Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32332e302f32342d3234203d3e203232333633.roa
File:                     33312e362e32332e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          yFK3Auj7LbtmItg9MoYTJcxixjcF00B/Ef0dYf2KrdE=
Subject key identifier:   81:BC:AC:F1:15:C3:CD:E9:58:11:F8:FE:D1:CF:6B:51:BE:29:30:EF
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       6D7F1C5140C6C812E9143F88DCC72EBA8B9845CF
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32332e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:7f:1c:51:40:c6:c8:12:e9:14:3f:88:dc:c7:2e:ba:8b:98:45:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=81BCACF115C3CDE95811F8FED1CF6B51BE2930EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:35:1f:26:d9:21:2a:df:3c:39:b7:7f:77:02:
                    84:c9:72:d9:4a:d3:8c:96:d8:7f:3b:9c:e8:34:8c:
                    1c:1a:37:87:9b:24:cf:f3:d3:a2:fe:10:af:69:9c:
                    33:76:d7:1e:57:40:1f:93:09:f5:08:e8:58:5f:c3:
                    48:c6:9a:37:59:38:fb:65:aa:6a:06:af:01:89:a8:
                    f9:31:ac:8a:69:dd:42:bd:be:8e:1e:25:7e:8f:23:
                    7b:e3:6c:c6:c4:33:40:64:5d:a0:95:1f:29:7c:9d:
                    0d:70:1b:9c:c5:df:08:8f:03:19:d4:f3:8d:a3:4c:
                    de:26:57:7c:91:ce:d8:c7:0f:5d:a6:50:d7:49:df:
                    7e:c5:91:25:4e:b6:b8:86:ad:b9:10:9f:07:9e:94:
                    e0:a9:6b:82:d2:c7:f2:7b:0e:0d:23:3f:3b:0c:13:
                    da:7a:4f:27:69:3e:3f:35:be:94:6b:c7:06:17:9e:
                    da:fe:eb:75:9e:3f:29:e3:76:8b:70:bd:fa:9a:96:
                    6f:e1:c7:80:ea:1c:e9:32:1c:be:32:ca:45:8d:8e:
                    71:45:71:4a:63:b9:d9:3e:69:b8:f2:95:ed:d4:a0:
                    32:f5:64:82:ca:11:17:c0:77:8f:66:d7:9c:86:b6:
                    47:9e:ee:10:ee:a4:d9:ff:94:ab:a2:f2:7e:a9:aa:
                    d8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:BC:AC:F1:15:C3:CD:E9:58:11:F8:FE:D1:CF:6B:51:BE:29:30:EF
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32332e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:0f:ad:d1:43:5a:8a:a2:e2:22:a5:af:c9:80:db:fa:36:25:
         bc:27:55:92:dc:8b:53:a4:e3:03:8f:3e:df:4b:f3:0d:cf:b8:
         ce:06:a3:d3:d1:7d:23:50:b4:e3:25:4a:f3:a1:b9:b6:05:98:
         e7:39:da:27:62:e7:a1:f4:d4:6e:72:b0:9b:df:34:d9:cb:95:
         eb:e7:3b:02:c5:d0:87:b4:92:47:7d:f3:90:26:3c:b3:4a:2c:
         dd:df:2b:1e:24:4b:a9:0a:a6:23:fb:5d:cd:39:68:55:e8:ce:
         83:e4:af:99:0e:5b:d0:c5:22:92:60:15:2c:8b:e5:2a:62:27:
         c1:5d:2b:ce:fa:e2:8e:20:91:c1:34:42:14:36:20:6f:76:f5:
         97:f2:af:e5:a4:44:46:d1:09:98:28:86:8d:67:ec:0e:e9:47:
         23:f4:4b:e1:9b:cc:d6:0d:38:ac:a8:b5:78:ce:d9:80:6e:88:
         2b:51:02:09:7a:94:4b:6b:dc:37:7a:56:02:c4:99:bf:fb:cb:
         d7:48:b0:6a:51:cd:c8:2d:0b:fc:8d:2c:1f:d5:79:82:4d:10:
         2c:9f:69:00:e2:b2:85:ee:6d:37:c0:39:51:aa:64:17:ec:31:
         2a:2b:5c:d1:72:52:76:12:46:4e:a6:fc:e9:32:35:a1:4b:5d:
         de:0d:17:65
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUbX8cUUDGyBLpFD+I3McuuouYRc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKDgxQkNBQ0YxMTVDM0NERTk1ODExRjhGRUQxQ0Y2QjUxQkUyOTMwRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwNR8m2SEq3zw5t393AoTJctlK
04yW2H87nOg0jBwaN4ebJM/z06L+EK9pnDN21x5XQB+TCfUI6Fhfw0jGmjdZOPtl
qmoGrwGJqPkxrIpp3UK9vo4eJX6PI3vjbMbEM0BkXaCVHyl8nQ1wG5zF3wiPAxnU
842jTN4mV3yRztjHD12mUNdJ337FkSVOtriGrbkQnweelOCpa4LSx/J7Dg0jPzsM
E9p6TydpPj81vpRrxwYXntr+63WePynjdotwvfqalm/hx4DqHOkyHL4yykWNjnFF
cUpjudk+abjyle3UoDL1ZILKERfAd49m15yGtkee7hDupNn/lKui8n6pqthxAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUgbys8RXDzelYEfj+0c9rUb4pMO8wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYXMA0G
CSqGSIb3DQEBCwUAA4IBAQACD63RQ1qKouIipa/JgNv6NiW8J1WS3ItTpOMDjz7f
S/MNz7jOBqPT0X0jULTjJUrzobm2BZjnOdonYueh9NRucrCb3zTZy5Xr5zsCxdCH
tJJHffOQJjyzSizd3yseJEupCqYj+13NOWhV6M6D5K+ZDlvQxSKSYBUsi+UqYifB
XSvO+uKOIJHBNEIUNiBvdvWX8q/lpERG0QmYKIaNZ+wO6Ucj9Evhm8zWDTisqLV4
ztmAbogrUQIJepRLa9w3elYCxJm/+8vXSLBqUc3ILQv8jSwf1XmCTRAsn2kA4rKF
7m03wDlRqmQX7DEqK1zRclJ2EkZOpvzpMjWhS13eDRdl
-----END CERTIFICATE-----