7f:1e:6b:64:bc:36:64:76:05:7d:1b:06:e6:b5:93:
         d4:ad:e5:71:e1:cc:88:19:fd:3d:76:e0:18:04:9a:30:12:a4:
         e7:6c:fa:ad:22:5b:ac:ef:32:29:40:14:a2:f1:71:4b:48:2e:
         19:e7:8c:e8:a0:aa:8d:8e:da:07:cb:b8:bb:d3:fe:9e:ac:18:
         3b:b6:1e:ca
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPQ9jNqDprXrxPGNcgqTIZdmRc+EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA0MjYwNjM1MDVaFw0yNTA0MjUwNjQwMDVaMDMxMTAvBgNV
BAMTKDk3MEQwNDYyOUYyQzY4NDU5Rjg2MzgxMkY1QzExODhFNkYxODA0QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjz2WORHNHFU3Zh+SQRtgLBMvh
VRw+PSyE0/Tkrofd95PF9ZrtmmNyH7nUDYbm6Hdk8OPxxRLrnKI6yQ7Nvcx7mzFt
BK91GN0PDVtV8JW3x6xrWX2IxOcjkdYP+bv7BtOULia8v8YRn6tvf/+Zl4SWNQa5
XXxm0o1k9dGdMTR1+8n8tPj2XDC+C96g2kwghxtAlxQsOmo3qXfypXRvcuE/fiQd
NVMGZZ2JhnRSYDxUuwFpMj09YUz/nCSFW30Ewz9axJu7V6TmVJ2GW1y3Kjx08n8x
7akdeU1XJxRHDkaxRmh3jGPSOHYMzHDze3Yw9Yx2EotDKiVmez402CfmvohxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUlw0EYp8saEWfhjgS9cEYjm8YBK4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi8w
DQYJKoZIhvcNAQELBQADggEBAGTNYQvOhe2fM9FRPGxF9dciUrQv6OxvUjmgi3Ha
0oE8gCtvWdVs1rMuO2CfxJ7kZNNgz56P1j/bVIzWm62rFPVmdd1kO6ELc5E63ZF7
WHZ/vRUx+wXC/XBxj2gce/rwN8wFOZUtHQ26XVefJ/LM1Ho50JxIprhaXtYLglmf
VJxoMyOIesoteT/vWTR2lS/JARjWbOEDb9rJwQ5ZwkHkqfGQ6Bsdgvp7ssm5Dn8d
2llscvv+e1qpp38ea2S8NmR2BX0bBua1k9St5XHhzIgZ/T124BgEmjASpOds+q0i
W6zvMilAFKLxcUtILhnnjOigqo2O2gfLuLvT/p6sGDu2Hso=
-----END CERTIFICATE-----