Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34322e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          fdbV+niiX8swsq3+z7xhgiKUHxF6lItg1Q8AfYJBIRk=
Subject key identifier:   B5:1E:76:61:66:30:19:61:F1:1E:B7:99:43:CF:54:35:8F:CB:11:86
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       76850E779301C56C5DC486FB2080BFECEF3B9F95
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     22363
IP address blocks:        31.6.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:85:0e:77:93:01:c5:6c:5d:c4:86:fb:20:80:bf:ec:ef:3b:9f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=B51E766166301961F11EB79943CF54358FCB1186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:94:87:f9:ca:1c:8a:5a:cf:59:33:ba:5f:55:
                    fa:f9:6c:56:2a:78:50:c6:0f:4d:08:d0:97:43:aa:
                    35:05:1d:73:2d:93:79:36:39:30:ce:17:a9:df:bc:
                    6b:d7:ce:fd:1b:d3:7c:28:cd:36:6f:1c:18:00:c7:
                    15:01:13:66:47:ef:07:98:42:cd:48:8d:36:f8:87:
                    93:c5:e8:5c:b3:29:a1:d3:26:59:a2:1f:47:09:4a:
                    0d:60:97:ac:a8:1b:10:fe:10:00:7e:33:4d:5c:a9:
                    4f:dc:11:08:a1:0d:ac:cc:b4:75:33:fc:5b:a5:21:
                    8f:7f:3a:e7:26:b9:da:b5:28:6f:2e:aa:c1:7c:91:
                    f8:3a:d7:05:40:11:56:37:ca:8c:72:4c:89:3b:8f:
                    2a:1c:c1:e6:64:6b:b7:59:75:d2:1f:d5:43:e9:04:
                    59:c9:20:43:d1:78:b8:77:a8:b1:4f:99:cb:53:d4:
                    e3:9e:7b:ba:70:28:90:c5:3f:8b:6c:fe:cb:9c:4c:
                    d8:a5:67:d0:7f:bc:bb:c1:a7:9d:17:de:7c:de:70:
                    ff:db:d0:e5:b6:7c:d9:68:2d:0b:f2:0f:0e:bc:0d:
                    f3:97:05:3e:ad:56:65:73:56:e6:7a:78:7e:47:e4:
                    1d:03:92:ef:89:23:2a:11:e7:80:ba:66:78:0f:6f:
                    54:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:1E:76:61:66:30:19:61:F1:1E:B7:99:43:CF:54:35:8F:CB:11:86
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:70:16:ec:92:61:76:b9:ed:14:a2:04:8f:34:22:32:d2:f2:
         c6:01:77:c5:f4:d8:c9:6e:c8:ce:4c:f2:f7:95:1f:38:85:c4:
         8d:5c:a2:b5:1a:67:9d:5f:7c:85:56:b5:a9:e5:a9:35:6f:2a:
         3e:74:79:2c:78:1c:49:9a:0c:e8:3a:43:31:c5:f9:d5:24:4c:
         79:a1:bc:f5:90:8c:00:27:22:9a:f0:6c:6d:cd:af:e5:1f:a1:
         2e:bc:43:d6:70:09:d0:7a:72:04:88:28:4a:7f:bf:10:df:ca:
         98:f1:e9:da:8d:f2:9b:fc:20:44:25:07:ab:e5:cc:b7:6d:bb:
         94:a7:f7:ad:20:11:ed:0e:62:b9:6a:28:05:97:97:1c:e5:6d:
         c9:35:31:89:ba:a7:9e:f1:af:07:a0:a3:1e:0f:42:93:c1:af:
         80:4d:14:8d:7e:e5:98:56:c0:c4:80:7b:da:37:78:93:4a:a3:
         ba:4d:04:16:68:a1:73:42:46:0b:b0:9b:25:f6:74:17:33:88:
         28:15:f9:af:ce:ce:65:83:b9:4c:cb:c4:e5:1e:6d:31:b5:71:
         38:44:a4:ad:cd:1a:b5:ed:63:ac:04:cf:ec:c3:27:73:a7:ec:
         0b:8e:e0:61:9e:ea:3f:d7:2d:5b:76:d6:b1:14:4b:f3:9e:00:
         c1:17:82:ed
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUdoUOd5MBxWxdxIb7IIC/7O87n5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKEI1MUU3NjYxNjYzMDE5NjFGMTFFQjc5OTQzQ0Y1NDM1OEZDQjExODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPlIf5yhyKWs9ZM7pfVfr5bFYq
eFDGD00I0JdDqjUFHXMtk3k2OTDOF6nfvGvXzv0b03wozTZvHBgAxxUBE2ZH7weY
Qs1IjTb4h5PF6FyzKaHTJlmiH0cJSg1gl6yoGxD+EAB+M01cqU/cEQihDazMtHUz
/FulIY9/Oucmudq1KG8uqsF8kfg61wVAEVY3yoxyTIk7jyocweZka7dZddIf1UPp
BFnJIEPReLh3qLFPmctT1OOee7pwKJDFP4ts/sucTNilZ9B/vLvBp50X3nzecP/b
0OW2fNloLQvyDw68DfOXBT6tVmVzVuZ6eH5H5B0Dku+JIyoR54C6ZngPb1RfAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtR52YWYwGWHxHreZQ89UNY/LEYYwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYqMA0G
CSqGSIb3DQEBCwUAA4IBAQBWcBbskmF2ue0UogSPNCIy0vLGAXfF9NjJbsjOTPL3
lR84hcSNXKK1GmedX3yFVrWp5ak1byo+dHkseBxJmgzoOkMxxfnVJEx5obz1kIwA
JyKa8Gxtza/lH6EuvEPWcAnQenIEiChKf78Q38qY8enajfKb/CBEJQer5cy3bbuU
p/etIBHtDmK5aigFl5cc5W3JNTGJuqee8a8HoKMeD0KTwa+ATRSNfuWYVsDEgHva
N3iTSqO6TQQWaKFzQkYLsJsl9nQXM4goFfmvzs5lg7lMy8TlHm0xtXE4RKStzRq1
7WOsBM/swydzp+wLjuBhnuo/1y1bdtaxFEvzngDBF4Lt
-----END CERTIFICATE-----