Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa
File:                     33312e362e322e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          ooT/cH11XfC/6Ni1WhX0rphZTSd+dnUWmna/vbDui0c=
Subject key identifier:   0D:2E:BF:74:09:46:2B:31:4A:1D:3E:F4:D7:1F:82:5E:04:65:A4:62
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       33EA3AFAEF3D5B3BC8B9EE169653482D981444E2
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa
Signing time:             Wed 18 Sep 2024 12:53:33 +0000
ROA not before:           Wed 18 Sep 2024 12:48:33 +0000
ROA not after:            Wed 17 Sep 2025 12:53:33 +0000
asID:                     29802
IP address blocks:        31.6.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 16:40:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:ea:3a:fa:ef:3d:5b:3b:c8:b9:ee:16:96:53:48:2d:98:14:44:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep 18 12:48:33 2024 GMT
            Not After : Sep 17 12:53:33 2025 GMT
        Subject: CN=0D2EBF7409462B314A1D3EF4D71F825E0465A462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:77:ad:1a:3f:ec:60:7c:2b:b3:ea:e4:15:e4:
                    0d:a7:de:42:0d:cc:78:d5:9f:81:34:60:bd:53:41:
                    8b:04:b3:f2:6b:63:fd:71:85:cf:ad:0f:57:aa:cc:
                    3e:21:77:1f:67:3f:45:3b:06:a2:85:d0:73:df:b0:
                    2f:19:07:80:80:e3:e3:d1:ac:1a:50:c9:d0:e3:de:
                    3b:7c:89:ce:da:04:b8:7d:e4:f4:da:3a:ee:27:47:
                    04:32:f0:27:de:23:0c:e1:07:29:e4:48:cb:d2:55:
                    b0:79:d0:a5:6c:42:15:b5:ab:5f:1c:9f:03:87:57:
                    3c:d2:02:07:60:3a:72:94:90:97:fe:19:8d:b8:80:
                    5a:67:58:dc:97:cc:34:8a:11:bf:c4:9b:ad:de:29:
                    83:e3:d9:c4:05:0b:85:da:9f:0b:ca:72:de:8c:fa:
                    95:bd:25:39:20:7e:91:73:df:69:5b:cb:94:7e:ef:
                    1a:fc:e9:fc:98:ec:3e:ea:86:4a:37:4a:2f:d1:ff:
                    96:6f:c8:d7:c4:5d:60:ba:5a:8b:03:97:0d:96:11:
                    52:73:45:4d:0b:a6:1c:d4:8a:da:84:e8:29:2d:93:
                    ac:0d:53:86:f7:1c:a0:b6:6e:c4:85:6d:cd:84:b7:
                    4b:68:29:56:fe:9b:d8:60:92:13:99:f6:d1:d4:10:
                    e2:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:2E:BF:74:09:46:2B:31:4A:1D:3E:F4:D7:1F:82:5E:04:65:A4:62
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3a:95:e3:07:3d:57:46:d1:e7:cf:00:87:ec:dc:9d:35:df:
         f5:94:bc:f1:8c:9e:0f:2c:3a:90:98:ea:3b:61:f0:a1:c8:ad:
         be:81:b3:23:f4:97:4e:c7:27:70:86:98:1d:e6:7f:32:73:1a:
         e0:e3:ba:35:26:68:01:e5:da:9d:9b:07:72:5c:14:44:c8:85:
         a5:86:d2:19:18:e2:98:2c:a0:ea:76:0e:38:d7:5e:a5:06:61:
         dc:ba:bf:e0:6d:82:39:e3:1d:a9:b9:55:f0:30:d2:ba:7b:cd:
         2e:76:82:ce:a3:09:01:7c:40:41:00:27:49:dd:4f:f5:ed:6c:
         08:f4:ad:19:8c:34:a2:84:1a:35:e4:47:ad:ef:9b:f0:ce:88:
         e8:08:a7:eb:d5:9d:2d:f1:32:52:f6:7a:0f:0f:06:2e:64:f1:
         25:81:e1:bd:ed:89:8b:b1:e8:4e:a1:b1:26:2e:95:c3:8b:bd:
         03:c1:e4:17:2e:b9:52:d3:00:a2:d1:ac:24:9d:4b:b7:b6:91:
         92:36:50:fc:ae:f1:1f:c2:d6:54:84:c8:90:5b:c3:33:9c:7b:
         ac:03:00:b1:aa:ad:b7:23:45:c6:52:17:4c:74:e1:c7:b8:be:
         a3:d9:f6:27:ca:04:cd:28:23:07:e0:c7:1e:5c:13:c4:33:99:
         c9:3b:7f:6a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUM+o6+u89WzvIue4WllNILZgUROIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MTgxMjQ4MzNaFw0yNTA5MTcxMjUzMzNaMDMxMTAvBgNV
BAMTKDBEMkVCRjc0MDk0NjJCMzE0QTFEM0VGNEQ3MUY4MjVFMDQ2NUE0NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd60aP+xgfCuz6uQV5A2n3kIN
zHjVn4E0YL1TQYsEs/JrY/1xhc+tD1eqzD4hdx9nP0U7BqKF0HPfsC8ZB4CA4+PR
rBpQydDj3jt8ic7aBLh95PTaOu4nRwQy8CfeIwzhBynkSMvSVbB50KVsQhW1q18c
nwOHVzzSAgdgOnKUkJf+GY24gFpnWNyXzDSKEb/Em63eKYPj2cQFC4XanwvKct6M
+pW9JTkgfpFz32lby5R+7xr86fyY7D7qhko3Si/R/5ZvyNfEXWC6WosDlw2WEVJz
RU0LphzUitqE6Cktk6wNU4b3HKC2bsSFbc2Et0toKVb+m9hgkhOZ9tHUEOKnAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUDS6/dAlGKzFKHT701x+CXgRlpGIwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GAjANBgkq
hkiG9w0BAQsFAAOCAQEAdDqV4wc9V0bR588Ah+zcnTXf9ZS88YyeDyw6kJjqO2Hw
ocitvoGzI/SXTscncIaYHeZ/MnMa4OO6NSZoAeXanZsHclwURMiFpYbSGRjimCyg
6nYOONdepQZh3Lq/4G2COeMdqblV8DDSunvNLnaCzqMJAXxAQQAnSd1P9e1sCPSt
GYw0ooQaNeRHre+b8M6I6Ain69WdLfEyUvZ6Dw8GLmTxJYHhve2Ji7HoTqGxJi6V
w4u9A8HkFy65UtMAotGsJJ1Lt7aRkjZQ/K7xH8LWVITIkFvDM5x7rAMAsaqttyNF
xlIXTHThx7i+o9n2J8oEzSgjB+DHHlwTxDOZyTt/ag==
-----END CERTIFICATE-----