Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203136323736.roa
File:                     33312e32342e3235332e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          mydC78o8rit9h40XfRMNPb5XmQR+4LDmi923FIw07uI=
Subject key identifier:   EE:63:CE:6B:19:18:3C:37:1D:68:BE:1A:93:98:9E:F2:0D:81:2B:C5
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       4888E7FB5E9F5B072BA81ABC44CC0359EF634D28
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203136323736.roa
Signing time:             Tue 23 Jul 2024 06:26:45 +0000
ROA not before:           Tue 23 Jul 2024 06:21:45 +0000
ROA not after:            Tue 22 Jul 2025 06:26:45 +0000
asID:                     16276
IP address blocks:        31.24.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:88:e7:fb:5e:9f:5b:07:2b:a8:1a:bc:44:cc:03:59:ef:63:4d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Jul 23 06:21:45 2024 GMT
            Not After : Jul 22 06:26:45 2025 GMT
        Subject: CN=EE63CE6B19183C371D68BE1A93989EF20D812BC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c1:d0:87:d7:23:50:da:72:c3:71:2a:1c:84:
                    1c:df:68:ba:80:81:13:47:06:9a:de:71:09:de:7a:
                    10:bf:60:c3:d1:bd:7b:45:a0:f0:c6:22:11:46:f2:
                    ba:9d:73:51:84:8d:c9:db:7b:f6:64:ac:22:72:83:
                    e7:c7:3f:d6:7c:c1:6f:0e:7e:39:e5:34:ff:9e:42:
                    6a:6c:b4:50:c2:7a:f1:71:49:b8:03:9c:79:54:b6:
                    e1:5b:66:d9:61:72:3a:1e:36:17:00:7f:a6:32:9d:
                    bc:32:fe:59:67:c0:d3:94:3d:a2:4d:c9:e2:2e:de:
                    24:51:a2:f1:cf:13:0b:2e:b3:1f:0f:f4:ff:a8:5a:
                    4f:9d:04:44:a4:94:6d:b0:f8:ab:82:97:5a:e9:87:
                    a6:a7:ca:23:4b:6f:0a:3f:d7:99:a2:59:f1:6c:f1:
                    04:24:90:37:26:c9:ed:f4:26:14:a4:b8:f9:5d:6a:
                    1f:17:58:8b:61:3a:a2:ec:5b:31:70:19:64:39:ea:
                    22:a7:dc:92:a5:1e:e4:f3:8f:ff:6b:a7:93:80:ed:
                    62:16:e5:50:32:7c:e9:f5:dc:ad:8b:6a:bd:ee:5a:
                    ee:d9:77:40:6e:c2:00:32:7b:bb:fa:bd:85:6d:b0:
                    ab:d0:6a:79:f3:2d:93:30:87:5c:c5:8f:ff:61:a8:
                    49:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:63:CE:6B:19:18:3C:37:1D:68:BE:1A:93:98:9E:F2:0D:81:2B:C5
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:66:13:51:c5:5b:a4:de:29:b1:35:cd:e8:0b:88:46:4e:9e:
         7a:01:d0:a9:7c:0f:2a:9a:0a:79:32:7b:89:b5:5a:45:96:42:
         0b:4d:d6:20:04:e5:30:ee:bf:5c:32:c8:ea:8e:7f:87:26:46:
         60:7f:be:dd:fe:a5:89:84:71:55:fe:18:6d:23:53:70:89:84:
         05:74:29:ab:55:3c:03:63:58:5b:d2:ef:99:dc:35:db:73:f0:
         57:c5:f0:16:0a:ee:03:60:5b:5d:97:8d:60:1b:74:c2:57:4f:
         19:b6:3c:5f:6d:db:6f:39:e5:a2:b3:d7:65:29:c9:fe:95:4b:
         0e:f6:ce:86:86:8c:22:75:b9:4a:fe:64:fe:42:ac:a0:be:6f:
         fe:a2:5f:7d:59:3c:c1:1e:61:e5:1f:7c:09:e3:af:32:c0:83:
         ff:7b:0e:e1:9f:67:32:ab:52:8e:35:1f:00:6e:7a:5a:80:a0:
         cc:53:d7:04:11:a3:07:ae:b8:0f:61:8b:da:30:3e:3e:61:5f:
         bf:7c:a1:a9:a1:fc:3d:bb:c3:65:7b:95:6e:a1:ac:50:0c:f0:
         34:fd:9c:d1:bf:13:cf:d6:ec:8c:81:31:d4:63:d8:71:d2:3c:
         f5:96:09:9f:f1:a6:3c:ad:51:83:29:86:fb:3a:3b:59:46:ed:
         ea:94:2d:7c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSIjn+16fWwcrqBq8RMwDWe9jTSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA3MjMwNjIxNDVaFw0yNTA3MjIwNjI2NDVaMDMxMTAvBgNV
BAMTKEVFNjNDRTZCMTkxODNDMzcxRDY4QkUxQTkzOTg5RUYyMEQ4MTJCQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChwdCH1yNQ2nLDcSochBzfaLqA
gRNHBprecQneehC/YMPRvXtFoPDGIhFG8rqdc1GEjcnbe/ZkrCJyg+fHP9Z8wW8O
fjnlNP+eQmpstFDCevFxSbgDnHlUtuFbZtlhcjoeNhcAf6Yynbwy/llnwNOUPaJN
yeIu3iRRovHPEwsusx8P9P+oWk+dBESklG2w+KuCl1rph6anyiNLbwo/15miWfFs
8QQkkDcmye30JhSkuPldah8XWIthOqLsWzFwGWQ56iKn3JKlHuTzj/9rp5OA7WIW
5VAyfOn13K2Lar3uWu7Zd0BuwgAye7v6vYVtsKvQannzLZMwh1zFj/9hqEn1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7mPOaxkYPDcdaL4ak5ie8g2BK8UwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzMzMTJlMzIzNDJlMzIzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjMyMzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8Y
/TANBgkqhkiG9w0BAQsFAAOCAQEAHGYTUcVbpN4psTXN6AuIRk6eegHQqXwPKpoK
eTJ7ibVaRZZCC03WIATlMO6/XDLI6o5/hyZGYH++3f6liYRxVf4YbSNTcImEBXQp
q1U8A2NYW9Lvmdw123PwV8XwFgruA2BbXZeNYBt0wldPGbY8X23bbznlorPXZSnJ
/pVLDvbOhoaMInW5Sv5k/kKsoL5v/qJffVk8wR5h5R98CeOvMsCD/3sO4Z9nMqtS
jjUfAG56WoCgzFPXBBGjB664D2GL2jA+PmFfv3yhqaH8PbvDZXuVbqGsUAzwNP2c
0b8Tz9bsjIEx1GPYcdI89ZYJn/GmPK1RgymG+zo7WUbt6pQtfA==
-----END CERTIFICATE-----