Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32362e302f32342d3234203d3e203230343733.roa
File:                     33312e362e32362e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          CZEPIECsB/25+UAgoCVr1DKqapEThkN7EKCelQZN7B0=
Subject key identifier:   3A:19:C8:EB:F6:F3:70:55:BE:48:70:0F:B1:A9:73:17:6E:5B:25:31
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0C8BA7B121A2F798D092EBF7312FC4DA9D4D99B2
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32362e302f32342d3234203d3e203230343733.roa
Signing time:             Thu 14 Nov 2024 16:51:10 +0000
ROA not before:           Thu 14 Nov 2024 16:46:10 +0000
ROA not after:            Thu 13 Nov 2025 16:51:10 +0000
asID:                     20473
IP address blocks:        31.6.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:8b:a7:b1:21:a2:f7:98:d0:92:eb:f7:31:2f:c4:da:9d:4d:99:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 14 16:46:10 2024 GMT
            Not After : Nov 13 16:51:10 2025 GMT
        Subject: CN=3A19C8EBF6F37055BE48700FB1A973176E5B2531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8b:4f:86:8d:86:b9:4f:2c:98:3b:17:a0:ce:
                    82:cb:b2:dd:bb:91:78:a8:e3:95:0a:47:fc:15:0f:
                    d9:de:e0:a3:e1:15:d7:ea:2f:5d:b3:2e:9d:b9:58:
                    b7:5f:04:dd:f9:e0:1f:b0:b4:4b:9c:4b:cb:3e:6a:
                    eb:cb:16:a5:ef:05:20:c4:7a:96:04:2a:72:12:7e:
                    66:2a:32:65:74:37:39:15:3b:f4:b5:08:4e:56:76:
                    0f:15:3f:9e:64:8c:11:1f:5e:6f:9a:ab:2c:08:3f:
                    8c:ad:ae:b1:8e:0c:ca:ba:40:69:51:71:e6:7b:ec:
                    b6:a2:c6:50:d4:9f:8b:d2:16:23:37:11:8b:48:6c:
                    00:aa:a2:7e:e0:c0:f5:0b:00:1f:78:48:c1:7c:2e:
                    11:83:b5:e0:4d:03:3c:24:36:77:ff:0b:1e:f9:f8:
                    17:fb:06:28:af:0f:c5:b6:0e:42:c2:ae:1a:2f:ae:
                    ed:ba:7c:06:0a:56:15:94:6b:e7:32:c6:78:4b:5f:
                    5d:ff:02:c0:ce:83:bf:8e:d8:6c:7e:84:4a:9f:f0:
                    bf:c7:97:d2:0d:05:12:6b:42:02:f2:d4:43:1f:d1:
                    f8:97:54:9c:5c:99:02:b2:a8:dd:8a:35:f0:b2:18:
                    e6:38:63:24:19:7e:59:17:59:35:a8:82:fb:cd:8c:
                    b9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:19:C8:EB:F6:F3:70:55:BE:48:70:0F:B1:A9:73:17:6E:5B:25:31
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32362e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:71:3a:7c:81:ec:e1:f2:54:21:8f:26:b0:8a:3d:0b:49:9a:
         c8:f7:4d:13:6d:ee:0c:f1:e4:e3:5e:9c:ef:87:c7:c3:24:af:
         0f:10:5a:10:fa:52:0f:0b:7a:2c:88:e6:86:5f:5a:e4:11:9a:
         b4:b7:0f:da:2a:5c:90:fd:7a:b0:7b:41:d8:10:5f:91:ae:26:
         2b:60:c0:92:c9:4d:95:65:42:6f:74:09:fc:39:13:9b:52:3b:
         ff:2b:5e:9d:8f:7c:b3:0a:f7:90:1c:7e:3a:15:71:f0:b2:5f:
         11:25:2b:49:39:ac:57:72:e6:92:60:17:4b:7e:e2:1f:c5:19:
         6f:08:f3:00:d2:73:f6:2a:3b:ba:6a:10:92:8e:ce:81:9e:8f:
         8c:9b:65:1a:d9:9d:7f:55:aa:52:82:62:22:82:ff:82:c9:eb:
         4e:c8:17:42:77:30:f1:84:6f:ab:33:1a:dd:5e:5c:97:b4:25:
         86:bd:8c:cf:32:19:54:91:43:a5:b6:81:3e:55:81:32:ba:f3:
         16:9d:8e:3c:45:ca:bd:7e:77:41:d9:af:0e:f4:d0:a0:a3:76:
         39:3e:3a:a8:ca:af:e6:66:73:15:93:83:af:35:ea:5b:b3:8a:
         cc:e5:aa:17:6a:e0:e3:3c:16:a6:ac:11:a7:f0:b8:10:32:77:
         95:21:8c:1f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDIunsSGi95jQkuv3MS/E2p1NmbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMTQxNjQ2MTBaFw0yNTExMTMxNjUxMTBaMDMxMTAvBgNV
BAMTKDNBMTlDOEVCRjZGMzcwNTVCRTQ4NzAwRkIxQTk3MzE3NkU1QjI1MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+i0+GjYa5TyyYOxegzoLLst27
kXio45UKR/wVD9ne4KPhFdfqL12zLp25WLdfBN354B+wtEucS8s+auvLFqXvBSDE
epYEKnISfmYqMmV0NzkVO/S1CE5Wdg8VP55kjBEfXm+aqywIP4ytrrGODMq6QGlR
ceZ77LaixlDUn4vSFiM3EYtIbACqon7gwPULAB94SMF8LhGDteBNAzwkNnf/Cx75
+Bf7BiivD8W2DkLCrhovru26fAYKVhWUa+cyxnhLX13/AsDOg7+O2Gx+hEqf8L/H
l9INBRJrQgLy1EMf0fiXVJxcmQKyqN2KNfCyGOY4YyQZflkXWTWogvvNjLmxAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUOhnI6/bzcFW+SHAPsalzF25bJTEwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzQzNzMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYaMA0G
CSqGSIb3DQEBCwUAA4IBAQADcTp8gezh8lQhjyawij0LSZrI900Tbe4M8eTjXpzv
h8fDJK8PEFoQ+lIPC3osiOaGX1rkEZq0tw/aKlyQ/Xqwe0HYEF+RriYrYMCSyU2V
ZUJvdAn8ORObUjv/K16dj3yzCveQHH46FXHwsl8RJStJOaxXcuaSYBdLfuIfxRlv
CPMA0nP2Kju6ahCSjs6Bno+Mm2Ua2Z1/VapSgmIigv+CyetOyBdCdzDxhG+rMxrd
XlyXtCWGvYzPMhlUkUOltoE+VYEyuvMWnY48Rcq9fndB2a8O9NCgo3Y5Pjqoyq/m
ZnMVk4OvNepbs4rM5aoXauDjPBamrBGn8LgQMneVIYwf
-----END CERTIFICATE-----