Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33302e302f32342d3234203d3e203232333633.roa
File:                     33312e362e33302e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          NUBrYUixKN7qk8493Z88J4+ogB6AZlKANd3XI50O4y0=
Subject key identifier:   EC:2B:D2:A7:AF:CB:E3:46:F8:11:BF:9E:6F:4B:9E:72:B4:80:C8:72
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       447D13F68A88CE3391F4B0E320DE012FD6C57001
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33302e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:7d:13:f6:8a:88:ce:33:91:f4:b0:e3:20:de:01:2f:d6:c5:70:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=EC2BD2A7AFCBE346F811BF9E6F4B9E72B480C872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:45:fa:96:a8:fa:eb:30:8a:34:ad:ee:d6:da:
                    e8:e4:2e:c7:ef:4a:fd:a5:bb:5c:32:f8:30:f4:27:
                    a3:69:87:71:10:a8:be:c2:f9:58:aa:ec:ac:b8:7b:
                    63:43:96:06:6e:1f:67:12:06:ea:62:fb:d5:4a:1f:
                    32:38:e1:e3:0c:ef:c8:ab:24:44:26:76:9c:78:4f:
                    e6:c0:71:1b:4a:09:98:2d:ea:82:4c:65:0e:08:57:
                    13:20:47:00:f2:38:c6:39:c5:84:26:f4:ef:29:52:
                    88:54:b0:d5:d2:4f:d4:91:18:ba:03:2b:2c:d0:47:
                    18:83:87:ef:4a:3e:87:05:55:80:c3:0c:e2:16:bd:
                    4f:66:8c:4d:43:0b:3d:82:24:fe:4d:dd:fb:05:87:
                    44:41:84:0b:4b:67:e3:c5:bd:a8:1c:57:77:96:52:
                    c1:d3:af:c8:a2:99:d3:c5:e6:85:3f:b5:d2:a4:2e:
                    ce:2e:fa:7a:46:fb:97:9e:2c:eb:0c:3c:c0:1d:b2:
                    ad:cd:5b:d2:07:6c:7f:89:7d:40:90:70:81:4a:1e:
                    56:4f:6e:30:b1:fe:16:e7:c8:76:75:0b:ef:9e:3c:
                    9e:f2:f8:2f:8e:6e:1d:49:15:92:92:2a:52:2b:b0:
                    71:f5:57:d4:db:c6:0b:d6:df:97:5c:d6:6d:80:58:
                    2f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:2B:D2:A7:AF:CB:E3:46:F8:11:BF:9E:6F:4B:9E:72:B4:80:C8:72
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33302e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:d5:40:7c:19:7f:4c:66:71:85:7f:ad:e8:bf:03:04:aa:66:
         13:51:3d:cf:b2:75:71:9c:1b:2f:93:87:a1:11:aa:8a:0d:94:
         76:8e:ce:be:09:86:e9:ed:ae:b5:8c:42:18:cd:b5:2d:fa:7a:
         78:16:bc:dd:36:16:32:10:68:be:f9:42:74:34:9c:b6:c8:10:
         e4:a7:3c:2b:56:39:69:2d:a2:67:71:68:33:e5:23:14:fa:94:
         b3:bc:65:b7:e9:bf:4e:65:47:6f:dd:89:42:48:87:a0:e2:f0:
         23:a7:a6:fc:fc:b8:15:04:e5:36:9d:bb:a0:5b:f7:bb:56:56:
         9b:65:09:d2:60:5d:67:37:31:43:59:18:45:85:1f:2c:16:99:
         64:ea:12:21:02:45:40:d2:dc:ed:a5:e1:f0:41:43:42:2f:25:
         0c:c5:4e:29:68:ae:6e:ae:68:54:82:de:15:91:cf:c4:8e:4c:
         b7:e0:31:5b:52:56:c7:09:b1:49:a9:ed:b7:44:7c:56:04:8e:
         3b:3a:75:ac:87:24:07:06:1b:03:f1:ae:0e:e0:df:f6:9d:2a:
         ca:84:fd:da:ab:0d:24:55:ed:31:38:dc:95:09:2c:14:63:08:
         cb:7c:4a:53:15:d8:31:7c:5d:76:d5:cc:fa:16:1e:f5:96:4d:
         8a:c8:0f:87
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURH0T9oqIzjOR9LDjIN4BL9bFcAEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKEVDMkJEMkE3QUZDQkUzNDZGODExQkY5RTZGNEI5RTcyQjQ4MEM4NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSRfqWqPrrMIo0re7W2ujkLsfv
Sv2lu1wy+DD0J6Nph3EQqL7C+Viq7Ky4e2NDlgZuH2cSBupi+9VKHzI44eMM78ir
JEQmdpx4T+bAcRtKCZgt6oJMZQ4IVxMgRwDyOMY5xYQm9O8pUohUsNXST9SRGLoD
KyzQRxiDh+9KPocFVYDDDOIWvU9mjE1DCz2CJP5N3fsFh0RBhAtLZ+PFvagcV3eW
UsHTr8iimdPF5oU/tdKkLs4u+npG+5eeLOsMPMAdsq3NW9IHbH+JfUCQcIFKHlZP
bjCx/hbnyHZ1C++ePJ7y+C+Obh1JFZKSKlIrsHH1V9TbxgvW35dc1m2AWC/1AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU7CvSp6/L40b4Eb+eb0uecrSAyHIwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYeMA0G
CSqGSIb3DQEBCwUAA4IBAQA51UB8GX9MZnGFf63ovwMEqmYTUT3PsnVxnBsvk4eh
EaqKDZR2js6+CYbp7a61jEIYzbUt+np4FrzdNhYyEGi++UJ0NJy2yBDkpzwrVjlp
LaJncWgz5SMU+pSzvGW36b9OZUdv3YlCSIeg4vAjp6b8/LgVBOU2nbugW/e7Vlab
ZQnSYF1nNzFDWRhFhR8sFplk6hIhAkVA0tztpeHwQUNCLyUMxU4paK5urmhUgt4V
kc/Ejky34DFbUlbHCbFJqe23RHxWBI47OnWshyQHBhsD8a4O4N/2nSrKhP3aqw0k
Ve0xONyVCSwUYwjLfEpTFdgxfF121cz6Fh71lk2KyA+H
-----END CERTIFICATE-----