Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e20383334.roa
File:                     33312e362e322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          wRhcm9dOhcY/55RvuuY7LGW5vf3tC1+3hxTtoPfE/2Q=
Subject key identifier:   ED:18:80:44:BF:2C:1B:02:43:EE:E2:7B:24:E0:09:A2:C7:43:EE:FA
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       64F8522F620D5A1A32F68070C5B7E1C7E4CB7BB9
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e20383334.roa
Signing time:             Tue 17 Sep 2024 00:00:39 +0000
ROA not before:           Mon 16 Sep 2024 23:55:39 +0000
ROA not after:            Tue 16 Sep 2025 00:00:39 +0000
asID:                     834
IP address blocks:        31.6.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:f8:52:2f:62:0d:5a:1a:32:f6:80:70:c5:b7:e1:c7:e4:cb:7b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep 16 23:55:39 2024 GMT
            Not After : Sep 16 00:00:39 2025 GMT
        Subject: CN=ED188044BF2C1B0243EEE27B24E009A2C743EEFA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:65:4c:e6:ac:db:ab:07:c9:c7:e1:67:db:92:
                    20:db:40:59:f7:f2:46:19:bf:fe:01:71:e4:0a:c9:
                    7b:5d:a7:12:80:a7:71:d9:f4:0b:2f:49:e5:2e:45:
                    d3:50:10:e0:49:f3:55:1c:a2:b2:f3:8a:07:e9:39:
                    a5:0c:3b:9d:a9:cb:38:08:f2:28:b7:d1:64:a1:0c:
                    29:4a:ce:cd:e5:3d:5b:0a:ff:6d:20:6a:d7:eb:ab:
                    7c:13:ca:8b:ff:dc:57:22:89:76:29:ea:8b:53:89:
                    ed:cc:48:90:9d:a8:b6:81:66:40:2d:7a:db:50:bc:
                    2e:ea:8a:0a:c1:57:fa:17:31:58:c6:fb:d1:d2:60:
                    0b:28:10:e3:68:72:68:05:dd:cd:8e:c5:cc:6e:07:
                    4d:da:ae:ff:a2:df:f9:57:bd:35:15:f6:e4:92:71:
                    7f:01:db:0c:6e:5e:fa:0c:3b:e8:cd:02:ad:03:56:
                    8b:93:af:ae:87:f3:1c:f5:a5:9f:de:6e:5d:84:d1:
                    16:b2:fa:2d:07:4a:af:5b:14:05:e8:36:b4:3e:26:
                    6a:3e:f4:85:da:c2:eb:30:60:f7:8e:0b:79:1f:5f:
                    8e:45:1b:61:bf:81:e0:1b:52:5f:61:79:4d:9a:61:
                    b5:e6:f5:f8:30:6e:11:da:1e:76:86:d4:0b:7f:5c:
                    93:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:18:80:44:BF:2C:1B:02:43:EE:E2:7B:24:E0:09:A2:C7:43:EE:FA
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:2f:24:62:46:06:78:ea:96:08:ea:fa:da:75:6d:f1:24:a3:
         ff:f0:f6:57:11:ea:bf:57:90:00:aa:39:57:4d:ae:87:9b:3e:
         06:db:7f:96:68:0d:50:b5:de:eb:97:23:c1:c1:3b:09:f3:0c:
         ce:e3:80:d5:45:c1:c5:b3:9b:39:58:8a:d1:11:52:d6:db:df:
         34:be:19:b4:fb:2b:83:dd:e8:d9:4c:86:40:bb:13:01:51:0d:
         98:31:e4:9e:4c:62:50:f3:6d:6e:d0:b2:01:29:5c:33:e1:a6:
         32:05:94:71:97:ef:86:e7:50:81:51:c9:7b:b9:68:4c:34:fe:
         29:58:2b:53:56:2d:67:b5:9b:00:dc:2b:36:b8:4c:69:cc:1a:
         42:d9:0b:95:82:c0:38:1e:b1:2c:93:6c:4f:6a:44:52:c2:44:
         83:47:ae:33:7f:ae:82:8b:a6:a0:a0:ae:2b:4a:fa:f6:ea:29:
         d2:4e:1d:aa:6d:3c:58:94:ca:66:60:5a:e0:f2:57:5d:c9:b6:
         57:d2:12:b1:a7:5e:cd:b7:f0:e7:c8:e1:be:d9:47:85:bc:e9:
         f2:ab:9b:2c:da:85:a2:b5:1b:a8:2a:03:e9:6a:a0:1c:4a:82:
         f3:8d:26:a5:86:de:e2:3a:76:3c:87:6f:2e:7d:8d:ad:54:31:
         f3:6a:f7:9d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUZPhSL2INWhoy9oBwxbfhx+TLe7kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MTYyMzU1MzlaFw0yNTA5MTYwMDAwMzlaMDMxMTAvBgNV
BAMTKEVEMTg4MDQ0QkYyQzFCMDI0M0VFRTI3QjI0RTAwOUEyQzc0M0VFRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEZUzmrNurB8nH4WfbkiDbQFn3
8kYZv/4BceQKyXtdpxKAp3HZ9AsvSeUuRdNQEOBJ81UcorLzigfpOaUMO52pyzgI
8ii30WShDClKzs3lPVsK/20gatfrq3wTyov/3FciiXYp6otTie3MSJCdqLaBZkAt
ettQvC7qigrBV/oXMVjG+9HSYAsoEONocmgF3c2OxcxuB03arv+i3/lXvTUV9uSS
cX8B2wxuXvoMO+jNAq0DVouTr66H8xz1pZ/ebl2E0Ray+i0HSq9bFAXoNrQ+Jmo+
9IXawuswYPeOC3kfX45FG2G/geAbUl9heU2aYbXm9fgwbhHaHnaG1At/XJMHAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQU7RiARL8sGwJD7uJ7JOAJosdD7vowHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaEGCCsGAQUFBwELBIGUMIGRMIGOBggrBgEFBQcwC4aBgXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYCMA0GCSqGSIb3
DQEBCwUAA4IBAQAiLyRiRgZ46pYI6vradW3xJKP/8PZXEeq/V5AAqjlXTa6Hmz4G
23+WaA1Qtd7rlyPBwTsJ8wzO44DVRcHFs5s5WIrREVLW2980vhm0+yuD3ejZTIZA
uxMBUQ2YMeSeTGJQ821u0LIBKVwz4aYyBZRxl++G51CBUcl7uWhMNP4pWCtTVi1n
tZsA3Cs2uExpzBpC2QuVgsA4HrEsk2xPakRSwkSDR64zf66Ci6agoK4rSvr26inS
Th2qbTxYlMpmYFrg8lddybZX0hKxp17Nt/DnyOG+2UeFvOnyq5ss2oWitRuoKgPp
aqAcSoLzjSalht7iOnY8h28ufY2tVDHzaved
-----END CERTIFICATE-----