Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31382e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31382e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          fIb8HWdC97GMsBo5USSi33FG2epa090vQfdxLaEOxAo=
Subject key identifier:   BA:42:3C:E0:81:70:0A:8F:9B:A4:CF:74:F0:4A:91:D8:5B:2F:EB:28
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       3293FA7512704C887B475A8DDF332A3183AC8055
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31382e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     22363
IP address blocks:        31.6.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:93:fa:75:12:70:4c:88:7b:47:5a:8d:df:33:2a:31:83:ac:80:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=BA423CE081700A8F9BA4CF74F04A91D85B2FEB28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:85:19:ac:fe:78:74:6c:45:88:7f:22:f9:a2:
                    77:3b:bd:f2:70:ba:14:c5:08:e9:ea:ee:af:e8:95:
                    cf:5d:09:95:34:74:a8:89:a9:93:df:bc:39:9a:ff:
                    b2:ad:6b:11:9a:1a:5d:f8:14:1a:f4:2a:fa:96:3b:
                    81:21:d5:54:91:1e:67:bb:25:b2:66:ce:4f:38:80:
                    18:9c:c0:82:5f:33:17:d2:48:fe:a7:52:d8:37:da:
                    f7:1f:cb:0e:3a:87:3e:86:9f:33:54:07:9a:b2:a5:
                    29:87:df:98:15:3d:4e:5e:2a:5c:31:f2:d0:4f:d9:
                    c2:c2:a6:23:41:86:57:3a:23:b4:cd:cb:84:10:4e:
                    24:ee:0f:27:8f:31:6f:6c:6b:c0:33:fc:c1:5a:f5:
                    40:95:34:9a:ef:0c:67:d6:fd:e4:af:f0:93:a9:53:
                    36:6f:07:72:de:3a:8f:6c:21:e8:85:bb:11:a4:58:
                    2f:fb:eb:d9:f6:38:be:b4:01:fa:69:9a:cc:05:82:
                    40:85:1a:38:77:62:57:22:ac:a6:73:65:8d:e3:11:
                    9e:37:6e:37:09:01:a6:6e:ca:30:3d:7b:25:96:74:
                    32:f1:98:14:df:69:d3:27:a4:0f:4b:99:08:14:ee:
                    12:b7:8b:19:2e:2f:6e:61:39:94:f6:cb:21:04:50:
                    4d:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:42:3C:E0:81:70:0A:8F:9B:A4:CF:74:F0:4A:91:D8:5B:2F:EB:28
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31382e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:04:8c:c4:fc:8b:79:cc:4c:db:5f:b9:ee:0c:d5:6f:cb:c8:
         8d:ff:19:28:b0:2e:ef:f8:05:eb:7f:11:5d:2a:94:84:d7:5a:
         31:91:e0:ee:61:10:81:95:c3:38:e1:33:df:c7:43:a5:de:2c:
         37:d1:50:11:46:c9:c8:6c:80:a6:c5:c6:b2:bb:2c:d4:8b:29:
         2f:73:25:5d:54:46:8c:57:ff:f4:bb:de:16:ad:b0:fe:f0:05:
         a1:49:1e:8f:2c:26:84:8e:7c:45:08:0a:ac:3b:d3:1a:22:6c:
         0f:cf:5b:99:b4:00:cd:72:50:76:60:8f:88:41:48:3b:c2:71:
         78:2c:bb:5a:7c:64:29:3c:de:d7:3f:52:69:de:e4:59:3e:92:
         65:e9:5f:62:5b:ee:3a:23:32:e2:92:92:f1:44:5b:59:fd:f0:
         20:e5:cf:df:d4:03:53:21:f0:37:65:16:a0:8f:31:e2:65:23:
         13:fb:d6:ad:fa:dd:33:c1:e9:53:1c:b9:94:93:c7:1b:cb:98:
         78:d6:63:59:6d:82:1b:8c:78:26:16:76:f5:b1:70:f5:a5:77:
         b3:ef:03:75:f8:d5:a6:b9:26:a0:b6:fd:a4:16:bb:66:ea:66:
         16:fb:bb:18:25:c1:fd:1b:c8:05:fe:5a:72:05:a9:70:30:85:
         ac:76:54:c2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMpP6dRJwTIh7R1qN3zMqMYOsgFUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKEJBNDIzQ0UwODE3MDBBOEY5QkE0Q0Y3NEYwNEE5MUQ4NUIyRkVCMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzhRms/nh0bEWIfyL5onc7vfJw
uhTFCOnq7q/olc9dCZU0dKiJqZPfvDma/7KtaxGaGl34FBr0KvqWO4Eh1VSRHme7
JbJmzk84gBicwIJfMxfSSP6nUtg32vcfyw46hz6GnzNUB5qypSmH35gVPU5eKlwx
8tBP2cLCpiNBhlc6I7TNy4QQTiTuDyePMW9sa8Az/MFa9UCVNJrvDGfW/eSv8JOp
UzZvB3LeOo9sIeiFuxGkWC/769n2OL60AfppmswFgkCFGjh3YlcirKZzZY3jEZ43
bjcJAaZuyjA9eyWWdDLxmBTfadMnpA9LmQgU7hK3ixkuL25hOZT2yyEEUE0fAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUukI84IFwCo+bpM908EqR2Fsv6ygwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYSMA0G
CSqGSIb3DQEBCwUAA4IBAQBdBIzE/It5zEzbX7nuDNVvy8iN/xkosC7v+AXrfxFd
KpSE11oxkeDuYRCBlcM44TPfx0Ol3iw30VARRsnIbICmxcayuyzUiykvcyVdVEaM
V//0u94WrbD+8AWhSR6PLCaEjnxFCAqsO9MaImwPz1uZtADNclB2YI+IQUg7wnF4
LLtafGQpPN7XP1Jp3uRZPpJl6V9iW+46IzLikpLxRFtZ/fAg5c/f1ANTIfA3ZRag
jzHiZSMT+9at+t0zwelTHLmUk8cby5h41mNZbYIbjHgmFnb1sXD1pXez7wN1+NWm
uSagtv2kFrtm6mYW+7sYJcH9G8gF/lpyBalwMIWsdlTC
-----END CERTIFICATE-----