Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33362e302f32342d3234203d3e20383334.roa
File:                     33312e362e33362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          D0KcPI+8RgDh0U5TqhTUcU5j5OhquWFm+K4j4FLPwkU=
Subject key identifier:   C2:5A:FD:E5:38:84:31:91:4E:37:C3:99:80:67:3E:0D:DE:ED:EF:50
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0FCD3B4685EB9CC34CA42418652893B464DFB33A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33362e302f32342d3234203d3e20383334.roa
Signing time:             Thu 11 Jul 2024 09:27:10 +0000
ROA not before:           Thu 11 Jul 2024 09:22:10 +0000
ROA not after:            Thu 10 Jul 2025 09:27:10 +0000
asID:                     834
IP address blocks:        31.6.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:cd:3b:46:85:eb:9c:c3:4c:a4:24:18:65:28:93:b4:64:df:b3:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jul 11 09:22:10 2024 GMT
            Not After : Jul 10 09:27:10 2025 GMT
        Subject: CN=C25AFDE5388431914E37C39980673E0DDEEDEF50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:78:1b:46:d6:67:79:06:15:89:de:aa:ee:b0:
                    bf:8a:9c:3a:53:9b:00:3e:a3:ca:88:8e:e7:31:77:
                    73:a8:c8:60:96:7d:39:c6:e1:c0:10:e2:03:85:a7:
                    53:22:47:31:90:52:e5:d2:a8:1b:22:f5:46:a0:96:
                    16:b1:74:77:14:75:ae:6f:65:42:d5:1a:ac:36:20:
                    a1:da:02:ed:15:b4:22:58:fa:0a:95:68:ef:a9:8a:
                    4a:ab:2f:3a:e5:b1:f8:a1:c6:9f:67:56:62:6a:50:
                    d0:ad:99:06:55:45:53:81:92:cb:de:38:0b:b3:b9:
                    84:15:cd:13:d1:f5:5b:4a:9e:34:90:46:19:c4:ca:
                    ab:10:fe:d6:ea:82:a4:c3:be:39:63:68:2b:95:03:
                    4a:b4:7f:fe:f6:0d:1b:82:78:15:e5:31:b1:17:d7:
                    6d:f3:3c:33:2a:6d:62:1a:12:c6:90:55:f2:22:b6:
                    71:1e:d0:fb:ea:0a:e4:c0:af:4a:99:26:ec:63:7e:
                    fc:45:b7:99:40:61:79:2a:72:86:cb:7c:70:57:4b:
                    c9:25:4f:33:f6:c3:34:eb:68:6a:3b:1f:ad:a6:d5:
                    8d:a5:52:62:f1:b6:a3:e4:95:2c:1a:cb:e4:0a:ad:
                    7e:26:39:02:4b:08:61:18:16:66:23:ea:38:da:1d:
                    9e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5A:FD:E5:38:84:31:91:4E:37:C3:99:80:67:3E:0D:DE:ED:EF:50
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:85:16:51:cc:8b:3b:69:28:75:43:70:cd:47:29:f7:80:3e:
         f9:a5:cf:f6:fd:cf:f4:29:b5:5c:29:35:ea:70:aa:cf:84:da:
         cc:94:e3:02:9f:29:61:8a:1d:95:e4:41:e0:2e:f7:a9:62:10:
         0c:bd:ad:5c:25:78:80:29:94:49:25:6f:83:38:4e:b6:93:0f:
         84:65:3f:cc:f9:5a:a3:d2:2f:8c:e8:3b:91:d4:89:a2:00:6b:
         bc:2d:cf:3d:b0:a1:35:6f:c9:0c:07:72:c1:d4:2d:97:26:08:
         f0:4e:ce:60:04:2b:ea:ca:25:b1:15:dc:e8:93:55:59:4c:b0:
         37:8e:98:a3:e4:a0:58:24:0c:44:06:ea:7c:85:d2:b9:72:b3:
         39:b2:75:ef:be:02:2f:7b:19:2a:fc:04:4b:36:12:5b:87:b8:
         5b:f4:ac:3b:bf:da:30:20:39:03:97:9c:62:ab:79:e1:37:95:
         e5:b2:09:2a:6e:7c:85:0a:25:bb:36:e1:76:1b:97:1a:18:81:
         fe:13:6f:28:4c:d6:27:be:75:de:58:4b:c1:7b:cf:40:4a:6a:
         79:0d:00:fa:97:bc:69:cb:96:1a:44:e1:1e:cc:d5:b8:97:dc:
         c3:a2:49:33:f7:c0:fc:e0:cc:8e:2f:9e:b6:a4:ae:4c:14:34:
         ca:25:13:b1
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUD807RoXrnMNMpCQYZSiTtGTfszowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA3MTEwOTIyMTBaFw0yNTA3MTAwOTI3MTBaMDMxMTAvBgNV
BAMTKEMyNUFGREU1Mzg4NDMxOTE0RTM3QzM5OTgwNjczRTBEREVFREVGNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEeBtG1md5BhWJ3qrusL+KnDpT
mwA+o8qIjucxd3OoyGCWfTnG4cAQ4gOFp1MiRzGQUuXSqBsi9UaglhaxdHcUda5v
ZULVGqw2IKHaAu0VtCJY+gqVaO+pikqrLzrlsfihxp9nVmJqUNCtmQZVRVOBksve
OAuzuYQVzRPR9VtKnjSQRhnEyqsQ/tbqgqTDvjljaCuVA0q0f/72DRuCeBXlMbEX
123zPDMqbWIaEsaQVfIitnEe0PvqCuTAr0qZJuxjfvxFt5lAYXkqcobLfHBXS8kl
TzP2wzTraGo7H62m1Y2lUmLxtqPklSway+QKrX4mOQJLCGEYFmYj6jjaHZ7ZAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUwlr95TiEMZFON8OZgGc+Dd7t71AwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBiQwDQYJKoZI
hvcNAQELBQADggEBAACFFlHMiztpKHVDcM1HKfeAPvmlz/b9z/QptVwpNepwqs+E
2syU4wKfKWGKHZXkQeAu96liEAy9rVwleIAplEklb4M4TraTD4RlP8z5WqPSL4zo
O5HUiaIAa7wtzz2woTVvyQwHcsHULZcmCPBOzmAEK+rKJbEV3OiTVVlMsDeOmKPk
oFgkDEQG6nyF0rlyszmyde++Ai97GSr8BEs2EluHuFv0rDu/2jAgOQOXnGKreeE3
leWyCSpufIUKJbs24XYblxoYgf4TbyhM1ie+dd5YS8F7z0BKankNAPqXvGnLlhpE
4R7M1biX3MOiSTP3wPzgzI4vnrakrkwUNMolE7E=
-----END CERTIFICATE-----