Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31392e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31392e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          UZEhhhMntrof6QUsKfs/FemPl55vpUKV+6r0J3bBGCc=
Subject key identifier:   E5:7F:CE:97:E5:76:DF:42:3E:C1:02:A4:C4:DE:CF:FA:07:2C:A5:2B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       48B2398EC4522A20B9FCA003B75A976E55BB7E71
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31392e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     22363
IP address blocks:        31.6.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:b2:39:8e:c4:52:2a:20:b9:fc:a0:03:b7:5a:97:6e:55:bb:7e:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=E57FCE97E576DF423EC102A4C4DECFFA072CA52B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a4:32:e6:72:26:af:bb:e6:df:b6:01:5d:f7:
                    ae:60:e8:72:ca:a0:cf:21:c5:0c:3b:31:b4:b0:b5:
                    9d:a9:6b:0e:d3:8d:9a:a4:6c:da:8c:fe:d7:01:d8:
                    b5:33:9d:98:f6:c6:cc:a6:42:3a:8c:e2:bb:74:b9:
                    c4:74:57:c2:8d:61:ec:65:65:1b:49:b1:28:84:e9:
                    76:0e:b7:a4:af:b0:67:59:24:76:7a:f5:89:69:54:
                    bb:09:d3:db:76:14:7e:c7:96:f6:b9:7b:10:fd:14:
                    1e:c0:f8:2c:3c:4b:fb:3f:cf:c4:8b:ca:85:99:d7:
                    32:e8:90:71:7f:49:50:41:1e:e9:4a:1d:b3:fd:e5:
                    3b:bc:8d:d5:72:83:91:67:59:ff:96:38:7e:40:17:
                    23:53:28:2b:4b:46:09:ae:fb:8c:d2:1c:81:d1:de:
                    c8:a1:67:0d:ed:fc:20:7a:34:c6:6c:db:69:c2:5b:
                    62:33:4a:53:e1:2e:49:6a:3f:c9:11:c1:ff:ff:d6:
                    e7:d8:a4:33:55:e0:fc:60:05:76:5b:74:21:d6:ad:
                    7c:b9:94:fb:b4:1c:28:e6:a5:f3:e0:e8:69:0d:d9:
                    e3:54:38:42:15:db:be:16:47:eb:ae:97:0f:be:f9:
                    d3:f9:6a:05:41:8e:4b:8c:2e:db:8f:06:aa:f0:21:
                    0c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7F:CE:97:E5:76:DF:42:3E:C1:02:A4:C4:DE:CF:FA:07:2C:A5:2B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31392e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:0b:20:70:81:ef:1b:9f:fa:3c:78:8b:da:9d:6e:49:49:aa:
         ee:c7:45:b6:cf:a5:4d:20:47:6b:f4:08:25:39:82:1d:42:cc:
         89:5f:d9:17:22:87:7c:d5:dd:e7:05:c3:a6:c0:62:3a:65:b7:
         97:19:72:43:ce:6a:84:6d:ea:ae:c7:09:d2:b8:b0:4b:b5:aa:
         74:25:c7:9e:20:b4:84:db:03:79:36:7c:80:b9:7e:4a:b5:a4:
         ce:4d:df:95:45:87:bd:5a:7a:d6:84:40:3e:f7:16:a0:a3:2e:
         3a:f3:81:24:79:70:31:8b:23:68:77:7f:66:50:67:81:4e:bd:
         b7:d5:df:9a:3d:ef:6a:7a:62:15:b1:22:47:14:cd:8f:2f:59:
         f1:50:e6:2e:ff:cf:53:b5:f8:0a:86:3f:6f:a8:97:3d:dc:94:
         20:56:98:f9:75:21:b8:c5:ed:72:62:39:35:6b:0e:e7:89:41:
         d6:e2:21:c2:19:19:85:4f:75:ae:3f:69:18:9a:67:da:cf:15:
         6b:ee:00:07:ad:39:c8:c1:bf:c1:0f:3a:d1:4d:39:6a:21:95:
         9d:15:23:7d:62:42:44:e7:f9:ae:f9:ad:16:47:3d:43:ad:e7:
         55:5e:e0:b1:ae:69:64:ea:0d:5b:15:ea:5b:72:1e:12:f1:1d:
         75:55:41:61
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSLI5jsRSKiC5/KADt1qXblW7fnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKEU1N0ZDRTk3RTU3NkRGNDIzRUMxMDJBNEM0REVDRkZBMDcyQ0E1MkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUpDLmciavu+bftgFd965g6HLK
oM8hxQw7MbSwtZ2paw7TjZqkbNqM/tcB2LUznZj2xsymQjqM4rt0ucR0V8KNYexl
ZRtJsSiE6XYOt6SvsGdZJHZ69YlpVLsJ09t2FH7Hlva5exD9FB7A+Cw8S/s/z8SL
yoWZ1zLokHF/SVBBHulKHbP95Tu8jdVyg5FnWf+WOH5AFyNTKCtLRgmu+4zSHIHR
3sihZw3t/CB6NMZs22nCW2IzSlPhLklqP8kRwf//1ufYpDNV4PxgBXZbdCHWrXy5
lPu0HCjmpfPg6GkN2eNUOEIV274WR+uulw+++dP5agVBjkuMLtuPBqrwIQx5AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU5X/Ol+V230I+wQKkxN7P+gcspSswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYTMA0G
CSqGSIb3DQEBCwUAA4IBAQBwCyBwge8bn/o8eIvanW5JSarux0W2z6VNIEdr9Agl
OYIdQsyJX9kXIod81d3nBcOmwGI6ZbeXGXJDzmqEbequxwnSuLBLtap0JceeILSE
2wN5NnyAuX5KtaTOTd+VRYe9WnrWhEA+9xagoy4684EkeXAxiyNod39mUGeBTr23
1d+aPe9qemIVsSJHFM2PL1nxUOYu/89TtfgKhj9vqJc93JQgVpj5dSG4xe1yYjk1
aw7niUHW4iHCGRmFT3WuP2kYmmfazxVr7gAHrTnIwb/BDzrRTTlqIZWdFSN9YkJE
5/mu+a0WRz1DredVXuCxrmlk6g1bFepbch4S8R11VUFh
-----END CERTIFICATE-----