Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32342e302f32342d3234203d3e203534323532.roa
File:                     33312e362e32342e302f32342d3234203d3e203534323532.roa (raw, json)
Hash identifier:          HEOignUX7KB2nBJFFAHKRO8oNeEaqIrqtFvPwmzwOKU=
Subject key identifier:   D5:3D:DC:7B:9A:43:D8:C3:F7:BA:16:BF:85:61:27:D6:A4:58:31:44
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       625D5E3B29C51571ACC61D7F033E554DD95BBEF4
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32342e302f32342d3234203d3e203534323532.roa
Signing time:             Tue 29 Oct 2024 18:43:26 +0000
ROA not before:           Tue 29 Oct 2024 18:38:26 +0000
ROA not after:            Tue 28 Oct 2025 18:43:26 +0000
asID:                     54252
IP address blocks:        31.6.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:5d:5e:3b:29:c5:15:71:ac:c6:1d:7f:03:3e:55:4d:d9:5b:be:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct 29 18:38:26 2024 GMT
            Not After : Oct 28 18:43:26 2025 GMT
        Subject: CN=D53DDC7B9A43D8C3F7BA16BF856127D6A4583144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e3:32:b2:3e:a9:5d:a3:0a:7e:a2:bf:3a:7d:
                    d2:7e:46:cd:91:a1:df:0d:c4:ed:65:e0:00:58:6f:
                    52:02:08:f2:8e:a0:96:fe:46:7a:89:2c:8a:ad:fe:
                    37:e1:47:cd:7d:b6:e5:1d:7e:11:8e:6e:6b:2f:f8:
                    c1:5c:bd:00:2e:c8:cd:6b:52:bd:b3:20:13:42:18:
                    2f:b5:26:86:fe:7b:a4:d9:22:2c:1f:ac:4d:27:02:
                    d1:e0:7c:bc:bc:13:df:b0:de:dc:24:38:bc:0b:44:
                    b8:a2:bb:8b:37:52:61:5b:47:58:59:f2:0d:e7:8b:
                    c0:34:7f:c0:b4:fd:9a:02:80:da:71:c8:27:86:29:
                    2a:f8:9f:ba:b1:33:60:0c:fc:1a:71:f9:44:a9:9a:
                    13:2c:c8:54:fc:36:72:f2:c0:a6:3a:7e:b5:63:43:
                    3d:50:9e:37:9e:84:9b:14:f4:b4:a2:00:11:f0:ee:
                    8e:39:83:a9:5d:3c:c4:88:53:2e:45:45:cb:ac:6f:
                    34:36:38:02:97:a9:56:7a:c0:e5:4b:2e:05:8e:94:
                    94:3f:40:06:d8:a2:c1:ab:94:28:54:33:96:45:fe:
                    0f:f3:23:0b:40:01:c9:8b:fa:d0:fb:04:65:c0:94:
                    85:da:53:71:9c:eb:6a:b3:df:56:14:a1:70:ae:29:
                    f7:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:3D:DC:7B:9A:43:D8:C3:F7:BA:16:BF:85:61:27:D6:A4:58:31:44
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32342e302f32342d3234203d3e203534323532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:7d:5b:7a:1b:cb:16:bc:51:a0:22:4a:8e:f8:08:a8:81:17:
         6b:5b:dd:3b:17:c0:1f:18:9a:f3:ab:79:29:e6:9b:6e:df:e7:
         0f:5d:50:96:3a:e5:f0:41:25:66:8b:b1:97:9a:48:8e:9f:99:
         c8:47:0a:e7:5d:cc:5d:b5:f1:e7:ec:f1:ba:0f:18:cd:f2:36:
         b9:76:1c:11:46:cf:d1:b4:ae:a9:ad:40:44:cc:0a:63:42:b5:
         0a:82:45:ae:0e:ea:f4:a3:89:92:ec:6d:69:30:72:1b:ea:93:
         55:27:57:d2:e2:cd:ba:5d:16:f1:58:f0:2f:9b:dd:d2:a4:b7:
         9c:4d:e8:9c:2d:50:25:26:d3:ee:84:15:59:97:95:fc:66:ca:
         30:81:b7:c5:32:f2:36:0b:8f:7e:60:b9:74:af:f3:91:f3:0d:
         53:3f:c3:d2:7d:01:fd:fe:a4:e3:aa:94:89:6d:fa:ae:fa:cf:
         45:5d:33:08:bb:63:c1:78:da:87:dd:f7:fa:56:f8:3f:47:da:
         09:26:de:42:e1:73:13:88:11:cd:76:54:f3:07:26:fa:09:61:
         b1:2c:94:db:d2:18:dc:3c:53:92:2d:b2:71:33:6b:cb:9d:27:
         9a:b4:49:1c:68:b8:04:64:79:30:58:ca:e4:d2:9c:c3:21:db:
         21:9b:12:31
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYl1eOynFFXGsxh1/Az5VTdlbvvQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDEwMjkxODM4MjZaFw0yNTEwMjgxODQzMjZaMDMxMTAvBgNV
BAMTKEQ1M0REQzdCOUE0M0Q4QzNGN0JBMTZCRjg1NjEyN0Q2QTQ1ODMxNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ4zKyPqldowp+or86fdJ+Rs2R
od8NxO1l4ABYb1ICCPKOoJb+RnqJLIqt/jfhR819tuUdfhGObmsv+MFcvQAuyM1r
Ur2zIBNCGC+1Job+e6TZIiwfrE0nAtHgfLy8E9+w3twkOLwLRLiiu4s3UmFbR1hZ
8g3ni8A0f8C0/ZoCgNpxyCeGKSr4n7qxM2AM/Bpx+USpmhMsyFT8NnLywKY6frVj
Qz1QnjeehJsU9LSiABHw7o45g6ldPMSIUy5FRcusbzQ2OAKXqVZ6wOVLLgWOlJQ/
QAbYosGrlChUM5ZF/g/zIwtAAcmL+tD7BGXAlIXaU3Gc62qz31YUoXCuKfcDAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU1T3ce5pD2MP3uha/hWEn1qRYMUQwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM0MzIzNTMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYYMA0G
CSqGSIb3DQEBCwUAA4IBAQAXfVt6G8sWvFGgIkqO+AiogRdrW907F8AfGJrzq3kp
5ptu3+cPXVCWOuXwQSVmi7GXmkiOn5nIRwrnXcxdtfHn7PG6DxjN8ja5dhwRRs/R
tK6prUBEzApjQrUKgkWuDur0o4mS7G1pMHIb6pNVJ1fS4s26XRbxWPAvm93SpLec
TeicLVAlJtPuhBVZl5X8ZsowgbfFMvI2C49+YLl0r/OR8w1TP8PSfQH9/qTjqpSJ
bfqu+s9FXTMIu2PBeNqH3ff6Vvg/R9oJJt5C4XMTiBHNdlTzByb6CWGxLJTb0hjc
PFOSLbJxM2vLnSeatEkcaLgEZHkwWMrk0pzDIdshmxIx
-----END CERTIFICATE-----