Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34312e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          KiWm9DaLh1eaYban4ERENpBsOa9B0NFRz7/jcFupwwA=
Subject key identifier:   AC:5A:2C:81:FB:18:E3:9A:F9:15:D9:1A:00:9E:49:09:4D:C3:D4:55
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       2964898E8CE363CB321FC7D26BE32406DC5AC9F8
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:64:89:8e:8c:e3:63:cb:32:1f:c7:d2:6b:e3:24:06:dc:5a:c9:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=AC5A2C81FB18E39AF915D91A009E49094DC3D455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a5:98:42:75:aa:c0:3c:e5:e4:67:22:bf:af:
                    a6:f8:13:07:35:bf:96:57:ef:85:93:0d:95:4f:d3:
                    82:07:ea:b2:ee:b0:01:6c:db:ca:e6:74:80:67:7e:
                    0d:cd:02:d4:4d:68:40:31:55:44:fc:47:84:fd:68:
                    64:00:10:31:b2:a2:0d:b9:77:df:f2:e4:68:b8:83:
                    9a:62:23:d0:6d:09:42:f4:91:d8:a2:4b:27:9b:76:
                    fb:e6:a5:a4:c6:47:c1:78:84:20:1f:7f:a4:65:81:
                    4b:f0:9c:30:76:bb:29:bf:4e:47:33:b8:23:a2:d5:
                    73:8a:15:4b:31:dd:12:96:46:ef:3f:98:57:09:e7:
                    a2:e3:e7:b0:6a:b1:51:d7:52:86:4e:f3:36:d1:18:
                    2d:ac:3d:8a:a7:31:04:a8:c2:48:e4:39:6a:b6:68:
                    7f:29:00:fc:4e:9e:bc:55:ec:61:23:e3:2d:90:a6:
                    0d:20:be:3b:ca:86:85:90:0f:0c:e3:78:1f:c2:d4:
                    0e:80:69:71:c4:66:51:b3:4f:51:c4:e0:c9:6b:e5:
                    04:3c:d3:29:95:7f:b6:01:78:d1:61:c0:14:1a:d6:
                    2d:50:4c:2b:68:f0:30:cc:57:6c:1d:f1:ef:0f:f9:
                    3f:a5:ef:ea:ff:3b:09:32:3f:86:07:5b:53:40:d6:
                    a4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5A:2C:81:FB:18:E3:9A:F9:15:D9:1A:00:9E:49:09:4D:C3:D4:55
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:71:83:5d:72:36:c7:69:8e:9e:cd:57:70:38:8c:8e:5b:51:
         fb:ad:c2:f3:33:f4:ab:15:c9:cf:6e:3a:77:0f:ce:84:16:12:
         99:40:45:a5:e3:9d:7f:d8:ae:15:bb:d7:96:a0:0c:35:f6:b6:
         36:ab:63:a1:02:72:31:38:4d:45:09:44:79:cb:9d:5a:95:db:
         3e:a6:7d:2f:af:de:f1:34:e2:ac:85:10:91:81:4c:43:bd:9e:
         85:64:54:de:8e:05:67:89:c4:0f:f2:c1:26:d8:a4:bb:94:73:
         01:4f:03:b1:94:08:ab:5c:90:d9:02:00:32:84:d5:02:48:cb:
         cb:18:42:30:f6:f4:eb:69:23:59:74:e0:b7:f2:49:bc:64:60:
         f3:a6:b1:01:76:2b:37:d5:3e:d1:51:1f:f7:73:fb:f0:7a:2d:
         52:9b:d6:35:01:e9:cf:08:24:16:0e:09:6c:0d:50:d0:d5:e5:
         09:ea:25:b1:4e:52:93:5f:38:6f:3a:5d:26:42:b6:4e:45:d3:
         a9:d7:a3:59:5c:0e:2d:bb:6c:ac:51:64:79:1e:02:00:a9:58:
         81:0e:38:f7:ea:b2:de:eb:47:35:c4:73:a1:35:7a:95:c0:02:
         89:8b:15:46:9d:71:b5:17:f5:88:1d:11:26:b1:9e:27:bb:ba:
         e4:1d:4d:b1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUKWSJjozjY8syH8fSa+MkBtxayfgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKEFDNUEyQzgxRkIxOEUzOUFGOTE1RDkxQTAwOUU0OTA5NERDM0Q0NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCypZhCdarAPOXkZyK/r6b4Ewc1
v5ZX74WTDZVP04IH6rLusAFs28rmdIBnfg3NAtRNaEAxVUT8R4T9aGQAEDGyog25
d9/y5Gi4g5piI9BtCUL0kdiiSyebdvvmpaTGR8F4hCAff6RlgUvwnDB2uym/Tkcz
uCOi1XOKFUsx3RKWRu8/mFcJ56Lj57BqsVHXUoZO8zbRGC2sPYqnMQSowkjkOWq2
aH8pAPxOnrxV7GEj4y2Qpg0gvjvKhoWQDwzjeB/C1A6AaXHEZlGzT1HE4Mlr5QQ8
0ymVf7YBeNFhwBQa1i1QTCto8DDMV2wd8e8P+T+l7+r/OwkyP4YHW1NA1qQnAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUrFosgfsY45r5FdkaAJ5JCU3D1FUwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYpMA0G
CSqGSIb3DQEBCwUAA4IBAQA1cYNdcjbHaY6ezVdwOIyOW1H7rcLzM/SrFcnPbjp3
D86EFhKZQEWl451/2K4Vu9eWoAw19rY2q2OhAnIxOE1FCUR5y51alds+pn0vr97x
NOKshRCRgUxDvZ6FZFTejgVnicQP8sEm2KS7lHMBTwOxlAirXJDZAgAyhNUCSMvL
GEIw9vTraSNZdOC38km8ZGDzprEBdis31T7RUR/3c/vwei1Sm9Y1AenPCCQWDgls
DVDQ1eUJ6iWxTlKTXzhvOl0mQrZORdOp16NZXA4tu2ysUWR5HgIAqViBDjj36rLe
60c1xHOhNXqVwAKJixVGnXG1F/WIHREmsZ4nu7rkHU2x
-----END CERTIFICATE-----