Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31322e302f32342d3234203d3e20323132333335.roa
File:                     33312e362e31322e302f32342d3234203d3e20323132333335.roa (raw, json)
Hash identifier:          UU5wnTJGgRVlrnDRmUm+PghBdw5Nw8PaDglkmPi7hzU=
Subject key identifier:   D7:00:65:73:D4:BB:01:83:98:FF:4A:80:70:59:7A:61:F5:D9:41:76
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4D28833174A7CB734AA4A9C66D369B2FF80605F0
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31322e302f32342d3234203d3e20323132333335.roa
Signing time:             Thu 21 Mar 2024 07:53:43 +0000
ROA not before:           Thu 21 Mar 2024 07:48:43 +0000
ROA not after:            Thu 20 Mar 2025 07:53:43 +0000
asID:                     212335
IP address blocks:        31.6.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:28:83:31:74:a7:cb:73:4a:a4:a9:c6:6d:36:9b:2f:f8:06:05:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 21 07:48:43 2024 GMT
            Not After : Mar 20 07:53:43 2025 GMT
        Subject: CN=D7006573D4BB018398FF4A8070597A61F5D94176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:07:ff:f9:bf:af:d4:16:12:6d:92:fa:f1:f1:
                    81:8f:be:ab:6a:00:f5:93:e4:32:e1:48:f9:1d:85:
                    a9:c9:73:ce:f9:ed:bb:18:cc:45:80:de:fa:73:5e:
                    e0:b2:ab:f2:4d:5a:b0:6a:8d:3d:14:ec:12:95:ca:
                    c9:6f:ed:0b:8e:8b:5a:4e:e9:78:0d:3f:79:aa:f1:
                    6b:8f:b7:d1:b5:11:1a:a5:b8:4b:b5:16:56:60:23:
                    ce:2c:62:2f:f4:96:43:8f:21:e7:a7:55:b2:2e:cb:
                    b2:42:e0:c2:84:70:91:1d:a5:df:59:c9:b6:d1:cb:
                    db:1b:dc:b4:21:15:2a:80:82:f3:00:ef:f0:04:bc:
                    39:59:8d:8c:4d:b5:64:74:29:e8:4f:82:ed:56:a7:
                    36:2e:f2:3c:fd:5b:71:0a:57:e5:c3:58:ee:f8:0f:
                    96:94:30:6c:15:03:e5:dc:e7:fe:c3:2a:2b:d5:2d:
                    54:c7:cf:c3:16:b5:53:c8:c2:24:be:51:66:e5:da:
                    71:e6:11:0e:84:42:46:28:ae:ea:b1:69:00:7b:a3:
                    9b:35:b3:36:f5:ec:d1:56:3e:4d:63:94:09:9c:d8:
                    bc:39:09:4a:ac:5c:02:1f:2e:10:68:16:21:90:fc:
                    b4:79:0c:e1:02:1e:b2:b3:84:30:6f:a5:33:62:e4:
                    e3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:00:65:73:D4:BB:01:83:98:FF:4A:80:70:59:7A:61:F5:D9:41:76
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31322e302f32342d3234203d3e20323132333335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:35:95:4a:24:e7:cc:19:4e:16:6a:3a:7f:4c:9e:03:73:fd:
         1d:05:e5:d0:96:a1:33:c5:f8:7d:66:78:d2:00:93:57:7b:08:
         ef:16:90:7b:74:0b:92:b0:e1:ff:58:de:6d:d8:79:bf:32:55:
         eb:aa:e3:92:89:d7:ba:18:8b:41:c8:56:b8:9a:d9:28:68:89:
         28:17:63:c7:94:02:63:b8:a9:cf:f1:61:3e:04:a9:f3:60:3b:
         97:b5:96:17:b6:f8:36:59:30:b9:ab:d1:ae:56:17:59:7b:3d:
         c0:74:55:c9:45:6b:60:1a:99:4e:1f:21:06:61:c0:18:0f:34:
         8d:cd:63:2b:a5:93:49:22:b2:dd:85:df:1e:a7:1c:6c:59:1a:
         7d:7c:28:7a:81:07:3b:1c:3b:3e:bd:a3:de:d3:91:bc:0d:c2:
         4e:cf:89:39:51:28:39:25:bf:3d:31:37:cc:f5:7b:1f:67:95:
         ee:7b:39:f7:1b:ac:d4:48:66:e0:67:1e:1a:1e:5c:88:0f:05:
         84:ed:7c:09:d8:ca:df:e1:58:a9:3b:69:60:c3:2f:32:b9:24:
         24:20:54:a7:a6:ec:fd:93:ca:b5:bb:84:48:8d:d1:a1:f4:07:
         26:7f:07:0b:ac:7b:4f:81:ac:02:d9:d0:00:1e:12:39:66:0b:
         c7:fb:e1:df
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTSiDMXSny3NKpKnGbTabL/gGBfAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDAzMjEwNzQ4NDNaFw0yNTAzMjAwNzUzNDNaMDMxMTAvBgNV
BAMTKEQ3MDA2NTczRDRCQjAxODM5OEZGNEE4MDcwNTk3QTYxRjVEOTQxNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClB//5v6/UFhJtkvrx8YGPvqtq
APWT5DLhSPkdhanJc8757bsYzEWA3vpzXuCyq/JNWrBqjT0U7BKVyslv7QuOi1pO
6XgNP3mq8WuPt9G1ERqluEu1FlZgI84sYi/0lkOPIeenVbIuy7JC4MKEcJEdpd9Z
ybbRy9sb3LQhFSqAgvMA7/AEvDlZjYxNtWR0KehPgu1WpzYu8jz9W3EKV+XDWO74
D5aUMGwVA+Xc5/7DKivVLVTHz8MWtVPIwiS+UWbl2nHmEQ6EQkYoruqxaQB7o5s1
szb17NFWPk1jlAmc2Lw5CUqsXAIfLhBoFiGQ/LR5DOECHrKzhDBvpTNi5OMbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1wBlc9S7AYOY/0qAcFl6YfXZQXYwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMzMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBgww
DQYJKoZIhvcNAQELBQADggEBAHg1lUok58wZThZqOn9MngNz/R0F5dCWoTPF+H1m
eNIAk1d7CO8WkHt0C5Kw4f9Y3m3Yeb8yVeuq45KJ17oYi0HIVria2ShoiSgXY8eU
AmO4qc/xYT4EqfNgO5e1lhe2+DZZMLmr0a5WF1l7PcB0VclFa2AamU4fIQZhwBgP
NI3NYyulk0kist2F3x6nHGxZGn18KHqBBzscOz69o97TkbwNwk7PiTlRKDklvz0x
N8z1ex9nle57OfcbrNRIZuBnHhoeXIgPBYTtfAnYyt/hWKk7aWDDLzK5JCQgVKem
7P2TyrW7hEiN0aH0ByZ/Bwuse0+BrALZ0AAeEjlmC8f74d8=
-----END CERTIFICATE-----