Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31342e302f32342d3234203d3e20323135373634.roa
File:                     33312e362e31342e302f32342d3234203d3e20323135373634.roa (raw, json)
Hash identifier:          Kf8/gH+INfexBYqy8H7T0hxIIqpALgrpQLFE80wo8nc=
Subject key identifier:   29:2F:06:BC:22:77:8D:D8:E5:F2:87:FB:F5:CD:6D:95:D4:28:A9:28
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       136C5E2F1BB3546C82B71095FF04A6D9CA2C4567
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31342e302f32342d3234203d3e20323135373634.roa
Signing time:             Sat 07 Sep 2024 12:31:46 +0000
ROA not before:           Sat 07 Sep 2024 12:26:46 +0000
ROA not after:            Sat 06 Sep 2025 12:31:46 +0000
asID:                     215764
IP address blocks:        31.6.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:6c:5e:2f:1b:b3:54:6c:82:b7:10:95:ff:04:a6:d9:ca:2c:45:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  7 12:26:46 2024 GMT
            Not After : Sep  6 12:31:46 2025 GMT
        Subject: CN=292F06BC22778DD8E5F287FBF5CD6D95D428A928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:94:84:2a:b7:a4:7f:90:8b:bb:a3:83:25:99:
                    f0:e1:64:03:fd:23:bf:46:17:e5:ee:f6:f4:82:16:
                    3f:73:58:0b:a0:42:a2:43:84:45:04:a2:33:1d:7b:
                    8b:5e:34:af:22:26:f7:97:a8:5e:1a:9b:b9:e0:8e:
                    11:c9:a3:ab:2d:e5:2e:0e:0c:73:f6:21:fc:9d:0f:
                    f8:73:4b:99:7a:9a:09:cf:56:71:b4:3f:6b:70:d8:
                    60:3b:1e:12:c3:21:20:36:4d:bd:e4:76:42:b6:43:
                    0f:73:3e:af:8f:4f:e3:ac:cb:e0:d1:10:b8:d7:d6:
                    d0:cf:bb:53:32:6d:2b:14:42:cb:b9:5a:8a:db:f6:
                    4d:5b:0f:21:0e:dc:c2:f4:2c:b8:92:41:da:58:1b:
                    66:6b:95:50:db:7a:ef:8a:da:83:29:80:7d:2f:dc:
                    e1:d1:51:89:19:d6:ee:55:0e:be:28:e3:f6:0b:cb:
                    0b:2b:f0:4a:bf:04:dd:dd:e7:b8:e1:89:bf:3d:6a:
                    90:c2:ff:4a:3b:f2:00:a6:0e:2d:fa:60:53:09:1c:
                    be:6b:c0:96:7d:3a:39:89:44:00:9f:68:21:a1:52:
                    23:d7:13:71:34:ac:9d:64:9f:28:50:93:34:34:63:
                    10:92:27:67:c1:1d:63:e3:f7:51:07:cc:45:f7:d2:
                    82:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:2F:06:BC:22:77:8D:D8:E5:F2:87:FB:F5:CD:6D:95:D4:28:A9:28
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31342e302f32342d3234203d3e20323135373634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:00:68:80:41:41:fd:4f:09:7b:df:30:33:6c:5f:5d:3e:23:
         88:09:39:ef:b3:71:a9:f6:e2:9b:38:96:71:49:07:cd:b2:a0:
         d9:2a:40:a5:3d:f6:a9:53:02:88:9c:5f:80:99:81:20:9f:da:
         4c:fd:40:69:f2:fb:be:52:c8:b5:95:3e:c5:49:e6:8e:80:6e:
         84:18:f0:28:60:5d:cc:f0:6d:f4:bf:e9:1a:0c:b3:61:27:44:
         2e:df:d0:33:70:4d:c4:1b:76:e1:87:9f:b8:c9:2f:6b:0d:0e:
         80:45:3f:aa:82:b6:f0:8e:90:f6:02:6e:83:0e:c1:60:c6:0e:
         32:1e:b3:03:22:3a:3c:c9:ac:43:6c:fa:82:0f:58:45:6c:1a:
         9c:bb:d7:29:2b:f8:8b:a9:aa:53:24:2c:25:ff:95:b4:39:b5:
         ec:da:a7:8e:d9:58:16:f7:6d:06:74:42:47:8b:55:09:85:2d:
         eb:79:ef:4e:bb:63:50:c2:96:10:c1:35:cd:26:f8:6c:79:dc:
         5c:7f:5b:86:62:4e:35:3b:0a:14:be:db:5b:c2:3f:62:31:68:
         02:64:33:cb:bf:5c:28:bc:ab:0b:27:3a:1c:eb:2f:21:40:71:
         66:2e:b0:9e:c5:a9:3f:a1:1e:ad:52:a0:03:f5:4c:88:58:c2:
         2a:54:c6:0e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUE2xeLxuzVGyCtxCV/wSm2cosRWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDcxMjI2NDZaFw0yNTA5MDYxMjMxNDZaMDMxMTAvBgNV
BAMTKDI5MkYwNkJDMjI3NzhERDhFNUYyODdGQkY1Q0Q2RDk1RDQyOEE5MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQlIQqt6R/kIu7o4MlmfDhZAP9
I79GF+Xu9vSCFj9zWAugQqJDhEUEojMde4teNK8iJveXqF4am7ngjhHJo6st5S4O
DHP2IfydD/hzS5l6mgnPVnG0P2tw2GA7HhLDISA2Tb3kdkK2Qw9zPq+PT+Osy+DR
ELjX1tDPu1MybSsUQsu5Worb9k1bDyEO3ML0LLiSQdpYG2ZrlVDbeu+K2oMpgH0v
3OHRUYkZ1u5VDr4o4/YLywsr8Eq/BN3d57jhib89apDC/0o78gCmDi36YFMJHL5r
wJZ9OjmJRACfaCGhUiPXE3E0rJ1knyhQkzQ0YxCSJ2fBHWPj91EHzEX30oLpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUKS8GvCJ3jdjl8of79c1tldQoqSgwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzUzNzM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBg4w
DQYJKoZIhvcNAQELBQADggEBACQAaIBBQf1PCXvfMDNsX10+I4gJOe+zcan24ps4
lnFJB82yoNkqQKU99qlTAoicX4CZgSCf2kz9QGny+75SyLWVPsVJ5o6AboQY8Chg
XczwbfS/6RoMs2EnRC7f0DNwTcQbduGHn7jJL2sNDoBFP6qCtvCOkPYCboMOwWDG
DjIeswMiOjzJrENs+oIPWEVsGpy71ykr+IupqlMkLCX/lbQ5tezap47ZWBb3bQZ0
QkeLVQmFLet57067Y1DClhDBNc0m+Gx53Fx/W4ZiTjU7ChS+21vCP2IxaAJkM8u/
XCi8qwsnOhzrLyFAcWYusJ7FqT+hHq1SoAP1TIhYwipUxg4=
-----END CERTIFICATE-----