Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e203339333833.roa
File:                     33312e362e312e302f32342d3234203d3e203339333833.roa (raw, json)
Hash identifier:          pKP9K90eQ+7vuXxFgyOss/wj4Lqp0FjrwssxlcH2PUE=
Subject key identifier:   E8:A8:78:86:58:AB:83:D6:77:D1:55:CB:1A:64:E0:9B:95:3A:19:C4
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       04D18DDCAD493D8A687DDB1A9F598376C33E36E0
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e203339333833.roa
Signing time:             Thu 14 Nov 2024 06:43:28 +0000
ROA not before:           Thu 14 Nov 2024 06:38:28 +0000
ROA not after:            Thu 13 Nov 2025 06:43:28 +0000
asID:                     39383
IP address blocks:        31.6.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:d1:8d:dc:ad:49:3d:8a:68:7d:db:1a:9f:59:83:76:c3:3e:36:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 14 06:38:28 2024 GMT
            Not After : Nov 13 06:43:28 2025 GMT
        Subject: CN=E8A8788658AB83D677D155CB1A64E09B953A19C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2b:db:30:2a:eb:11:e9:a3:77:ae:fb:c6:0e:
                    f8:5e:79:df:83:31:d6:01:db:c7:a5:4a:0b:4e:68:
                    93:56:d3:6e:8d:9a:56:32:78:d9:86:fb:53:cf:33:
                    9b:27:ab:70:0d:f4:02:55:f9:e2:2a:8c:58:b5:d5:
                    71:33:65:82:86:9c:2a:75:7a:a6:60:c5:74:d3:7f:
                    a4:d7:21:79:bc:00:70:a1:e9:bc:51:33:73:85:4f:
                    74:b8:0b:d9:6e:18:6a:c3:91:2d:9d:56:bf:fe:72:
                    2a:2e:c1:35:a2:64:d3:a9:07:3e:84:b1:97:bd:b9:
                    09:3d:01:9d:c1:12:16:d5:c7:14:48:55:7c:fd:6b:
                    6a:53:39:a7:95:b3:46:5a:93:94:29:aa:10:98:47:
                    e4:68:fd:94:82:89:36:78:5d:f8:59:9c:49:d6:9c:
                    8d:7e:17:ca:70:7f:59:99:23:65:4e:41:aa:20:ae:
                    b5:94:23:dc:84:7d:3c:39:8e:64:e1:c8:04:33:0b:
                    53:b2:26:b0:76:b1:b0:9b:01:95:38:7c:83:2c:05:
                    07:50:54:34:3c:eb:75:20:a7:82:09:b0:f5:d7:d6:
                    d2:d4:63:d5:a7:59:e9:ea:7c:cf:12:85:a3:02:5c:
                    77:1a:c8:7f:d9:ff:fb:66:83:a8:68:06:65:f4:ee:
                    93:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A8:78:86:58:AB:83:D6:77:D1:55:CB:1A:64:E0:9B:95:3A:19:C4
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e203339333833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:e5:2d:67:33:2c:93:87:05:03:7d:6d:c4:02:a0:70:46:9d:
         b7:29:93:7c:ba:75:cf:20:00:d9:25:74:15:ff:09:56:36:f7:
         af:fd:04:0d:4f:67:22:1e:67:88:6a:0b:ef:68:65:5b:88:52:
         ed:68:76:b1:88:a8:cd:75:06:35:d4:86:9c:3d:e4:07:5a:35:
         4f:88:f7:1d:b2:ad:7d:14:32:9a:50:ac:7a:d1:d1:74:f0:7d:
         07:0f:16:0f:20:4b:0a:8f:bb:f5:0f:58:5b:53:62:ac:46:3a:
         cf:59:c0:55:84:1f:19:07:e8:77:81:10:ad:cf:cf:25:dc:10:
         8b:b3:89:3b:7c:07:76:1f:ea:5a:85:3c:11:4d:15:a3:a4:0a:
         c8:95:fe:b7:ef:0e:27:f1:9d:12:52:01:99:60:de:1b:e2:c7:
         88:0a:99:30:89:3a:2c:e9:f4:6e:b5:67:ed:42:42:b7:d0:71:
         fc:b5:df:fe:c5:96:a2:2d:d0:48:31:41:f1:7c:f8:7c:77:0f:
         51:01:4a:e9:72:49:6b:4d:18:80:88:06:31:af:17:db:82:b7:
         5f:ac:19:1a:21:3c:7a:ed:8c:6b:ea:3d:d0:6c:d0:9a:d7:fa:
         92:78:d3:2f:49:62:e7:64:35:c6:e3:d7:de:99:c9:54:2f:59:
         2f:4d:ff:0c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUBNGN3K1JPYpofdsan1mDdsM+NuAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMTQwNjM4MjhaFw0yNTExMTMwNjQzMjhaMDMxMTAvBgNV
BAMTKEU4QTg3ODg2NThBQjgzRDY3N0QxNTVDQjFBNjRFMDlCOTUzQTE5QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpK9swKusR6aN3rvvGDvheed+D
MdYB28elSgtOaJNW026NmlYyeNmG+1PPM5snq3AN9AJV+eIqjFi11XEzZYKGnCp1
eqZgxXTTf6TXIXm8AHCh6bxRM3OFT3S4C9luGGrDkS2dVr/+ciouwTWiZNOpBz6E
sZe9uQk9AZ3BEhbVxxRIVXz9a2pTOaeVs0Zak5QpqhCYR+Ro/ZSCiTZ4XfhZnEnW
nI1+F8pwf1mZI2VOQaogrrWUI9yEfTw5jmThyAQzC1OyJrB2sbCbAZU4fIMsBQdQ
VDQ863Ugp4IJsPXX1tLUY9WnWenqfM8ShaMCXHcayH/Z//tmg6hoBmX07pOTAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU6Kh4hlirg9Z30VXLGmTgm5U6GcQwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzMzOTMzMzgzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GATANBgkq
hkiG9w0BAQsFAAOCAQEApOUtZzMsk4cFA31txAKgcEadtymTfLp1zyAA2SV0Ff8J
Vjb3r/0EDU9nIh5niGoL72hlW4hS7Wh2sYiozXUGNdSGnD3kB1o1T4j3HbKtfRQy
mlCsetHRdPB9Bw8WDyBLCo+79Q9YW1NirEY6z1nAVYQfGQfod4EQrc/PJdwQi7OJ
O3wHdh/qWoU8EU0Vo6QKyJX+t+8OJ/GdElIBmWDeG+LHiAqZMIk6LOn0brVn7UJC
t9Bx/LXf/sWWoi3QSDFB8Xz4fHcPUQFK6XJJa00YgIgGMa8X24K3X6wZGiE8eu2M
a+o90GzQmtf6knjTL0li52Q1xuPX3pnJVC9ZL03/DA==
-----END CERTIFICATE-----