Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e20323135333632.roa
File:                     33312e362e312e302f32342d3234203d3e20323135333632.roa (raw, json)
Hash identifier:          HRKS5zw6+Tj6neCLD49BDD5drQcaHAe4cy0xb58eB5s=
Subject key identifier:   BE:3D:A7:17:E1:1E:14:88:3A:C6:C1:8A:A5:E7:9C:05:33:73:DA:31
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       381E306D486DA013027AEBFE415D50467075BDC4
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e20323135333632.roa
Signing time:             Mon 17 Feb 2025 16:53:55 +0000
ROA not before:           Mon 17 Feb 2025 16:48:55 +0000
ROA not after:            Mon 16 Feb 2026 16:53:55 +0000
asID:                     215362
IP address blocks:        31.6.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:1e:30:6d:48:6d:a0:13:02:7a:eb:fe:41:5d:50:46:70:75:bd:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Feb 17 16:48:55 2025 GMT
            Not After : Feb 16 16:53:55 2026 GMT
        Subject: CN=BE3DA717E11E14883AC6C18AA5E79C053373DA31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3b:e2:d2:31:e0:f3:7f:7a:b2:9d:dc:a2:08:
                    8b:34:77:a2:12:33:fb:88:d4:ed:ff:9f:1b:bc:c1:
                    e4:35:26:25:0a:be:ee:bc:7c:19:b4:33:74:7c:22:
                    e8:e7:ea:eb:5c:68:d5:fd:a0:74:4b:77:54:08:c5:
                    ec:6b:92:4a:4f:88:94:49:80:dd:47:f0:a2:0a:05:
                    c9:3f:1a:84:85:7f:c5:a6:c3:10:ad:5c:fc:4e:e7:
                    f0:f0:a0:65:3c:14:96:d4:d2:b4:99:17:f0:67:f1:
                    be:4f:e4:de:48:e1:dc:c9:4e:72:b9:ee:20:f3:3a:
                    59:cf:e5:00:87:7f:1d:fc:58:53:27:1b:c1:3d:42:
                    4a:de:b3:aa:ce:26:4c:a1:cb:49:78:27:a3:18:e7:
                    71:a6:2c:16:67:72:f2:87:ad:68:bd:9d:17:77:33:
                    dc:cc:b3:81:56:c8:ec:46:d8:90:7a:0d:45:04:87:
                    b2:4c:ae:1e:e7:52:5c:8e:f3:6f:34:82:b7:71:0d:
                    e3:31:d5:08:59:5e:6c:41:9b:f2:33:95:55:f3:93:
                    33:c7:cd:94:b2:4e:69:55:d9:d9:ea:02:38:7a:4e:
                    d7:ab:66:b2:5e:30:c4:cc:f5:04:d7:ee:31:da:14:
                    be:7a:14:26:e1:d4:4b:0d:0a:16:72:74:59:7e:51:
                    31:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:3D:A7:17:E1:1E:14:88:3A:C6:C1:8A:A5:E7:9C:05:33:73:DA:31
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e20323135333632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:11:ed:77:c6:31:39:89:79:63:8f:0a:59:d1:33:24:ef:23:
         bc:4b:97:f8:f0:6d:bd:6c:c7:50:ab:11:e8:09:96:1a:3e:79:
         78:5d:2f:ea:ee:8b:4b:9c:f0:34:6d:06:f8:01:7a:77:0a:f3:
         cf:82:cc:57:78:ea:6e:89:8c:06:a0:6b:14:c4:a1:a4:65:ff:
         ad:37:aa:7d:46:39:3e:fb:e8:fd:d5:b8:bc:f1:b1:ca:16:c9:
         6a:a0:34:87:be:16:cf:b8:f5:b0:2a:1b:92:84:bb:11:e7:b7:
         de:7c:d4:0a:48:3f:cf:48:6e:8d:26:23:6a:0e:97:ba:20:cd:
         3f:68:c8:ca:a7:a8:24:9c:02:ae:86:08:4c:0d:01:7d:71:1a:
         f3:d7:c8:98:62:66:09:0f:af:2f:2e:77:c6:d5:1b:72:51:e7:
         6d:3c:51:b2:eb:02:62:24:9f:ec:90:c8:85:4f:09:41:35:b0:
         f3:dd:f0:f2:56:f4:3e:7f:87:79:76:0b:41:98:c6:2d:e3:9c:
         d0:cb:6c:ba:ac:ff:74:3a:07:7d:43:2a:dd:b4:3c:b4:40:fd:
         31:ba:65:5a:77:48:92:5a:b4:77:a3:2b:ca:74:cb:ec:c5:6f:
         0a:39:cc:d1:3a:53:a4:00:09:9c:c0:0c:da:bc:27:60:1e:32:
         d2:27:95:44
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUOB4wbUhtoBMCeuv+QV1QRnB1vcQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTAyMTcxNjQ4NTVaFw0yNjAyMTYxNjUzNTVaMDMxMTAvBgNV
BAMTKEJFM0RBNzE3RTExRTE0ODgzQUM2QzE4QUE1RTc5QzA1MzM3M0RBMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYO+LSMeDzf3qyndyiCIs0d6IS
M/uI1O3/nxu8weQ1JiUKvu68fBm0M3R8Iujn6utcaNX9oHRLd1QIxexrkkpPiJRJ
gN1H8KIKBck/GoSFf8WmwxCtXPxO5/DwoGU8FJbU0rSZF/Bn8b5P5N5I4dzJTnK5
7iDzOlnP5QCHfx38WFMnG8E9Qkres6rOJkyhy0l4J6MY53GmLBZncvKHrWi9nRd3
M9zMs4FWyOxG2JB6DUUEh7JMrh7nUlyO8280grdxDeMx1QhZXmxBm/IzlVXzkzPH
zZSyTmlV2dnqAjh6TterZrJeMMTM9QTX7jHaFL56FCbh1EsNChZydFl+UTEZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUvj2nF+EeFIg6xsGKpeecBTNz2jEwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM1MzMzNjMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYBMA0G
CSqGSIb3DQEBCwUAA4IBAQCSEe13xjE5iXljjwpZ0TMk7yO8S5f48G29bMdQqxHo
CZYaPnl4XS/q7otLnPA0bQb4AXp3CvPPgsxXeOpuiYwGoGsUxKGkZf+tN6p9Rjk+
++j91bi88bHKFslqoDSHvhbPuPWwKhuShLsR57fefNQKSD/PSG6NJiNqDpe6IM0/
aMjKp6gknAKuhghMDQF9cRrz18iYYmYJD68vLnfG1RtyUedtPFGy6wJiJJ/skMiF
TwlBNbDz3fDyVvQ+f4d5dgtBmMYt45zQy2y6rP90Ogd9QyrdtDy0QP0xumVad0iS
WrR3oyvKdMvsxW8KOczROlOkAAmcwAzavCdgHjLSJ5VE
-----END CERTIFICATE-----