Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33332e302f32342d3234203d3e203631333137.roa
File:                     33312e362e33332e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          bmTG8DjN9SupwBdLWUYWsCjRs9Kv+QUJe4+3covlPB0=
Subject key identifier:   42:59:40:3D:27:D3:D9:6E:31:32:E5:91:3B:64:83:1C:65:97:CE:83
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       1AA3D73E631D29A072A06D812933DB0C62021967
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33332e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     61317
IP address blocks:        31.6.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:a3:d7:3e:63:1d:29:a0:72:a0:6d:81:29:33:db:0c:62:02:19:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=4259403D27D3D96E3132E5913B64831C6597CE83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:af:03:ed:d7:13:a3:cd:ff:f2:0f:6a:14:28:
                    13:f2:d5:9c:32:15:ca:b7:83:e0:35:29:65:21:62:
                    6f:07:b9:c7:58:5b:9e:82:0d:67:c3:00:40:a3:2a:
                    de:db:7e:c7:51:d7:9b:36:ea:93:d3:cb:ff:a4:3b:
                    9e:15:aa:ea:57:a0:23:70:4e:15:9d:8f:ee:16:fb:
                    78:4e:ca:f0:d8:2d:a0:6e:03:c7:6d:6d:ec:ac:c6:
                    d8:5c:8f:92:0d:dc:b8:8b:4b:eb:ae:2e:2d:46:d0:
                    c3:59:e0:64:57:31:f6:cf:c7:06:a9:8d:f1:91:82:
                    9b:ca:7a:43:46:32:20:11:75:a7:b4:a4:0e:15:6e:
                    a7:da:6f:ac:d2:6c:06:bb:13:88:04:cb:47:8f:67:
                    fe:fa:73:94:6b:6a:de:0d:a5:74:8f:5f:fa:4b:e3:
                    43:8e:87:3c:ac:0d:85:41:e1:c6:c9:27:d2:25:a2:
                    03:f5:06:37:c5:7f:0b:0c:ce:8d:7c:6a:a4:f0:82:
                    c5:f8:ec:aa:87:31:a2:2a:ab:c9:7e:9c:94:0e:b6:
                    97:89:a4:3e:4e:3e:72:fb:5c:b9:65:6a:5b:38:0f:
                    6b:d8:1d:06:71:0c:73:49:94:59:24:a6:57:1d:3b:
                    eb:af:f3:2a:69:ae:88:52:d9:67:a3:e0:8f:68:55:
                    6b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:59:40:3D:27:D3:D9:6E:31:32:E5:91:3B:64:83:1C:65:97:CE:83
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33332e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:56:6c:b7:08:63:11:28:26:51:75:1a:5f:3d:8c:6b:69:ee:
         e5:e9:b4:e0:b2:c4:0c:a6:a1:a1:a1:76:21:2d:5b:89:bf:77:
         b2:3b:b8:75:30:e8:e3:e9:63:70:03:79:cf:93:64:7c:ad:c9:
         2d:4a:c6:ab:52:dd:67:8c:d5:43:17:92:8a:cd:9c:e8:cd:72:
         1b:b2:c2:14:51:a7:f1:62:a3:b2:2d:14:c8:74:fb:13:0f:82:
         16:d3:b3:9c:49:8a:25:63:34:f4:a2:8f:c9:07:7c:85:81:e7:
         d4:78:6b:e4:db:b1:88:ab:88:fa:bd:c2:a2:24:cb:6f:64:72:
         fc:c5:44:c2:a4:5c:db:5a:a9:c0:59:66:ef:56:6c:9a:47:7c:
         f8:f6:dd:c9:35:6c:39:7d:93:03:34:14:fb:aa:d1:ea:1c:0b:
         64:2c:bc:b2:66:0c:81:48:4e:cb:d2:9c:57:f9:09:20:f1:7a:
         af:17:fd:6d:73:ef:45:08:f9:73:da:47:53:61:bc:ea:7c:11:
         22:c1:a6:4d:ad:09:28:74:c1:c2:c0:47:9f:19:0d:54:79:2c:
         bd:25:09:bf:7a:f0:54:95:05:be:23:4f:a6:4d:a2:55:ed:54:
         77:60:f3:23:d8:71:59:7e:3c:bc:81:32:75:00:d8:26:ac:e6:
         b6:91:20:b5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUGqPXPmMdKaByoG2BKTPbDGICGWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKDQyNTk0MDNEMjdEM0Q5NkUzMTMyRTU5MTNCNjQ4MzFDNjU5N0NFODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCrwPt1xOjzf/yD2oUKBPy1Zwy
Fcq3g+A1KWUhYm8HucdYW56CDWfDAECjKt7bfsdR15s26pPTy/+kO54VqupXoCNw
ThWdj+4W+3hOyvDYLaBuA8dtbeysxthcj5IN3LiLS+uuLi1G0MNZ4GRXMfbPxwap
jfGRgpvKekNGMiARdae0pA4Vbqfab6zSbAa7E4gEy0ePZ/76c5Rrat4NpXSPX/pL
40OOhzysDYVB4cbJJ9IlogP1BjfFfwsMzo18aqTwgsX47KqHMaIqq8l+nJQOtpeJ
pD5OPnL7XLllals4D2vYHQZxDHNJlFkkplcdO+uv8ypprohS2Wej4I9oVWsPAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUQllAPSfT2W4xMuWRO2SDHGWXzoMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYhMA0G
CSqGSIb3DQEBCwUAA4IBAQBhVmy3CGMRKCZRdRpfPYxrae7l6bTgssQMpqGhoXYh
LVuJv3eyO7h1MOjj6WNwA3nPk2R8rcktSsarUt1njNVDF5KKzZzozXIbssIUUafx
YqOyLRTIdPsTD4IW07OcSYolYzT0oo/JB3yFgefUeGvk27GIq4j6vcKiJMtvZHL8
xUTCpFzbWqnAWWbvVmyaR3z49t3JNWw5fZMDNBT7qtHqHAtkLLyyZgyBSE7L0pxX
+Qkg8XqvF/1tc+9FCPlz2kdTYbzqfBEiwaZNrQkodMHCwEefGQ1UeSy9JQm/evBU
lQW+I0+mTaJV7VR3YPMj2HFZfjy8gTJ1ANgmrOa2kSC1
-----END CERTIFICATE-----