Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31302e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          y1slYtwlNjPn4JhWEwu5UK32JF3SfQBLmAIFE6/hOeo=
Subject key identifier:   10:84:11:56:2A:68:CF:CD:89:05:6D:70:4B:B8:13:0F:5A:76:DF:11
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       01378D38EFEAD13CE720CE02608C77D08BB9FD3E
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:52 +0000
ROA not before:           Mon 02 Oct 2023 05:17:52 +0000
ROA not after:            Mon 30 Sep 2024 05:22:52 +0000
asID:                     22363
IP address blocks:        31.6.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:37:8d:38:ef:ea:d1:3c:e7:20:ce:02:60:8c:77:d0:8b:b9:fd:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:52 2023 GMT
            Not After : Sep 30 05:22:52 2024 GMT
        Subject: CN=108411562A68CFCD89056D704BB8130F5A76DF11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:56:7b:b5:0a:09:84:09:23:53:bf:bd:eb:4e:
                    cd:ba:06:c2:e3:fc:59:a8:d1:94:6d:10:89:14:ff:
                    8e:78:ae:32:c0:09:6e:94:84:45:14:3a:5b:ef:34:
                    75:92:0f:a3:fc:e7:ff:4c:e3:a1:51:3a:74:ca:42:
                    31:2f:09:1d:55:b4:f0:54:73:bc:d6:c9:34:1e:92:
                    a9:a8:49:8f:6d:15:c4:59:c7:77:85:67:d4:4e:a5:
                    f5:05:b7:fa:5d:cc:f0:a1:9d:a4:3f:a7:0b:e2:76:
                    92:c9:81:44:3c:00:83:2f:2c:78:0f:9e:f5:6a:d1:
                    d9:7e:35:1d:06:9f:90:a7:57:92:56:1b:be:75:24:
                    71:c3:79:b9:20:3a:28:fd:d4:cc:05:a5:5e:cd:11:
                    ba:e8:9e:66:ee:46:01:1d:c8:67:fd:6f:ea:47:33:
                    82:e5:99:85:b6:4d:40:fe:36:67:4d:e2:68:1a:38:
                    bb:46:e5:1a:1a:c0:b7:51:34:bc:b4:d8:4a:85:f7:
                    a9:32:09:49:2f:9a:85:00:c1:89:4a:e8:eb:21:c0:
                    c1:0a:bc:f3:60:4e:98:f6:a5:80:b5:7f:77:6d:c6:
                    f9:a7:80:6c:0f:67:03:98:f3:a3:49:16:89:8c:7b:
                    3d:12:a7:97:a8:38:9d:20:70:82:17:fc:fa:83:c9:
                    c6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:84:11:56:2A:68:CF:CD:89:05:6D:70:4B:B8:13:0F:5A:76:DF:11
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b1:22:5a:5e:dc:42:3b:d8:f2:f0:1b:01:0d:f8:a7:a6:0c:
         56:06:8e:24:32:e4:95:ad:89:27:4d:ba:c1:67:fa:fd:1d:87:
         44:a8:1d:69:05:44:dd:00:a0:a7:43:f9:88:85:53:fd:15:a6:
         2b:bb:c3:41:29:41:c3:fa:b4:d1:b7:0f:59:c9:5c:97:1c:bf:
         5d:ae:96:94:d6:ad:c7:86:23:c0:f4:53:e3:b8:af:ef:d7:31:
         84:20:ae:ed:74:f3:b9:36:c6:c5:5a:e6:85:dc:0b:1c:db:69:
         fe:4a:3e:65:31:5f:df:c0:f0:73:3c:eb:28:22:d4:da:4d:9d:
         92:2d:9c:6c:f2:d4:5d:6a:d2:3c:33:4d:54:26:45:70:53:0c:
         f1:02:71:db:35:c7:f6:ad:65:5b:5d:bb:de:79:62:25:d3:7b:
         e0:25:71:69:99:fe:3e:f1:5e:c7:e1:c9:6b:97:43:ad:51:9b:
         e6:35:0d:1c:67:a9:dd:ac:a7:65:8e:46:a4:e3:26:6c:01:aa:
         28:3e:a6:1b:c2:22:79:c9:bb:cb:92:58:9f:e8:5c:a7:9f:fd:
         e9:49:80:9d:35:61:26:f6:ad:59:03:5b:33:e5:da:0d:20:2e:
         db:dc:b2:21:ea:fb:ce:63:03:be:05:fc:3b:a2:7e:0a:91:0b:
         28:10:67:cd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUATeNOO/q0TznIM4CYIx30Iu5/T4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3NTJaFw0yNDA5MzAwNTIyNTJaMDMxMTAvBgNV
BAMTKDEwODQxMTU2MkE2OENGQ0Q4OTA1NkQ3MDRCQjgxMzBGNUE3NkRGMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJVnu1CgmECSNTv73rTs26BsLj
/Fmo0ZRtEIkU/454rjLACW6UhEUUOlvvNHWSD6P85/9M46FROnTKQjEvCR1VtPBU
c7zWyTQekqmoSY9tFcRZx3eFZ9ROpfUFt/pdzPChnaQ/pwvidpLJgUQ8AIMvLHgP
nvVq0dl+NR0Gn5CnV5JWG751JHHDebkgOij91MwFpV7NEbronmbuRgEdyGf9b+pH
M4LlmYW2TUD+NmdN4mgaOLtG5RoawLdRNLy02EqF96kyCUkvmoUAwYlK6OshwMEK
vPNgTpj2pYC1f3dtxvmngGwPZwOY86NJFomMez0Sp5eoOJ0gcIIX/PqDycZ/AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUEIQRVipoz82JBW1wS7gTD1p23xEwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYKMA0G
CSqGSIb3DQEBCwUAA4IBAQCRsSJaXtxCO9jy8BsBDfinpgxWBo4kMuSVrYknTbrB
Z/r9HYdEqB1pBUTdAKCnQ/mIhVP9FaYru8NBKUHD+rTRtw9ZyVyXHL9drpaU1q3H
hiPA9FPjuK/v1zGEIK7tdPO5NsbFWuaF3Asc22n+Sj5lMV/fwPBzPOsoItTaTZ2S
LZxs8tRdatI8M01UJkVwUwzxAnHbNcf2rWVbXbveeWIl03vgJXFpmf4+8V7H4clr
l0OtUZvmNQ0cZ6ndrKdljkak4yZsAaooPqYbwiJ5ybvLklif6Fynn/3pSYCdNWEm
9q1ZA1sz5doNIC7b3LIh6vvOYwO+Bfw7on4KkQsoEGfN
-----END CERTIFICATE-----