Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32312e302f32342d3234203d3e203232333633.roa
File:                     33312e362e32312e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          hUSWaD2CprhsvB5GND2BCt7jaPa5GEIXOZX16HcIrR8=
Subject key identifier:   01:27:74:6E:F9:6B:02:28:0B:5D:CA:68:B7:38:D5:5C:1B:93:DA:E0
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       65AE5D8C88361B81BD31EE20F43901B08DB80576
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32312e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ae:5d:8c:88:36:1b:81:bd:31:ee:20:f4:39:01:b0:8d:b8:05:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=0127746EF96B02280B5DCA68B738D55C1B93DAE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6d:b7:67:09:66:0f:26:db:db:bd:6e:72:4e:
                    5a:7b:41:5c:ee:33:1c:78:2d:cc:26:91:35:36:e8:
                    60:80:70:8e:09:9e:57:df:92:e7:09:ca:4f:32:b6:
                    bc:59:22:f2:cb:ce:95:60:f4:0b:5b:00:8f:da:28:
                    e7:ca:f0:dd:e2:28:70:cf:f6:d2:08:80:9a:df:08:
                    6a:d6:22:31:03:29:9d:5d:56:7d:c4:89:1c:f7:b4:
                    bc:31:6d:59:20:23:73:49:a2:c2:fd:27:96:d0:6b:
                    f1:c2:44:db:b0:0a:07:d6:eb:c4:09:c7:46:ba:78:
                    e2:b5:47:c7:da:92:0b:85:fd:c8:93:03:51:59:7d:
                    03:e1:cc:98:07:9d:ab:29:d8:f0:75:82:bb:57:64:
                    05:31:9f:65:7d:2b:f8:35:d6:75:a6:50:f9:6c:f9:
                    37:a1:cd:2e:c4:14:6d:f4:06:01:a0:28:c0:27:fc:
                    43:0b:f6:99:a3:4c:d1:36:03:52:ba:f1:fd:70:e6:
                    eb:99:b1:88:fd:0f:c5:91:f4:00:b5:7b:69:b0:a0:
                    d1:2d:28:cc:fc:0d:86:ee:34:fd:39:e0:9f:7d:73:
                    32:bd:38:a7:3e:a8:26:8b:16:99:65:fe:4c:71:89:
                    03:31:85:1d:88:97:37:09:9e:7c:7f:73:5b:f5:f2:
                    44:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:27:74:6E:F9:6B:02:28:0B:5D:CA:68:B7:38:D5:5C:1B:93:DA:E0
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32312e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:83:de:f2:b2:47:08:1e:7f:1e:40:24:a9:aa:25:e9:e0:fa:
         19:82:9e:ba:15:65:94:ab:e1:bc:0e:3a:52:a8:00:31:5e:11:
         e2:26:43:e0:46:aa:99:25:d9:2c:ed:ae:0d:08:cd:2a:2e:7d:
         3a:d4:b9:84:03:57:b2:2d:78:aa:89:58:01:7a:bb:ec:f0:c0:
         6f:0d:f4:e7:2e:19:c5:51:c5:07:65:ff:bc:28:0c:7b:55:79:
         9c:4e:7c:c2:00:2b:05:f7:93:4b:05:ca:4a:89:ce:c1:f5:ef:
         34:ba:0c:28:07:04:86:83:f1:e9:00:1b:cc:33:7d:9d:08:71:
         d3:b4:b7:f5:50:ee:82:11:45:97:13:98:51:54:d2:d1:8c:89:
         56:98:2e:7e:0e:a0:98:1f:fa:b0:30:71:1c:aa:38:2f:2c:46:
         58:52:19:79:52:c6:85:ae:cd:08:29:ca:57:56:60:52:e2:9e:
         59:00:49:37:a5:7b:94:c9:a5:96:be:a7:ea:21:fa:6c:ae:15:
         3a:53:b9:77:fc:a8:43:c8:9d:f4:66:02:3b:6a:75:83:a6:aa:
         69:f4:b5:2b:4f:c2:97:df:63:43:01:79:76:28:6c:56:45:cc:
         55:36:2c:b9:03:60:4a:e9:ec:08:63:4a:ad:61:c7:70:64:9b:
         40:ca:f8:73
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZa5djIg2G4G9Me4g9DkBsI24BXYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKDAxMjc3NDZFRjk2QjAyMjgwQjVEQ0E2OEI3MzhENTVDMUI5M0RBRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXbbdnCWYPJtvbvW5yTlp7QVzu
Mxx4LcwmkTU26GCAcI4JnlffkucJyk8ytrxZIvLLzpVg9AtbAI/aKOfK8N3iKHDP
9tIIgJrfCGrWIjEDKZ1dVn3EiRz3tLwxbVkgI3NJosL9J5bQa/HCRNuwCgfW68QJ
x0a6eOK1R8fakguF/ciTA1FZfQPhzJgHnasp2PB1grtXZAUxn2V9K/g11nWmUPls
+TehzS7EFG30BgGgKMAn/EML9pmjTNE2A1K68f1w5uuZsYj9D8WR9AC1e2mwoNEt
KMz8DYbuNP054J99czK9OKc+qCaLFpll/kxxiQMxhR2IlzcJnnx/c1v18kR/AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUASd0bvlrAigLXcpotzjVXBuT2uAwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYVMA0G
CSqGSIb3DQEBCwUAA4IBAQBvg97yskcIHn8eQCSpqiXp4PoZgp66FWWUq+G8DjpS
qAAxXhHiJkPgRqqZJdks7a4NCM0qLn061LmEA1eyLXiqiVgBervs8MBvDfTnLhnF
UcUHZf+8KAx7VXmcTnzCACsF95NLBcpKic7B9e80ugwoBwSGg/HpABvMM32dCHHT
tLf1UO6CEUWXE5hRVNLRjIlWmC5+DqCYH/qwMHEcqjgvLEZYUhl5UsaFrs0IKcpX
VmBS4p5ZAEk3pXuUyaWWvqfqIfpsrhU6U7l3/KhDyJ30ZgI7anWDpqpp9LUrT8KX
32NDAXl2KGxWRcxVNiy5A2BK6ewIY0qtYcdwZJtAyvhz
-----END CERTIFICATE-----