Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32382e302f32332d3233203d3e20343030393039.roa
File:                     33312e362e32382e302f32332d3233203d3e20343030393039.roa (raw, json)
Hash identifier:          SGZKpHkcKtiwUsiFUjl4i4l/ofuI4CsxcqcItyik3H8=
Subject key identifier:   E4:B0:22:E8:D2:A9:B3:B6:46:EB:C9:2E:E9:DE:32:DD:25:35:D4:67
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       12F5C9EDCC373B7A26DC85F1009A00A0099DC2E4
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32382e302f32332d3233203d3e20343030393039.roa
Signing time:             Fri 14 Feb 2025 11:53:55 +0000
ROA not before:           Fri 14 Feb 2025 11:48:55 +0000
ROA not after:            Fri 13 Feb 2026 11:53:55 +0000
asID:                     400909
IP address blocks:        31.6.28.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:f5:c9:ed:cc:37:3b:7a:26:dc:85:f1:00:9a:00:a0:09:9d:c2:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Feb 14 11:48:55 2025 GMT
            Not After : Feb 13 11:53:55 2026 GMT
        Subject: CN=E4B022E8D2A9B3B646EBC92EE9DE32DD2535D467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:57:08:c6:75:d0:1c:10:eb:0a:ba:e8:f8:45:
                    d6:94:92:e2:84:9b:cd:8c:94:b6:51:00:14:09:ed:
                    2c:6d:79:35:c7:fe:58:3e:59:d3:27:2a:2e:75:0e:
                    64:df:ba:4e:09:79:f8:c4:a0:f6:58:0f:b9:78:1f:
                    b6:1a:75:97:89:65:11:f8:88:14:42:20:85:12:1c:
                    1c:76:6d:78:0a:fd:84:1c:02:2a:fd:d9:c3:0d:48:
                    64:0c:e1:9d:74:99:b7:6e:d1:e3:0a:a1:6c:bc:e9:
                    d3:c7:22:ee:e7:b9:e8:d6:41:b1:4b:5c:09:39:a9:
                    3d:d4:82:d1:3c:7e:86:a0:6a:c8:ce:29:9c:e7:02:
                    ee:46:79:3c:d3:28:15:99:c6:bd:08:a9:99:f3:2c:
                    08:b0:1a:51:68:63:ca:e7:5b:50:fc:3a:c8:c5:1c:
                    ed:46:69:89:3c:d5:53:29:4d:c1:ba:3e:e5:45:fb:
                    f7:69:28:91:25:cd:8c:7e:60:65:a6:b3:2a:b2:92:
                    b3:27:99:da:7e:01:52:0b:7f:4e:71:ce:69:63:60:
                    de:3f:17:33:d1:fa:d1:ca:46:22:93:94:ad:07:07:
                    9f:cc:95:05:c7:bc:f4:1f:bd:e6:a9:dc:54:f6:13:
                    60:49:74:36:c5:4a:3b:4c:39:1e:2b:ee:0b:e6:b3:
                    be:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B0:22:E8:D2:A9:B3:B6:46:EB:C9:2E:E9:DE:32:DD:25:35:D4:67
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32382e302f32332d3233203d3e20343030393039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:76:a9:f0:5b:0c:bc:81:ea:00:7c:e5:2a:12:37:7f:8e:c5:
         b8:ac:b2:34:a9:39:ee:59:7b:5d:c9:15:a7:63:d6:2c:66:12:
         68:92:22:2b:28:13:3a:e7:b6:00:d4:4b:d7:f0:b2:9f:17:e9:
         0b:6f:12:a9:fa:a6:61:47:e5:9c:d5:e0:cc:de:2d:e2:65:c3:
         32:c3:2d:73:2e:18:83:85:2b:1a:ad:e1:38:be:d6:68:b2:8f:
         c1:6d:a5:f7:74:c1:e4:85:3e:c2:94:26:c4:05:77:0e:98:18:
         63:8f:03:8f:da:4e:8c:78:ff:76:d2:0f:c7:e6:67:e0:bf:60:
         d0:5e:69:f3:3a:31:91:c4:58:aa:49:20:e5:ea:86:61:01:a9:
         42:1c:2b:51:69:3e:19:36:bf:54:27:af:88:57:92:6e:3a:35:
         62:c2:d2:8a:3a:cb:7d:f9:b4:5a:3f:de:ca:d8:a4:43:0a:55:
         66:31:75:5b:3c:7b:7e:36:80:4e:ba:fc:6c:a5:4d:ab:f4:89:
         a6:01:3f:4d:e0:5e:38:f2:bf:83:94:33:87:8c:10:9a:99:bf:
         74:bb:79:3f:a8:4b:cf:21:8a:7c:b2:62:ef:56:e3:99:f3:88:
         23:63:59:f2:b9:36:14:ef:3b:4f:82:e3:55:c2:b3:cf:93:84:
         0c:e7:c9:f9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUEvXJ7cw3O3om3IXxAJoAoAmdwuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTAyMTQxMTQ4NTVaFw0yNjAyMTMxMTUzNTVaMDMxMTAvBgNV
BAMTKEU0QjAyMkU4RDJBOUIzQjY0NkVCQzkyRUU5REUzMkREMjUzNUQ0NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRVwjGddAcEOsKuuj4RdaUkuKE
m82MlLZRABQJ7SxteTXH/lg+WdMnKi51DmTfuk4JefjEoPZYD7l4H7YadZeJZRH4
iBRCIIUSHBx2bXgK/YQcAir92cMNSGQM4Z10mbdu0eMKoWy86dPHIu7nuejWQbFL
XAk5qT3UgtE8foagasjOKZznAu5GeTzTKBWZxr0IqZnzLAiwGlFoY8rnW1D8OsjF
HO1GaYk81VMpTcG6PuVF+/dpKJElzYx+YGWmsyqykrMnmdp+AVILf05xzmljYN4/
FzPR+tHKRiKTlK0HB5/MlQXHvPQfveap3FT2E2BJdDbFSjtMOR4r7gvms75XAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU5LAi6NKps7ZG68ku6d4y3SU11GcwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzgyZTMw
MmYzMjMzMmQzMjMzMjAzZDNlMjAzNDMwMzAzOTMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEfBhww
DQYJKoZIhvcNAQELBQADggEBAJt2qfBbDLyB6gB85SoSN3+OxbissjSpOe5Ze13J
Fadj1ixmEmiSIisoEzrntgDUS9fwsp8X6QtvEqn6pmFH5ZzV4MzeLeJlwzLDLXMu
GIOFKxqt4Ti+1miyj8Ftpfd0weSFPsKUJsQFdw6YGGOPA4/aTox4/3bSD8fmZ+C/
YNBeafM6MZHEWKpJIOXqhmEBqUIcK1FpPhk2v1Qnr4hXkm46NWLC0oo6y335tFo/
3srYpEMKVWYxdVs8e342gE66/GylTav0iaYBP03gXjjyv4OUM4eMEJqZv3S7eT+o
S88hinyyYu9W45nziCNjWfK5NhTvO0+C41XCs8+ThAznyfk=
-----END CERTIFICATE-----