Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203430383631.roa
File:                     33312e362e34322e302f32342d3234203d3e203430383631.roa (raw, json)
Hash identifier:          APAED/Ixp0FkTESeZx7d5L5RhvyXl0SkR+yI1KbojQs=
Subject key identifier:   10:13:14:B0:D1:BB:03:4A:D8:44:6D:AE:AB:03:A7:82:20:0B:66:B5
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       718839D3C63BB5C8D943FCEB6E773E1D791EF189
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203430383631.roa
Signing time:             Fri 27 Sep 2024 15:43:22 +0000
ROA not before:           Fri 27 Sep 2024 15:38:22 +0000
ROA not after:            Fri 26 Sep 2025 15:43:22 +0000
asID:                     40861
IP address blocks:        31.6.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:88:39:d3:c6:3b:b5:c8:d9:43:fc:eb:6e:77:3e:1d:79:1e:f1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep 27 15:38:22 2024 GMT
            Not After : Sep 26 15:43:22 2025 GMT
        Subject: CN=101314B0D1BB034AD8446DAEAB03A782200B66B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b5:da:08:d9:e4:79:9f:82:62:f7:52:87:09:
                    39:4a:6d:0f:a3:8e:31:fa:31:e4:1d:e9:76:f4:16:
                    f2:66:53:b5:42:d8:07:7e:59:3c:b2:e2:4f:e1:1a:
                    52:04:c0:ab:51:97:cc:16:a2:a2:b1:0c:5c:f8:50:
                    58:cb:e1:d9:96:db:52:60:1a:15:9b:fc:74:1d:2b:
                    9c:39:9c:22:83:ae:86:8c:10:f6:2f:28:ec:a5:30:
                    28:bc:72:e0:d8:5f:71:6f:db:88:38:be:3a:7a:73:
                    03:ef:ab:e1:25:bf:38:39:c1:88:28:78:7d:18:00:
                    68:9f:00:4b:a2:ad:2e:91:ab:82:e6:17:3b:81:0e:
                    ae:c7:6c:bd:b4:b8:a8:23:21:1d:ff:f4:e3:82:50:
                    c7:ea:ca:04:b1:68:35:ab:ba:1a:92:86:1d:f9:f9:
                    91:36:27:1d:4f:60:fe:81:3e:ac:91:e0:39:94:fc:
                    9e:ce:69:bd:ef:44:af:87:c1:0e:4c:06:d0:22:53:
                    1d:51:2c:3c:65:4e:fc:d9:a2:07:ea:68:f4:c0:ac:
                    e1:ce:79:85:23:c1:d3:5d:22:47:b4:1c:3d:54:53:
                    15:52:7a:05:da:e4:5f:24:9d:02:13:f3:21:76:a4:
                    3b:97:0c:d6:bd:65:f0:d2:fa:b0:5c:8a:9b:95:a3:
                    b6:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:13:14:B0:D1:BB:03:4A:D8:44:6D:AE:AB:03:A7:82:20:0B:66:B5
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203430383631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:6d:a8:8b:84:90:5d:70:ec:38:bc:49:59:da:9b:aa:dd:3a:
         cb:f8:f3:5d:e0:65:fd:d4:6c:1e:60:93:cd:30:3d:d5:26:cb:
         d5:c2:75:22:82:8a:e9:bd:e1:b8:ca:ec:c3:e8:66:05:dd:18:
         db:36:18:ef:e6:ad:47:ad:c7:38:27:c4:6a:2a:ee:c1:e5:89:
         54:35:47:3e:eb:a7:f5:7f:f1:32:38:66:2c:e2:2e:f3:dc:cd:
         3d:46:62:80:2d:f0:89:a5:31:9d:8c:47:05:4f:64:5f:8a:a7:
         09:66:13:08:29:b7:bc:3f:ce:f9:dd:32:81:14:42:f0:86:fe:
         a1:25:26:6b:50:33:da:d5:72:68:5c:5e:a7:41:bb:6a:6f:7f:
         7e:dd:f2:9d:06:56:dd:ab:c3:2d:c2:11:90:71:90:16:54:ff:
         0d:e0:42:1e:42:24:81:02:b8:e9:af:ba:d6:5f:9d:ab:45:5c:
         6c:4f:ea:5f:c7:ca:c4:d0:82:8c:22:51:14:f7:6a:c9:30:90:
         e6:12:65:2a:38:72:cf:32:80:84:e5:ee:66:6b:b4:ca:ee:3f:
         9d:17:78:18:e0:c4:a9:96:4f:7e:62:57:79:ef:d8:5e:79:69:
         ba:73:2a:2d:03:40:48:89:1a:4b:13:34:08:66:da:7e:9a:2f:
         2d:04:db:e7
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUcYg508Y7tcjZQ/zrbnc+HXke8YkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MjcxNTM4MjJaFw0yNTA5MjYxNTQzMjJaMDMxMTAvBgNV
BAMTKDEwMTMxNEIwRDFCQjAzNEFEODQ0NkRBRUFCMDNBNzgyMjAwQjY2QjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7tdoI2eR5n4Ji91KHCTlKbQ+j
jjH6MeQd6Xb0FvJmU7VC2Ad+WTyy4k/hGlIEwKtRl8wWoqKxDFz4UFjL4dmW21Jg
GhWb/HQdK5w5nCKDroaMEPYvKOylMCi8cuDYX3Fv24g4vjp6cwPvq+Elvzg5wYgo
eH0YAGifAEuirS6Rq4LmFzuBDq7HbL20uKgjIR3/9OOCUMfqygSxaDWruhqShh35
+ZE2Jx1PYP6BPqyR4DmU/J7Oab3vRK+HwQ5MBtAiUx1RLDxlTvzZogfqaPTArOHO
eYUjwdNdIke0HD1UUxVSegXa5F8knQIT8yF2pDuXDNa9ZfDS+rBcipuVo7YrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUEBMUsNG7A0rYRG2uqwOngiALZrUwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzgzNjMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYqMA0G
CSqGSIb3DQEBCwUAA4IBAQBzbaiLhJBdcOw4vElZ2puq3TrL+PNd4GX91GweYJPN
MD3VJsvVwnUigorpveG4yuzD6GYF3RjbNhjv5q1Hrcc4J8RqKu7B5YlUNUc+66f1
f/EyOGYs4i7z3M09RmKALfCJpTGdjEcFT2RfiqcJZhMIKbe8P8753TKBFELwhv6h
JSZrUDPa1XJoXF6nQbtqb39+3fKdBlbdq8MtwhGQcZAWVP8N4EIeQiSBArjpr7rW
X52rRVxsT+pfx8rE0IKMIlEU92rJMJDmEmUqOHLPMoCE5e5ma7TK7j+dF3gY4MSp
lk9+Yld579heeWm6cyotA0BIiRpLEzQIZtp+mi8tBNvn
-----END CERTIFICATE-----