Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e332e302f32342d3234203d3e203232333633.roa
File:                     33312e362e332e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          +gGB/O2BRQYQY7uw/mDwCalJNAuHHoE5CtOvoO8mvBo=
Subject key identifier:   1C:B1:78:DC:82:0F:D3:6D:D1:1A:0A:DF:31:F2:A6:EE:E1:42:66:7A
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       54232B74DA040ACC55EBBFCD522212C2E6B189
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e332e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:23:2b:74:da:04:0a:cc:55:eb:bf:cd:52:22:12:c2:e6:b1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=1CB178DC820FD36DD11A0ADF31F2A6EEE142667A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7f:f5:97:72:18:a8:9f:a0:50:41:a8:14:24:
                    6e:ff:6a:4f:08:c0:f2:23:ac:fa:f8:e8:5a:5b:2b:
                    76:62:37:a7:ab:03:f2:27:eb:65:89:8c:d9:a7:88:
                    6c:f0:03:ac:75:c0:c8:61:5f:e3:aa:49:74:4d:bb:
                    16:e8:04:18:5a:5b:a8:f3:f7:3c:38:87:79:06:c7:
                    ec:52:62:d4:f9:a4:ff:0a:16:4e:d5:0f:95:cb:b2:
                    1b:8e:02:e5:49:d0:8b:32:14:cf:20:ab:3e:fa:00:
                    c6:57:82:01:fd:ec:c8:03:7a:dd:74:9b:c9:8f:98:
                    7b:31:9a:bc:4c:53:19:7b:e8:7d:9f:83:01:3a:43:
                    1b:21:55:19:ab:ab:95:f0:b4:ba:59:7c:99:20:f7:
                    58:f4:c7:cf:f9:14:06:23:83:09:da:fd:4a:9d:15:
                    e4:22:20:33:97:1a:7c:2a:52:6b:dd:64:ff:d5:2c:
                    a2:e3:f4:8f:3d:86:0e:6f:e4:86:5c:1e:d5:f2:36:
                    f9:bc:9d:9b:57:34:30:a3:f6:d6:c9:9f:7f:e7:f7:
                    6e:10:4d:85:15:43:51:53:b7:64:7d:2f:2e:6d:78:
                    d7:23:a4:7c:46:62:f7:6e:58:ad:b0:3d:18:b2:fc:
                    e0:a0:4c:5a:e5:07:18:e4:2b:96:73:40:ad:76:8e:
                    3b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B1:78:DC:82:0F:D3:6D:D1:1A:0A:DF:31:F2:A6:EE:E1:42:66:7A
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e332e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:d9:11:a6:bc:d0:65:ef:49:33:f0:cc:c5:5c:66:a0:fc:cc:
         4d:cc:72:0e:f5:df:cc:50:86:69:4e:51:57:1a:55:60:af:fc:
         86:d3:e4:d5:a1:ac:5c:85:dd:c4:ff:f8:ec:01:0f:15:55:2c:
         e9:08:66:aa:f4:01:84:f9:d1:74:0b:1a:b4:41:2d:a5:32:45:
         c2:68:d1:a7:59:2f:b3:41:17:18:d6:9c:7c:45:9c:98:5a:c8:
         c5:b7:4b:ab:6f:0b:26:c5:ff:f1:bd:0e:84:d9:53:d2:f1:38:
         5b:17:70:1f:74:ec:71:7d:da:62:28:55:df:37:b4:cc:b8:99:
         b6:80:be:b8:4a:cb:3e:7c:62:16:c9:9c:5e:b5:7a:53:57:12:
         95:0d:97:cf:1a:70:f2:66:97:1e:87:45:b4:55:68:c9:a4:da:
         53:ce:9a:c8:68:c6:97:66:dd:4e:38:4d:dd:cd:54:be:b7:3e:
         c5:6a:93:5f:43:5b:1b:d9:75:9a:ed:f7:80:90:e8:e8:87:19:
         9b:78:78:91:d5:b1:96:ab:4f:c8:dd:53:ad:31:be:95:91:86:
         50:03:be:eb:e2:cc:34:a2:28:0e:83:06:b6:f2:68:12:cf:b0:
         93:1b:22:3f:67:b5:6e:41:96:30:e7:0b:dc:fa:5a:93:13:ff:
         95:74:a8:76
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgITVCMrdNoECsxV67/NUiISwuaxiTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEygwNDhhZjY2NWJmOGIxODZiNzAyMjA3NTlkMjZjNTc4ZjQw
YjVmM2UzMB4XDTI0MDkwMjA2MDAyMFoXDTI1MDkwMTA2MDUyMFowMzExMC8GA1UE
AxMoMUNCMTc4REM4MjBGRDM2REQxMUEwQURGMzFGMkE2RUVFMTQyNjY3QTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB/9ZdyGKifoFBBqBQkbv9qTwjA
8iOs+vjoWlsrdmI3p6sD8ifrZYmM2aeIbPADrHXAyGFf46pJdE27FugEGFpbqPP3
PDiHeQbH7FJi1Pmk/woWTtUPlcuyG44C5UnQizIUzyCrPvoAxleCAf3syAN63XSb
yY+YezGavExTGXvofZ+DATpDGyFVGaurlfC0ull8mSD3WPTHz/kUBiODCdr9Sp0V
5CIgM5cafCpSa91k/9UsouP0jz2GDm/khlwe1fI2+bydm1c0MKP21smff+f3bhBN
hRVDUVO3ZH0vLm141yOkfEZi925YrbA9GLL84KBMWuUHGOQrlnNArXaOO0cCAwEA
AaOCAjUwggIxMB0GA1UdDgQWBBQcsXjcgg/TbdEaCt8x8qbu4UJmejAfBgNVHSME
GDAWgBQEivZlv4sYa3AiB1nSbFePQLXz4zAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS84MmE5YmY1Yi0zOWMxLTQwNTAtYjA3My00ODA3NWI4NjFk
ODcvMC8wNDhBRjY2NUJGOEIxODZCNzAyMjA3NTlEMjZDNTc4RjQwQjVGM0UzLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvQklyMlpiLUxHR3R3SWdkWjBteFhqMEMx
OC1NLmNlcjCBpQYIKwYBBQUHAQsEgZgwgZUwgZIGCCsGAQUFBzALhoGFcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MmE5YmY1Yi0z
OWMxLTQwNTAtYjA3My00ODA3NWI4NjFkODcvMC8zMzMxMmUzNjJlMzMyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYDMA0GCSqG
SIb3DQEBCwUAA4IBAQAM2RGmvNBl70kz8MzFXGag/MxNzHIO9d/MUIZpTlFXGlVg
r/yG0+TVoaxchd3E//jsAQ8VVSzpCGaq9AGE+dF0Cxq0QS2lMkXCaNGnWS+zQRcY
1px8RZyYWsjFt0urbwsmxf/xvQ6E2VPS8ThbF3AfdOxxfdpiKFXfN7TMuJm2gL64
Sss+fGIWyZxetXpTVxKVDZfPGnDyZpceh0W0VWjJpNpTzprIaMaXZt1OOE3dzVS+
tz7FapNfQ1sb2XWa7feAkOjohxmbeHiR1bGWq0/I3VOtMb6VkYZQA77r4sw0oigO
gwa28mgSz7CTGyI/Z7VuQZYw5wvc+lqTE/+VdKh2
-----END CERTIFICATE-----