Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36322e302f32342d3234203d3e203233343730.roa
File:                     33312e362e36322e302f32342d3234203d3e203233343730.roa (raw, json)
Hash identifier:          dsuoGzGidcKRNwq0ORDn8c+KXvT7vhvEfYzh3hbfux4=
Subject key identifier:   81:D4:1E:CB:F6:67:17:B6:BB:49:0E:92:C3:67:15:31:5B:D8:EF:4E
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       747EFF3AEBBDA8988079B8AC092197E286C0A876
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36322e302f32342d3234203d3e203233343730.roa
Signing time:             Sat 18 Nov 2023 13:48:17 +0000
ROA not before:           Sat 18 Nov 2023 13:43:17 +0000
ROA not after:            Sat 16 Nov 2024 13:48:17 +0000
asID:                     23470
IP address blocks:        31.6.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:7e:ff:3a:eb:bd:a8:98:80:79:b8:ac:09:21:97:e2:86:c0:a8:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 18 13:43:17 2023 GMT
            Not After : Nov 16 13:48:17 2024 GMT
        Subject: CN=81D41ECBF66717B6BB490E92C36715315BD8EF4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f2:f1:f8:5c:d6:9f:37:7b:6b:37:b1:3d:27:
                    32:6f:7a:f7:93:36:c1:84:5f:16:48:cf:67:c7:a5:
                    7b:60:be:de:22:af:5c:cb:0e:00:1f:5e:76:8b:32:
                    57:94:1c:e8:e7:be:99:75:7f:ab:35:cf:d7:0f:f8:
                    f9:59:cb:be:7f:52:e4:de:53:60:bb:72:1f:70:a2:
                    9e:7b:9e:2d:3d:40:f3:ac:5b:4f:2f:66:5b:3d:15:
                    8d:34:8c:9b:ed:c5:5c:a5:09:20:fa:7f:d8:ed:0c:
                    e8:a4:81:15:1c:4f:f6:89:99:94:95:e8:34:b2:c0:
                    99:c4:4d:16:62:c1:04:be:31:59:89:22:35:00:c7:
                    43:bd:cc:4b:0c:66:b7:9c:bd:cc:43:6e:d0:c7:66:
                    3a:51:fd:90:f2:fc:ee:52:7b:25:8d:7a:0f:34:0f:
                    db:3c:5b:69:45:8c:bd:56:43:17:bc:54:30:c9:e0:
                    a4:bb:33:dd:f3:3d:0e:d0:2f:a5:06:35:7f:89:e9:
                    d4:09:54:7f:3a:43:04:0b:a6:1b:21:55:c4:7b:1a:
                    3a:49:32:59:4b:ff:df:b2:0d:4a:fa:c0:2b:ac:4e:
                    49:a7:f5:0b:d1:21:35:49:0c:55:fb:3c:df:a2:da:
                    45:e6:72:0f:9b:e5:82:8f:f5:da:33:7c:9e:6f:88:
                    4f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D4:1E:CB:F6:67:17:B6:BB:49:0E:92:C3:67:15:31:5B:D8:EF:4E
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36322e302f32342d3234203d3e203233343730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:e3:10:ff:a7:e9:f4:f8:b6:05:43:6c:93:05:ea:21:60:d5:
         67:7f:d6:a1:81:fc:cb:52:78:7c:65:09:75:2b:2e:5d:34:61:
         f3:b6:90:55:7b:48:75:9b:13:dd:7f:c2:28:e6:b5:67:bf:47:
         4a:ac:e0:31:ea:1a:55:53:c2:60:30:4e:48:79:81:30:a5:5a:
         4e:28:3d:61:6f:74:2a:1f:da:2a:15:27:33:17:0c:eb:ac:84:
         60:7a:0b:29:84:cb:7d:6e:b8:e3:1b:b7:93:85:b4:45:04:c0:
         77:68:ec:71:24:3f:47:62:77:58:f6:ed:1d:90:a3:33:b1:69:
         3a:33:92:c2:fd:e5:1b:ce:d4:08:02:d8:ce:1d:5d:20:8b:bc:
         de:71:1a:d8:87:94:b4:e3:f5:a5:05:05:f0:17:e8:64:3a:47:
         64:79:67:bc:d2:d7:44:59:34:28:f3:e8:0c:ed:1e:80:f8:ff:
         ee:c6:99:f2:90:11:ae:78:8b:0a:fb:84:32:1a:75:aa:26:c9:
         fa:c3:53:aa:11:3e:3d:99:09:44:d1:38:42:a6:2b:87:1d:39:
         6c:8c:02:f0:1e:3e:8f:0a:38:82:f6:ab:c2:74:a9:a2:96:33:
         fa:78:53:50:55:f0:06:74:4e:fd:ed:b6:15:73:50:1b:3c:60:
         27:1a:6f:dd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUdH7/Ouu9qJiAebisCSGX4obAqHYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzExMTgxMzQzMTdaFw0yNDExMTYxMzQ4MTdaMDMxMTAvBgNV
BAMTKDgxRDQxRUNCRjY2NzE3QjZCQjQ5MEU5MkMzNjcxNTMxNUJEOEVGNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC18vH4XNafN3trN7E9JzJveveT
NsGEXxZIz2fHpXtgvt4ir1zLDgAfXnaLMleUHOjnvpl1f6s1z9cP+PlZy75/UuTe
U2C7ch9wop57ni09QPOsW08vZls9FY00jJvtxVylCSD6f9jtDOikgRUcT/aJmZSV
6DSywJnETRZiwQS+MVmJIjUAx0O9zEsMZrecvcxDbtDHZjpR/ZDy/O5SeyWNeg80
D9s8W2lFjL1WQxe8VDDJ4KS7M93zPQ7QL6UGNX+J6dQJVH86QwQLphshVcR7GjpJ
MllL/9+yDUr6wCusTkmn9QvRITVJDFX7PN+i2kXmcg+b5YKP9dozfJ5viE/lAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUgdQey/ZnF7a7SQ6Sw2cVMVvY704wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMzMzQzNzMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwY+MA0G
CSqGSIb3DQEBCwUAA4IBAQB04xD/p+n0+LYFQ2yTBeohYNVnf9ahgfzLUnh8ZQl1
Ky5dNGHztpBVe0h1mxPdf8Io5rVnv0dKrOAx6hpVU8JgME5IeYEwpVpOKD1hb3Qq
H9oqFSczFwzrrIRgegsphMt9brjjG7eThbRFBMB3aOxxJD9HYndY9u0dkKMzsWk6
M5LC/eUbztQIAtjOHV0gi7zecRrYh5S04/WlBQXwF+hkOkdkeWe80tdEWTQo8+gM
7R6A+P/uxpnykBGueIsK+4QyGnWqJsn6w1OqET49mQlE0ThCpiuHHTlsjALwHj6P
CjiC9qvCdKmiljP6eFNQVfAGdE797bYVc1AbPGAnGm/d
-----END CERTIFICATE-----