Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203430383631.roa
File:                     33312e362e34312e302f32342d3234203d3e203430383631.roa (raw, json)
Hash identifier:          ItybHwTtntLJj+Qfq7k4itMDEpBECCY/OV1a2aOCvVc=
Subject key identifier:   82:7C:C3:75:46:55:8A:BF:A8:F6:82:F1:7F:3C:B4:58:E6:10:C6:34
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7063BC541585B8314D543E96510D53D915A9E748
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203430383631.roa
Signing time:             Fri 27 Sep 2024 15:43:22 +0000
ROA not before:           Fri 27 Sep 2024 15:38:22 +0000
ROA not after:            Fri 26 Sep 2025 15:43:22 +0000
asID:                     40861
IP address blocks:        31.6.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:63:bc:54:15:85:b8:31:4d:54:3e:96:51:0d:53:d9:15:a9:e7:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep 27 15:38:22 2024 GMT
            Not After : Sep 26 15:43:22 2025 GMT
        Subject: CN=827CC37546558ABFA8F682F17F3CB458E610C634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b4:11:1c:a1:07:48:46:d2:2e:66:91:a3:17:
                    d1:6a:90:b6:b5:81:70:09:f5:65:d0:a7:85:ff:ad:
                    12:e5:44:1a:5c:5f:20:2c:7b:e4:de:d4:58:ef:dd:
                    9a:34:5a:9a:d9:2b:d4:85:ec:28:54:1a:60:07:e4:
                    3b:a7:1e:65:74:32:c1:8e:89:0f:ec:ce:03:2b:fd:
                    10:10:cc:89:fc:80:ce:8a:b1:89:6c:41:7b:7f:40:
                    da:1f:6b:8d:ee:2c:c8:0c:c4:91:98:69:7b:48:82:
                    f1:eb:d7:a5:b5:85:a6:86:d0:be:b1:83:86:68:67:
                    92:e1:cb:ea:76:0a:59:04:ef:ac:fa:89:b7:66:d7:
                    d8:5f:2d:9c:a1:9f:07:70:ea:bb:26:6a:4b:19:e7:
                    10:69:55:8e:3d:53:76:36:af:fe:c1:52:22:01:02:
                    c7:be:51:90:98:6b:35:bc:87:a1:cb:d5:b8:11:46:
                    a7:28:a1:e1:62:4f:5f:6c:ce:10:31:66:4b:cd:d1:
                    03:eb:99:b2:1d:6a:26:f9:ee:3e:6c:c9:7a:09:be:
                    6f:03:73:f1:21:1f:e0:26:7d:1b:c4:b6:9c:2d:fe:
                    fe:64:cd:47:0c:f8:29:04:8d:63:1c:2d:9d:c3:08:
                    18:b2:88:eb:70:9a:46:3d:5d:99:e9:e1:ec:b7:a4:
                    b5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7C:C3:75:46:55:8A:BF:A8:F6:82:F1:7F:3C:B4:58:E6:10:C6:34
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203430383631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:70:33:8b:96:a5:87:0c:bc:51:a9:3c:cf:6a:d8:3f:95:7c:
         22:ab:cc:da:45:a2:08:a5:5a:0a:5a:c0:9f:90:59:39:86:2f:
         c4:a7:b1:13:42:59:e9:bc:a6:50:91:d3:28:d8:a5:2b:3a:2e:
         2a:44:ae:ed:9f:a9:b3:50:90:f7:41:25:1a:3c:36:a4:35:98:
         1b:54:7a:14:43:6a:4d:6c:b7:d8:92:bb:3e:0d:5c:2f:d5:ec:
         3f:9e:fd:65:63:92:ad:1a:ed:0c:cf:4b:13:01:aa:cb:f3:72:
         bf:a6:b1:ba:56:de:20:00:30:9d:17:e6:eb:f3:84:52:da:ff:
         0f:60:85:32:04:3e:b7:cd:6b:10:63:2c:a1:0c:4a:3f:e6:c7:
         c1:05:bc:ce:d2:44:36:c3:85:63:c8:e1:16:7c:90:4e:c1:fd:
         99:a6:98:26:23:88:53:4d:c0:a1:b1:d4:47:3c:5b:0c:dd:c0:
         d5:5f:cd:2a:85:e2:28:ee:d1:c2:4f:25:06:e5:04:41:fc:b3:
         7c:a1:3c:89:b7:d7:00:e9:bd:52:a8:52:e9:5e:6e:0b:28:16:
         9e:f9:1d:f7:64:77:f5:7c:66:41:81:da:c8:92:18:30:2b:b5:
         5c:c8:a9:78:f5:12:b1:41:ec:74:c6:ac:e4:9d:ec:4b:d8:3b:
         c5:eb:db:25
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUcGO8VBWFuDFNVD6WUQ1T2RWp50gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MjcxNTM4MjJaFw0yNTA5MjYxNTQzMjJaMDMxMTAvBgNV
BAMTKDgyN0NDMzc1NDY1NThBQkZBOEY2ODJGMTdGM0NCNDU4RTYxMEM2MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1tBEcoQdIRtIuZpGjF9FqkLa1
gXAJ9WXQp4X/rRLlRBpcXyAse+Te1Fjv3Zo0WprZK9SF7ChUGmAH5DunHmV0MsGO
iQ/szgMr/RAQzIn8gM6KsYlsQXt/QNofa43uLMgMxJGYaXtIgvHr16W1haaG0L6x
g4ZoZ5Lhy+p2ClkE76z6ibdm19hfLZyhnwdw6rsmaksZ5xBpVY49U3Y2r/7BUiIB
Ase+UZCYazW8h6HL1bgRRqcooeFiT19szhAxZkvN0QPrmbIdaib57j5syXoJvm8D
c/EhH+AmfRvEtpwt/v5kzUcM+CkEjWMcLZ3DCBiyiOtwmkY9XZnp4ey3pLUtAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUgnzDdUZVir+o9oLxfzy0WOYQxjQwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzgzNjMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYpMA0G
CSqGSIb3DQEBCwUAA4IBAQCTcDOLlqWHDLxRqTzPatg/lXwiq8zaRaIIpVoKWsCf
kFk5hi/Ep7ETQlnpvKZQkdMo2KUrOi4qRK7tn6mzUJD3QSUaPDakNZgbVHoUQ2pN
bLfYkrs+DVwv1ew/nv1lY5KtGu0Mz0sTAarL83K/prG6Vt4gADCdF+br84RS2v8P
YIUyBD63zWsQYyyhDEo/5sfBBbzO0kQ2w4VjyOEWfJBOwf2ZppgmI4hTTcChsdRH
PFsM3cDVX80qheIo7tHCTyUG5QRB/LN8oTyJt9cA6b1SqFLpXm4LKBae+R33ZHf1
fGZBgdrIkhgwK7VcyKl49RKxQex0xqzknexL2DvF69sl
-----END CERTIFICATE-----