Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32382e302f32332d3233203d3e20343030393039.roa
File:                     33312e362e32382e302f32332d3233203d3e20343030393039.roa (raw, json)
Hash identifier:          OS4Ei4/xKc+w54Ll1TJKLA9sMHbGc5gW2XWcB51ecRQ=
Subject key identifier:   DA:7B:7B:69:3A:2A:03:93:32:1D:F0:B9:C2:C4:80:62:86:CE:DF:92
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       53EB9DBB093B43D5DEF902DBF10B836E817928BD
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32382e302f32332d3233203d3e20343030393039.roa
Signing time:             Fri 15 Mar 2024 10:54:13 +0000
ROA not before:           Fri 15 Mar 2024 10:49:13 +0000
ROA not after:            Fri 14 Mar 2025 10:54:13 +0000
asID:                     400909
IP address blocks:        31.6.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:eb:9d:bb:09:3b:43:d5:de:f9:02:db:f1:0b:83:6e:81:79:28:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 15 10:49:13 2024 GMT
            Not After : Mar 14 10:54:13 2025 GMT
        Subject: CN=DA7B7B693A2A0393321DF0B9C2C4806286CEDF92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:44:fc:6e:44:dd:3f:7a:2a:a2:aa:87:28:12:
                    a0:47:65:20:07:fc:1e:f3:5b:b1:b9:53:41:25:76:
                    89:8d:e1:c3:d6:ba:30:27:9e:b1:1d:a6:8a:cf:90:
                    11:79:ac:57:f7:5f:a9:42:d8:de:13:b4:d4:70:ae:
                    7a:d0:c9:56:b8:59:8b:d9:ec:b2:40:a8:a2:3d:36:
                    ee:8f:4e:16:d0:10:2a:96:41:64:0c:bc:25:62:44:
                    97:69:f9:02:44:63:b4:17:17:ae:4b:12:80:75:da:
                    a1:75:1f:0e:e6:65:a8:7b:fc:c2:53:cf:55:ec:7b:
                    cd:7a:32:22:fc:db:15:ed:02:55:ac:51:72:b2:0a:
                    65:34:c8:8e:f2:89:26:99:a9:4a:2d:15:5f:81:1e:
                    89:68:bb:6c:77:fc:57:d8:e9:a9:c7:55:8e:87:90:
                    ee:89:c4:dc:18:57:b2:0b:c6:16:8a:ef:67:b0:b6:
                    b7:a9:61:ab:43:00:64:25:b9:5b:e2:58:09:96:8f:
                    04:67:dc:b1:fe:d8:0d:c5:5a:80:28:7f:d7:48:05:
                    de:09:e6:13:d9:1b:8d:7c:05:6a:1f:63:ab:c6:78:
                    11:3c:a2:a7:fb:a3:e6:34:22:d7:33:f2:75:f9:d1:
                    d8:5e:96:68:3d:ea:7a:1e:29:cd:33:32:7f:4e:31:
                    f5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7B:7B:69:3A:2A:03:93:32:1D:F0:B9:C2:C4:80:62:86:CE:DF:92
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32382e302f32332d3233203d3e20343030393039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:db:a5:0e:a4:ce:97:f7:a0:37:8b:74:ea:6d:8e:8d:78:7d:
         36:67:ee:97:0c:05:cb:63:3f:e0:db:df:ee:f9:05:77:af:4a:
         06:24:6a:e1:94:6a:2a:5d:16:e4:50:55:32:66:90:9d:77:26:
         2d:89:af:b9:70:54:c2:f9:a3:d9:e9:d6:d4:59:64:94:83:56:
         e9:24:59:8e:8b:9f:77:a0:be:88:24:54:d6:7a:fb:99:ab:99:
         20:9e:29:8f:53:2e:36:8f:eb:44:4b:c4:98:45:b0:37:9a:ff:
         c4:85:ef:f1:5b:41:6a:f6:c1:d6:c1:55:85:2c:74:20:b8:c3:
         03:1b:e2:21:69:00:92:3b:3f:e0:c8:db:0e:49:14:7d:69:d7:
         a8:bb:eb:5b:f3:72:04:26:80:5e:89:97:0b:0c:6b:3c:29:e0:
         e5:2e:72:3c:14:94:b0:09:7f:f8:f1:f6:bc:2c:cc:6c:86:b6:
         39:2a:bb:77:7d:6c:ff:88:48:c0:c1:7c:4d:79:c1:8a:37:f9:
         e5:a6:52:36:c8:62:17:00:51:e9:ca:ff:29:76:e8:69:16:ee:
         8c:ff:49:1c:4a:43:83:a4:da:5d:b2:5d:7f:42:36:d8:28:b3:
         1b:1f:0b:68:fe:e8:43:6a:5e:ca:6b:db:5a:a0:e0:ad:41:0c:
         4b:b2:50:38
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUU+uduwk7Q9Xe+QLb8QuDboF5KL0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDAzMTUxMDQ5MTNaFw0yNTAzMTQxMDU0MTNaMDMxMTAvBgNV
BAMTKERBN0I3QjY5M0EyQTAzOTMzMjFERjBCOUMyQzQ4MDYyODZDRURGOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZRPxuRN0/eiqiqocoEqBHZSAH
/B7zW7G5U0EldomN4cPWujAnnrEdporPkBF5rFf3X6lC2N4TtNRwrnrQyVa4WYvZ
7LJAqKI9Nu6PThbQECqWQWQMvCViRJdp+QJEY7QXF65LEoB12qF1Hw7mZah7/MJT
z1Xse816MiL82xXtAlWsUXKyCmU0yI7yiSaZqUotFV+BHolou2x3/FfY6anHVY6H
kO6JxNwYV7ILxhaK72ewtrepYatDAGQluVviWAmWjwRn3LH+2A3FWoAof9dIBd4J
5hPZG418BWofY6vGeBE8oqf7o+Y0Itcz8nX50dhelmg96noeKc0zMn9OMfUNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU2nt7aToqA5MyHfC5wsSAYobO35IwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzgyZTMw
MmYzMjMzMmQzMjMzMjAzZDNlMjAzNDMwMzAzOTMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEfBhww
DQYJKoZIhvcNAQELBQADggEBAD3bpQ6kzpf3oDeLdOptjo14fTZn7pcMBctjP+Db
3+75BXevSgYkauGUaipdFuRQVTJmkJ13Ji2Jr7lwVML5o9np1tRZZJSDVukkWY6L
n3egvogkVNZ6+5mrmSCeKY9TLjaP60RLxJhFsDea/8SF7/FbQWr2wdbBVYUsdCC4
wwMb4iFpAJI7P+DI2w5JFH1p16i761vzcgQmgF6JlwsMazwp4OUucjwUlLAJf/jx
9rwszGyGtjkqu3d9bP+ISMDBfE15wYo3+eWmUjbIYhcAUenK/yl26GkW7oz/SRxK
Q4Ok2l2yXX9CNtgosxsfC2j+6ENqXspr21qg4K1BDEuyUDg=
-----END CERTIFICATE-----