Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31302e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          wPzMtUr38u3/kYERY9WUPbIRhfAQb6NL7es6Ms1P6Ew=
Subject key identifier:   89:98:06:A7:07:D9:BC:E0:CD:2B:53:AD:29:D6:F7:90:E6:D7:E3:39
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7FE720FD9E464F5FEC7764AF18E161411328D482
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     22363
IP address blocks:        31.6.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:e7:20:fd:9e:46:4f:5f:ec:77:64:af:18:e1:61:41:13:28:d4:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=899806A707D9BCE0CD2B53AD29D6F790E6D7E339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a6:71:35:37:20:c9:99:23:3b:11:85:4d:93:
                    1b:b6:e2:3b:2b:45:45:59:16:4a:b2:00:55:7e:88:
                    43:5c:08:e8:69:b7:f7:5e:f8:ce:79:08:31:b9:e3:
                    d9:9c:b7:83:1e:57:3e:f1:7d:f4:91:00:4a:40:78:
                    a2:72:0c:1a:7b:f7:f6:ef:6b:d1:a8:2b:9e:10:6d:
                    9d:fe:2a:e7:28:66:a8:2c:45:7c:90:24:04:13:56:
                    a2:dd:cc:54:ad:37:4a:cc:2d:e4:8d:e8:0c:bf:31:
                    33:61:07:ba:d0:8f:a1:73:c7:6f:45:3b:45:99:f7:
                    cd:ae:63:ba:97:fd:16:c9:e0:87:3c:09:4d:23:14:
                    36:ca:5a:72:c0:27:67:5f:52:3a:e4:b7:2f:8d:21:
                    22:1d:88:db:64:a7:db:c7:44:55:72:e2:28:82:bb:
                    dd:66:d6:e3:2e:84:eb:27:e8:62:d8:95:a8:37:06:
                    0a:2a:d2:fd:55:7e:e9:e6:98:fd:c6:10:ff:37:82:
                    ca:22:91:44:59:2f:da:2c:9a:e9:00:e6:f9:2e:de:
                    b0:0e:b2:04:6c:d8:0c:35:a6:e5:dd:88:a5:40:bd:
                    3f:87:6a:a3:4b:7e:fd:89:50:b5:42:65:31:00:dd:
                    9f:ff:6b:3d:4c:db:4f:16:fb:56:7e:31:d7:7d:2c:
                    e3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:98:06:A7:07:D9:BC:E0:CD:2B:53:AD:29:D6:F7:90:E6:D7:E3:39
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:04:a7:46:53:a2:af:d6:75:fd:0b:f0:b8:5c:6c:60:12:c1:
         48:76:fe:d2:0d:e3:6e:7a:b6:56:5e:1c:90:c6:80:24:bd:e4:
         d5:22:cd:62:12:6c:10:fc:e3:6f:51:75:6c:6c:08:ac:7a:cb:
         0f:84:ba:fe:35:a4:92:92:7a:d9:4d:88:87:eb:7d:61:c0:b7:
         3d:d2:29:f9:20:1d:42:2f:c1:2e:6b:f0:eb:b1:b7:93:75:39:
         76:13:e6:da:46:60:1f:40:4d:36:f8:f3:f6:21:63:e6:c3:d1:
         69:73:89:3b:fd:e0:23:ab:ab:c7:db:70:2e:7b:40:17:3a:ea:
         b6:0a:92:80:a8:9f:2b:21:99:f7:9e:26:f9:a7:ac:2e:30:f8:
         09:00:8a:74:10:69:d7:bf:da:17:5e:77:a4:bb:8b:f8:e1:cc:
         76:5e:ce:10:31:79:fa:e4:80:ce:3a:6f:40:2f:92:2a:c1:de:
         24:07:2c:b7:fc:69:7e:3b:24:1d:89:f8:9b:df:d7:ab:7e:7a:
         09:72:27:57:96:af:f6:46:8f:5d:f6:81:17:5f:98:38:6a:42:
         7e:90:aa:6d:3b:f2:a3:2e:f3:cc:9e:a0:5f:7f:7e:a6:df:a7:
         4d:6b:13:b9:11:7a:6e:da:c5:35:dd:0b:70:66:a0:4b:05:aa:
         26:e1:36:1a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUf+cg/Z5GT1/sd2SvGOFhQRMo1IIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKDg5OTgwNkE3MDdEOUJDRTBDRDJCNTNBRDI5RDZGNzkwRTZEN0UzMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEpnE1NyDJmSM7EYVNkxu24jsr
RUVZFkqyAFV+iENcCOhpt/de+M55CDG549mct4MeVz7xffSRAEpAeKJyDBp79/bv
a9GoK54QbZ3+KucoZqgsRXyQJAQTVqLdzFStN0rMLeSN6Ay/MTNhB7rQj6Fzx29F
O0WZ982uY7qX/RbJ4Ic8CU0jFDbKWnLAJ2dfUjrkty+NISIdiNtkp9vHRFVy4iiC
u91m1uMuhOsn6GLYlag3Bgoq0v1VfunmmP3GEP83gsoikURZL9osmukA5vku3rAO
sgRs2Aw1puXdiKVAvT+HaqNLfv2JULVCZTEA3Z//az1M208W+1Z+Mdd9LOPzAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiZgGpwfZvODNK1OtKdb3kObX4zkwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYKMA0G
CSqGSIb3DQEBCwUAA4IBAQAKBKdGU6Kv1nX9C/C4XGxgEsFIdv7SDeNuerZWXhyQ
xoAkveTVIs1iEmwQ/ONvUXVsbAisessPhLr+NaSSknrZTYiH631hwLc90in5IB1C
L8Eua/DrsbeTdTl2E+baRmAfQE02+PP2IWPmw9Fpc4k7/eAjq6vH23Aue0AXOuq2
CpKAqJ8rIZn3nib5p6wuMPgJAIp0EGnXv9oXXneku4v44cx2Xs4QMXn65IDOOm9A
L5Iqwd4kByy3/Gl+OyQdifib39erfnoJcidXlq/2Ro9d9oEXX5g4akJ+kKptO/Kj
LvPMnqBff36m36dNaxO5EXpu2sU13QtwZqBLBaom4TYa
-----END CERTIFICATE-----