Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e392e302f32342d3234203d3e203232333633.roa
File:                     33312e362e392e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          qhBlzmx1QD5yhx6TT7S2hwo7u+jgsGhVdECYgiH4Mag=
Subject key identifier:   9C:8A:2F:FB:BF:F1:FD:07:5E:E2:11:D5:A8:EA:6A:D4:A9:5F:96:B0
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       116F286828D11FE62C41BDE2D2E2EE8F682B1E19
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e392e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:56 +0000
ROA not before:           Mon 02 Oct 2023 05:17:56 +0000
ROA not after:            Mon 30 Sep 2024 05:22:56 +0000
asID:                     22363
IP address blocks:        31.6.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:6f:28:68:28:d1:1f:e6:2c:41:bd:e2:d2:e2:ee:8f:68:2b:1e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:56 2023 GMT
            Not After : Sep 30 05:22:56 2024 GMT
        Subject: CN=9C8A2FFBBFF1FD075EE211D5A8EA6AD4A95F96B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:63:ee:cd:e0:8d:1b:29:e7:3a:68:df:dd:
                    ae:54:55:3d:a1:6e:c9:8a:46:fe:95:7b:1e:3f:92:
                    66:cc:28:0d:f6:59:50:ee:32:57:73:8e:25:a4:cd:
                    ca:49:81:59:96:6d:6e:59:77:97:81:52:62:59:80:
                    30:fa:41:33:8b:1e:95:c7:d7:b0:e4:3f:97:e0:09:
                    1a:4e:fd:07:26:51:c2:0e:a4:7f:3e:3a:80:9b:f6:
                    e7:30:8e:41:a5:79:37:ef:64:99:32:87:4b:22:2e:
                    77:af:f5:a4:f0:4e:f0:46:57:72:be:ec:97:79:e9:
                    a8:28:26:a4:98:ca:05:89:87:ec:b4:1f:b2:29:57:
                    3a:8a:51:f8:11:09:87:c4:62:fd:98:6e:46:e5:1a:
                    6b:0a:bf:c2:0f:cd:52:26:f2:d4:5f:83:53:8b:b1:
                    5e:6c:e0:32:06:c0:3b:5f:22:c9:2e:24:c6:9c:04:
                    c7:cd:fd:2e:7d:8a:2b:58:50:a6:7e:a8:81:0c:d0:
                    fb:2d:34:91:02:2e:c6:94:eb:3c:f6:be:cd:61:83:
                    ba:45:d6:3f:94:78:91:be:da:13:23:d7:03:60:cb:
                    01:53:81:b9:9e:0a:74:15:a4:af:6f:1f:91:3f:f0:
                    21:37:a8:a9:67:2a:57:22:36:7b:38:d5:23:dc:7d:
                    bc:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:8A:2F:FB:BF:F1:FD:07:5E:E2:11:D5:A8:EA:6A:D4:A9:5F:96:B0
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e392e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ef:24:e1:e0:00:3f:b2:e3:e7:24:cb:e1:e2:a9:64:ac:ff:
         b9:d2:37:48:19:b4:36:eb:9a:55:f3:4a:02:18:3a:f0:18:5a:
         f9:e9:82:0c:81:f1:26:b9:cd:e5:26:bf:84:e3:6a:d6:05:ac:
         07:0b:73:0f:e7:6a:c3:db:42:5c:e3:83:bc:9c:8f:fa:76:d8:
         00:1f:17:97:0f:9c:e1:a9:49:80:99:00:d6:f1:6c:34:18:d6:
         d3:6d:93:e9:2a:7c:54:e8:d8:05:4b:78:d0:c3:4e:e0:f9:47:
         ba:03:ef:0e:1c:88:54:26:7a:b2:49:10:c6:b3:94:34:4e:82:
         e9:f8:0a:9d:30:41:d5:e8:44:43:e7:ad:0f:45:9e:27:be:05:
         02:55:ac:11:fd:77:d3:9d:a8:bc:62:f2:4b:8a:d2:29:e3:14:
         d5:ad:72:cf:bf:e2:27:47:88:34:c1:64:e6:63:e6:3d:78:0f:
         f8:ab:4b:88:a0:04:a8:d5:5d:8e:ee:ad:3c:7f:a9:c9:0e:a0:
         c7:98:bf:0e:d1:e5:22:2c:e7:06:09:3e:b1:75:d1:90:74:08:
         a5:5f:f2:06:75:17:0c:09:66:8f:c8:6f:03:bc:b9:63:0e:3b:
         6b:2a:3c:61:99:49:51:03:45:57:1d:61:48:c7:d3:6c:f3:52:
         ae:4b:9c:49
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUEW8oaCjRH+YsQb3i0uLuj2grHhkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3NTZaFw0yNDA5MzAwNTIyNTZaMDMxMTAvBgNV
BAMTKDlDOEEyRkZCQkZGMUZEMDc1RUUyMTFENUE4RUE2QUQ0QTk1Rjk2QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC39WPuzeCNGynnOmjf3a5UVT2h
bsmKRv6Vex4/kmbMKA32WVDuMldzjiWkzcpJgVmWbW5Zd5eBUmJZgDD6QTOLHpXH
17DkP5fgCRpO/QcmUcIOpH8+OoCb9ucwjkGleTfvZJkyh0siLnev9aTwTvBGV3K+
7Jd56agoJqSYygWJh+y0H7IpVzqKUfgRCYfEYv2YbkblGmsKv8IPzVIm8tRfg1OL
sV5s4DIGwDtfIskuJMacBMfN/S59iitYUKZ+qIEM0PstNJECLsaU6zz2vs1hg7pF
1j+UeJG+2hMj1wNgywFTgbmeCnQVpK9vH5E/8CE3qKlnKlciNns41SPcfbx9AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUnIov+7/x/Qde4hHVqOpq1KlflrAwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM5MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GCTANBgkq
hkiG9w0BAQsFAAOCAQEAle8k4eAAP7Lj5yTL4eKpZKz/udI3SBm0NuuaVfNKAhg6
8Bha+emCDIHxJrnN5Sa/hONq1gWsBwtzD+dqw9tCXOODvJyP+nbYAB8Xlw+c4alJ
gJkA1vFsNBjW022T6Sp8VOjYBUt40MNO4PlHugPvDhyIVCZ6skkQxrOUNE6C6fgK
nTBB1ehEQ+etD0WeJ74FAlWsEf13052ovGLyS4rSKeMU1a1yz7/iJ0eINMFk5mPm
PXgP+KtLiKAEqNVdju6tPH+pyQ6gx5i/DtHlIiznBgk+sXXRkHQIpV/yBnUXDAlm
j8hvA7y5Yw47ayo8YZlJUQNFVx1hSMfTbPNSrkucSQ==
-----END CERTIFICATE-----