Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31312e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31312e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          0XMdOgP4dNdBT9/WtvpJ+jLyrwajbCE+SMCUAG7BuzA=
Subject key identifier:   DB:34:48:06:38:13:8A:D9:CB:25:9A:BF:98:1D:54:C2:42:32:96:F0
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       6E237AC6E55A7DF5CB65E67EAFB5AA9DBB69FD88
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31312e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     22363
IP address blocks:        31.6.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:23:7a:c6:e5:5a:7d:f5:cb:65:e6:7e:af:b5:aa:9d:bb:69:fd:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=DB34480638138AD9CB259ABF981D54C2423296F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fd:72:9b:74:c5:15:d0:c0:88:bd:10:0c:18:
                    67:30:87:cc:7b:6f:ac:36:bf:14:dc:92:07:c6:ea:
                    5f:9d:4e:60:5c:50:54:c2:bb:39:25:3e:8b:27:03:
                    cf:ca:cf:58:18:ea:d0:78:9b:86:3b:06:34:bd:3e:
                    b7:dd:fa:44:86:6e:b0:47:19:d6:6f:a1:3e:e9:83:
                    63:9e:1c:48:10:ba:f3:78:b2:a6:54:8d:21:59:5e:
                    e4:75:0a:7b:1c:1d:67:7a:be:97:cb:22:ec:53:c0:
                    4d:c3:f8:36:2b:e5:db:31:c3:18:d7:33:4f:ae:2a:
                    98:00:7f:35:51:d9:57:b8:09:08:d0:8f:a8:a5:57:
                    0c:df:71:fc:c4:44:b9:e0:d4:e5:f4:0a:14:44:aa:
                    67:90:99:0b:f7:15:31:1e:f3:cd:c1:c9:1f:9b:9d:
                    bf:a5:d1:d6:8e:99:31:77:ac:bd:a9:79:6f:b0:f2:
                    4c:e2:e6:67:54:76:59:59:ef:08:c2:d4:a2:9a:75:
                    f0:8b:1e:d1:c9:c1:3a:cd:e9:11:8c:db:27:5a:60:
                    0e:3e:7d:5a:61:9f:ff:1f:7e:a6:11:5e:ac:61:31:
                    a5:30:62:7c:27:b2:4b:04:6f:c6:dc:6c:20:e7:f3:
                    30:63:32:3f:8f:4e:c1:cd:8d:7d:9d:e9:c2:16:b7:
                    68:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:34:48:06:38:13:8A:D9:CB:25:9A:BF:98:1D:54:C2:42:32:96:F0
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31312e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:b3:81:95:f2:0e:23:08:13:1f:08:ac:a7:8a:52:18:b7:eb:
         fd:40:e6:0a:cf:7d:d5:a6:15:33:96:18:77:62:ea:86:6f:b9:
         97:db:6c:4b:75:61:27:1a:c6:58:13:9d:98:3e:a5:75:c1:06:
         9f:b4:33:7e:bb:0c:f0:fd:68:6b:ca:76:7e:e0:a1:b8:d4:70:
         e0:36:36:33:0d:d5:02:52:72:9e:7e:3d:af:cb:1e:17:50:fe:
         d7:5d:ed:8f:aa:1c:6a:06:b3:6b:34:e2:38:9f:a6:aa:cf:01:
         bf:ec:22:09:96:7f:ed:27:c7:49:cb:e9:c9:e1:af:e0:ed:1c:
         63:9b:3f:8e:25:e1:d3:60:77:d6:fa:2d:8e:a7:7c:c9:be:b6:
         4a:91:55:74:71:db:7b:f7:67:ca:50:e6:5e:b6:66:d1:c8:c8:
         ec:90:0f:28:96:35:2c:9f:76:3e:ce:f4:07:f6:05:23:8c:2a:
         5a:cc:a3:46:d4:1e:f9:4e:5b:78:63:50:57:02:18:be:75:64:
         91:6b:c7:0d:30:5a:c2:d8:a2:8c:c5:ad:ba:7e:08:e4:39:dd:
         b3:36:df:28:7d:f6:e0:f1:58:ff:9b:41:4f:72:fa:bb:f8:59:
         08:37:d8:ff:fb:88:91:87:35:a4:84:4d:3c:0a:bc:5b:9a:89:
         05:bc:11:80
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUbiN6xuVaffXLZeZ+r7Wqnbtp/YgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKERCMzQ0ODA2MzgxMzhBRDlDQjI1OUFCRjk4MUQ1NEMyNDIzMjk2RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCG/XKbdMUV0MCIvRAMGGcwh8x7
b6w2vxTckgfG6l+dTmBcUFTCuzklPosnA8/Kz1gY6tB4m4Y7BjS9Prfd+kSGbrBH
GdZvoT7pg2OeHEgQuvN4sqZUjSFZXuR1CnscHWd6vpfLIuxTwE3D+DYr5dsxwxjX
M0+uKpgAfzVR2Ve4CQjQj6ilVwzfcfzERLng1OX0ChREqmeQmQv3FTEe883ByR+b
nb+l0daOmTF3rL2peW+w8kzi5mdUdllZ7wjC1KKadfCLHtHJwTrN6RGM2ydaYA4+
fVphn/8ffqYRXqxhMaUwYnwnsksEb8bcbCDn8zBjMj+PTsHNjX2d6cIWt2jLAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU2zRIBjgTitnLJZq/mB1UwkIylvAwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYLMA0G
CSqGSIb3DQEBCwUAA4IBAQCbs4GV8g4jCBMfCKynilIYt+v9QOYKz33VphUzlhh3
YuqGb7mX22xLdWEnGsZYE52YPqV1wQaftDN+uwzw/WhrynZ+4KG41HDgNjYzDdUC
UnKefj2vyx4XUP7XXe2PqhxqBrNrNOI4n6aqzwG/7CIJln/tJ8dJy+nJ4a/g7Rxj
mz+OJeHTYHfW+i2Op3zJvrZKkVV0cdt792fKUOZetmbRyMjskA8oljUsn3Y+zvQH
9gUjjCpazKNG1B75Tlt4Y1BXAhi+dWSRa8cNMFrC2KKMxa26fgjkOd2zNt8offbg
8Vj/m0FPcvq7+FkIN9j/+4iRhzWkhE08CrxbmokFvBGA
-----END CERTIFICATE-----