Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e20323134373935.roa
File:                     33312e362e32352e302f32342d3234203d3e20323134373935.roa (raw, json)
Hash identifier:          OHXXXXiTcToDdtk6QAgJeiHsWBvsiinreYh4COv5dec=
Subject key identifier:   A5:E3:F5:D3:FC:B0:C9:18:3E:BF:DB:D4:96:88:85:23:CD:2A:CC:AE
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       11D98DE0EDC5F34438E75C3A2F0C940ECF4518F7
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e20323134373935.roa
Signing time:             Thu 22 Aug 2024 17:47:48 +0000
ROA not before:           Thu 22 Aug 2024 17:42:48 +0000
ROA not after:            Thu 21 Aug 2025 17:47:48 +0000
asID:                     214795
IP address blocks:        31.6.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:d9:8d:e0:ed:c5:f3:44:38:e7:5c:3a:2f:0c:94:0e:cf:45:18:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug 22 17:42:48 2024 GMT
            Not After : Aug 21 17:47:48 2025 GMT
        Subject: CN=A5E3F5D3FCB0C9183EBFDBD496888523CD2ACCAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:74:4d:75:6c:e1:9c:89:88:48:1f:47:b7:b8:
                    49:ac:9a:12:e4:27:69:af:43:6c:c2:8b:ec:28:35:
                    38:55:2d:42:68:a0:68:d8:3a:53:9e:59:ff:a5:ca:
                    37:f8:36:20:1c:6c:e0:15:63:15:56:e9:d1:fb:77:
                    d5:14:51:25:33:0a:4e:7d:55:7d:35:9c:d2:56:9c:
                    45:2b:a0:73:89:d2:a6:8e:c1:0f:fd:a7:53:10:4f:
                    fc:49:01:44:7b:77:68:ac:e6:7f:e2:c3:d9:14:d3:
                    3a:bf:f4:64:7e:6b:ac:19:35:2a:3c:dc:e9:0e:f1:
                    31:77:03:13:be:1e:7b:07:73:bc:4a:c9:9f:0b:69:
                    03:ce:a5:e5:d3:62:8a:e9:c9:97:6e:93:82:1f:79:
                    ab:2f:d2:30:e9:37:40:1e:ee:f3:2f:de:9e:59:a6:
                    4d:07:72:c5:b7:e9:5e:97:a5:2b:fe:fe:2f:5e:0a:
                    a6:8f:6f:25:12:ec:8b:5c:57:3c:0f:8f:05:65:b2:
                    5b:e5:d1:51:79:a0:df:78:52:d7:6d:8b:c3:f8:2f:
                    a3:2c:37:3a:2a:92:01:46:1c:b7:c8:83:09:b7:d5:
                    a8:86:e6:2a:1a:00:b2:52:a8:7f:19:21:07:2b:64:
                    58:8d:21:37:bc:65:95:18:71:64:0d:d2:aa:4d:b3:
                    c8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:E3:F5:D3:FC:B0:C9:18:3E:BF:DB:D4:96:88:85:23:CD:2A:CC:AE
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e20323134373935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:78:aa:7f:10:90:bf:56:87:52:ce:e4:cb:3e:64:7b:fb:e6:
         cd:2f:ef:3a:de:a6:99:74:8b:44:7d:98:04:71:ac:e2:fe:c6:
         a9:00:75:c5:31:83:74:e7:93:ce:ad:2e:05:93:72:7e:d7:0f:
         fe:c2:6a:74:2c:1c:04:fa:f7:79:59:ca:c9:d4:95:8e:92:13:
         93:15:6d:72:c5:b8:9b:6b:7e:48:01:19:4a:80:6c:9f:e2:00:
         40:b7:0b:0e:52:8a:88:cd:d5:f8:a7:e1:37:ce:6c:8a:ae:c2:
         37:77:e5:cb:c4:8c:45:5a:9b:33:ce:e9:6c:f4:78:e2:3e:a4:
         c5:9a:ec:2b:e6:22:96:e4:93:d7:16:b5:f5:58:a0:7c:43:bb:
         b5:33:1f:c8:c5:77:66:cb:3f:5b:44:d7:47:3b:87:5b:ae:67:
         b5:f5:3e:50:47:3e:77:48:09:69:7c:8c:58:c6:5e:ee:dc:ce:
         60:8c:1d:a0:77:8a:31:71:c6:35:c7:97:d1:81:5c:50:a8:3c:
         f5:d1:7d:af:ec:17:9c:49:e2:18:ce:c5:a0:41:af:f7:3f:50:
         9b:2d:59:e8:ee:f0:68:ba:83:fe:87:6e:cd:72:5f:36:6f:cf:
         d0:a4:58:77:00:46:16:4e:6b:f2:f2:2a:c4:06:7d:ef:ed:ad:
         b2:e5:83:1e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUEdmN4O3F80Q451w6LwyUDs9FGPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA4MjIxNzQyNDhaFw0yNTA4MjExNzQ3NDhaMDMxMTAvBgNV
BAMTKEE1RTNGNUQzRkNCMEM5MTgzRUJGREJENDk2ODg4NTIzQ0QyQUNDQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTdE11bOGciYhIH0e3uEmsmhLk
J2mvQ2zCi+woNThVLUJooGjYOlOeWf+lyjf4NiAcbOAVYxVW6dH7d9UUUSUzCk59
VX01nNJWnEUroHOJ0qaOwQ/9p1MQT/xJAUR7d2is5n/iw9kU0zq/9GR+a6wZNSo8
3OkO8TF3AxO+HnsHc7xKyZ8LaQPOpeXTYorpyZduk4Ifeasv0jDpN0Ae7vMv3p5Z
pk0HcsW36V6XpSv+/i9eCqaPbyUS7ItcVzwPjwVlslvl0VF5oN94Utdti8P4L6Ms
NzoqkgFGHLfIgwm31aiG5ioaALJSqH8ZIQcrZFiNITe8ZZUYcWQN0qpNs8jHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUpeP10/ywyRg+v9vUloiFI80qzK4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzNzM5MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBhkw
DQYJKoZIhvcNAQELBQADggEBADJ4qn8QkL9Wh1LO5Ms+ZHv75s0v7zreppl0i0R9
mARxrOL+xqkAdcUxg3Tnk86tLgWTcn7XD/7CanQsHAT693lZysnUlY6SE5MVbXLF
uJtrfkgBGUqAbJ/iAEC3Cw5SiojN1fin4TfObIquwjd35cvEjEVamzPO6Wz0eOI+
pMWa7CvmIpbkk9cWtfVYoHxDu7UzH8jFd2bLP1tE10c7h1uuZ7X1PlBHPndICWl8
jFjGXu7czmCMHaB3ijFxxjXHl9GBXFCoPPXRfa/sF5xJ4hjOxaBBr/c/UJstWeju
8Gi6g/6Hbs1yXzZvz9CkWHcARhZOa/LyKsQGfe/trbLlgx4=
-----END CERTIFICATE-----