Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e342e302f32342d3234203d3e203232333633.roa
File:                     33312e362e342e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          j5K2IikcqDOnrbhPElxkNV/9DtHvat/I4hHy9R3nmSE=
Subject key identifier:   C0:07:09:C9:3F:2C:E1:77:64:DA:DF:F2:4A:09:4B:02:18:93:7C:3B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4425B4AA5623AB89F25E4A03FA4D6B9634368A42
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e342e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:25:b4:aa:56:23:ab:89:f2:5e:4a:03:fa:4d:6b:96:34:36:8a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=C00709C93F2CE17764DADFF24A094B0218937C3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:39:b0:ea:df:55:45:e5:72:c8:40:f7:f2:83:
                    5a:85:70:4a:bd:6e:01:9f:be:80:3b:3f:d7:5f:a3:
                    43:b2:5a:f4:2a:9b:03:46:5a:a7:d0:63:71:a2:78:
                    74:a7:55:af:3b:a1:2b:be:87:64:d2:62:33:ff:b2:
                    7a:39:66:fc:52:7a:f0:87:b6:99:8e:46:27:34:08:
                    ec:30:13:c9:0c:06:0a:03:f7:91:e9:7f:fb:d2:b3:
                    74:87:53:d1:30:22:15:35:8e:1c:cf:8e:5e:51:86:
                    15:7a:98:c8:10:f4:f7:c9:03:e1:16:7f:fe:e2:87:
                    e2:bc:7c:ab:77:1e:7a:8c:ed:94:39:1f:65:41:99:
                    af:c3:51:bd:78:4e:77:d4:43:4c:09:e9:00:83:1d:
                    01:28:e5:1f:ae:3c:08:17:b3:ca:ad:33:6f:8e:6e:
                    a6:3b:0d:ab:03:ef:18:59:00:60:65:17:4c:53:6d:
                    37:db:97:03:af:9a:b7:3a:a4:3f:bc:d1:12:cf:55:
                    97:32:41:52:5b:26:93:25:c8:90:46:b1:33:99:ac:
                    6c:94:ca:8f:55:70:9b:36:0d:eb:29:84:ef:ff:58:
                    2c:af:c7:3e:c8:b1:fc:10:de:80:0e:a6:7f:40:4f:
                    cd:70:41:29:11:69:05:ed:1a:56:38:4a:26:83:7e:
                    a6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:07:09:C9:3F:2C:E1:77:64:DA:DF:F2:4A:09:4B:02:18:93:7C:3B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e342e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:95:df:9b:07:3e:2f:d6:8c:1f:48:1c:af:d1:56:69:71:11:
         01:f2:51:87:75:9f:2d:80:66:5f:86:3d:41:a8:94:d4:4f:8c:
         8c:0e:28:fb:3b:89:22:7f:08:8a:d9:2c:e8:6b:df:79:d5:9d:
         f4:6f:85:fb:07:cf:50:c8:a6:46:fc:e7:e3:69:c0:78:d5:85:
         23:32:a3:d8:6c:1f:17:b9:6d:88:68:2f:6a:91:4b:a2:3d:95:
         36:97:11:ff:1f:08:67:38:ed:c1:b4:06:18:d1:71:6e:aa:a8:
         a7:46:30:ff:45:7a:d0:45:05:52:40:ea:59:18:86:12:24:46:
         78:59:5a:c9:34:93:b3:b2:3f:cd:7d:28:4d:92:d3:42:df:e6:
         63:8b:95:91:a7:fe:96:32:c1:e2:8d:e7:29:8d:43:ff:71:80:
         ea:2e:6c:de:23:94:98:e5:54:b3:c4:14:7d:a2:43:ad:39:cb:
         06:65:dd:84:46:5e:d1:12:b7:f6:ad:13:6c:52:85:75:7a:86:
         0a:6b:d4:11:ed:ab:b1:90:9f:86:4e:a2:21:b7:49:e0:a2:64:
         cb:72:46:ba:5f:f0:d7:cb:7a:70:66:4d:05:1f:3e:d0:64:be:
         da:45:16:11:f6:b5:44:42:57:0c:2d:64:a3:78:91:28:fc:a1:
         d0:42:ff:71
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIURCW0qlYjq4nyXkoD+k1rljQ2ikIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKEMwMDcwOUM5M0YyQ0UxNzc2NERBREZGMjRBMDk0QjAyMTg5MzdDM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNObDq31VF5XLIQPfyg1qFcEq9
bgGfvoA7P9dfo0OyWvQqmwNGWqfQY3GieHSnVa87oSu+h2TSYjP/sno5ZvxSevCH
tpmORic0COwwE8kMBgoD95Hpf/vSs3SHU9EwIhU1jhzPjl5RhhV6mMgQ9PfJA+EW
f/7ih+K8fKt3HnqM7ZQ5H2VBma/DUb14TnfUQ0wJ6QCDHQEo5R+uPAgXs8qtM2+O
bqY7DasD7xhZAGBlF0xTbTfblwOvmrc6pD+80RLPVZcyQVJbJpMlyJBGsTOZrGyU
yo9VcJs2DesphO//WCyvxz7IsfwQ3oAOpn9AT81wQSkRaQXtGlY4SiaDfqapAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUwAcJyT8s4Xdk2t/ySglLAhiTfDswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GBDANBgkq
hkiG9w0BAQsFAAOCAQEAWpXfmwc+L9aMH0gcr9FWaXERAfJRh3WfLYBmX4Y9QaiU
1E+MjA4o+zuJIn8Iitks6GvfedWd9G+F+wfPUMimRvzn42nAeNWFIzKj2GwfF7lt
iGgvapFLoj2VNpcR/x8IZzjtwbQGGNFxbqqop0Yw/0V60EUFUkDqWRiGEiRGeFla
yTSTs7I/zX0oTZLTQt/mY4uVkaf+ljLB4o3nKY1D/3GA6i5s3iOUmOVUs8QUfaJD
rTnLBmXdhEZe0RK39q0TbFKFdXqGCmvUEe2rsZCfhk6iIbdJ4KJky3JGul/w18t6
cGZNBR8+0GS+2kUWEfa1REJXDC1ko3iRKPyh0EL/cQ==
-----END CERTIFICATE-----