Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34322e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          s4vxpzYl64b5NzbHgTMPNOFt2LJogBJktL4SBIrSJ7Y=
Subject key identifier:   0B:33:3D:15:C6:CE:4C:13:BE:FB:C7:B4:D2:34:43:F9:0E:47:71:ED
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       321EF2059880A54036835EC86F7C191708E5A9F1
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:21:40 +0000
ROA not before:           Mon 02 Oct 2023 05:16:40 +0000
ROA not after:            Mon 30 Sep 2024 05:21:40 +0000
asID:                     22363
IP address blocks:        31.6.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 14:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:1e:f2:05:98:80:a5:40:36:83:5e:c8:6f:7c:19:17:08:e5:a9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:16:40 2023 GMT
            Not After : Sep 30 05:21:40 2024 GMT
        Subject: CN=0B333D15C6CE4C13BEFBC7B4D23443F90E4771ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cd:02:75:e8:97:42:e8:9b:95:07:83:06:c0:
                    cf:eb:cd:0e:8e:30:a7:83:f7:50:aa:e7:9c:02:95:
                    e1:dd:bf:58:79:83:9d:e9:4f:48:41:2b:56:f0:bc:
                    da:8f:ae:93:83:88:de:8c:c3:f4:0c:b4:f9:b9:75:
                    1a:60:06:dc:9e:f3:bc:54:ef:e1:21:46:fb:e8:98:
                    c5:11:44:29:ad:bd:fe:70:db:ab:91:ac:46:62:1f:
                    91:86:b9:fd:35:99:bc:f9:23:a2:fc:cd:f2:19:83:
                    81:d8:bf:23:b4:36:da:97:a1:a0:d2:dc:6d:25:a1:
                    48:60:5c:38:1e:a4:9d:ff:f5:88:06:48:23:33:c7:
                    39:d8:42:f1:5b:cb:8c:21:42:e7:73:da:22:0b:f1:
                    38:19:6f:eb:86:26:84:b1:c2:77:b5:86:91:d5:df:
                    f8:45:7c:16:8d:1a:88:93:39:32:a8:fd:25:6b:21:
                    52:e8:d3:d5:25:04:93:1e:27:59:d6:b5:41:b7:44:
                    54:31:70:7c:a0:72:62:bf:b1:0f:be:a6:b8:a8:f8:
                    fd:31:19:dc:35:1e:0a:8b:82:aa:1f:8c:36:15:c8:
                    bd:0c:26:e7:84:12:db:47:a9:86:6c:2d:46:84:52:
                    64:94:e2:cb:76:16:f4:64:82:e4:43:5b:06:96:ae:
                    ad:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:33:3D:15:C6:CE:4C:13:BE:FB:C7:B4:D2:34:43:F9:0E:47:71:ED
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:64:9b:54:a3:0d:c9:ea:ff:fe:19:e8:32:89:9c:6c:56:d7:
         fd:ec:51:81:01:c0:29:81:88:c4:b9:e8:3e:99:7e:fc:a4:7d:
         a9:b3:61:58:ba:82:9b:0a:75:0f:d2:67:61:98:94:e4:77:8c:
         c3:17:00:e8:97:0c:19:7f:32:fa:cf:a1:61:21:0e:5c:92:b6:
         cb:8c:e6:f4:c4:e3:39:51:60:30:48:90:d4:5a:10:b4:f2:e9:
         bd:c2:cf:b8:a7:cf:87:5d:a3:af:fe:4e:72:9b:ab:42:0c:c5:
         0d:af:25:b6:1e:05:9f:ea:1b:5d:c9:5a:53:96:25:71:ac:76:
         76:bc:42:81:6e:99:6d:3a:05:fb:df:6b:9e:37:07:9f:f3:71:
         60:55:73:31:d6:50:bd:54:2d:2c:a0:af:88:d5:27:f8:2d:34:
         62:53:e9:bd:22:fb:73:a9:0f:56:0e:7b:46:96:50:de:75:b1:
         0c:0a:95:de:92:5c:ad:67:cc:03:00:f5:16:8e:98:c9:36:f3:
         13:64:09:80:be:1a:cd:24:6b:77:bc:22:aa:6e:c4:0d:12:1d:
         85:b5:4e:0e:b9:a1:c2:25:1e:bc:48:56:1e:d6:e0:ae:00:75:
         43:ab:21:ce:d8:71:98:9b:3d:16:c4:d4:25:5d:ad:30:d2:44:
         0c:29:7c:16
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMh7yBZiApUA2g17Ib3wZFwjlqfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE2NDBaFw0yNDA5MzAwNTIxNDBaMDMxMTAvBgNV
BAMTKDBCMzMzRDE1QzZDRTRDMTNCRUZCQzdCNEQyMzQ0M0Y5MEU0NzcxRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+zQJ16JdC6JuVB4MGwM/rzQ6O
MKeD91Cq55wCleHdv1h5g53pT0hBK1bwvNqPrpODiN6Mw/QMtPm5dRpgBtye87xU
7+EhRvvomMURRCmtvf5w26uRrEZiH5GGuf01mbz5I6L8zfIZg4HYvyO0NtqXoaDS
3G0loUhgXDgepJ3/9YgGSCMzxznYQvFby4whQudz2iIL8TgZb+uGJoSxwne1hpHV
3/hFfBaNGoiTOTKo/SVrIVLo09UlBJMeJ1nWtUG3RFQxcHygcmK/sQ++prio+P0x
Gdw1HgqLgqofjDYVyL0MJueEEttHqYZsLUaEUmSU4st2FvRkguRDWwaWrq2PAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUCzM9FcbOTBO++8e00jRD+Q5Hce0wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYqMA0G
CSqGSIb3DQEBCwUAA4IBAQBdZJtUow3J6v/+GegyiZxsVtf97FGBAcApgYjEueg+
mX78pH2ps2FYuoKbCnUP0mdhmJTkd4zDFwDolwwZfzL6z6FhIQ5ckrbLjOb0xOM5
UWAwSJDUWhC08um9ws+4p8+HXaOv/k5ym6tCDMUNryW2HgWf6htdyVpTliVxrHZ2
vEKBbpltOgX732ueNwef83FgVXMx1lC9VC0soK+I1Sf4LTRiU+m9IvtzqQ9WDntG
llDedbEMCpXeklytZ8wDAPUWjpjJNvMTZAmAvhrNJGt3vCKqbsQNEh2FtU4OuaHC
JR68SFYe1uCuAHVDqyHO2HGYmz0WxNQlXa0w0kQMKXwW
-----END CERTIFICATE-----