Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34332e302f32342d3234203d3e20323134363534.roa
File:                     33312e362e34332e302f32342d3234203d3e20323134363534.roa (raw, json)
Hash identifier:          PDlulMewxeE7+H2stcH9KMmjQ4TG/v95Z0IU7BXdHuk=
Subject key identifier:   DB:27:4A:54:17:4E:FC:F7:A6:90:BB:55:DF:DA:F6:48:04:AE:32:1B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       181D7F0F5D4ECD1E76C3B542B37F824D84E0BA9D
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34332e302f32342d3234203d3e20323134363534.roa
Signing time:             Wed 06 Nov 2024 05:03:09 +0000
ROA not before:           Wed 06 Nov 2024 04:58:09 +0000
ROA not after:            Wed 05 Nov 2025 05:03:09 +0000
asID:                     214654
IP address blocks:        31.6.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:1d:7f:0f:5d:4e:cd:1e:76:c3:b5:42:b3:7f:82:4d:84:e0:ba:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov  6 04:58:09 2024 GMT
            Not After : Nov  5 05:03:09 2025 GMT
        Subject: CN=DB274A54174EFCF7A690BB55DFDAF64804AE321B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3f:20:7b:98:63:bd:4a:0a:16:fa:c6:3d:b6:
                    af:62:ae:6d:d1:86:76:64:2a:4b:ac:d7:fb:01:bb:
                    bf:df:87:55:0e:0d:18:e8:c1:c8:be:d5:f3:5e:95:
                    df:82:f7:f4:95:55:81:5b:a7:5d:21:b2:52:85:1f:
                    0e:b2:12:a4:dd:62:bb:bd:e0:0d:ee:ea:d4:18:6c:
                    53:ef:e0:c8:b0:eb:4e:75:7a:02:a6:e0:3e:70:90:
                    ad:fd:64:42:eb:8b:96:92:6a:3f:61:70:54:43:18:
                    56:db:31:84:6f:41:28:3d:1c:00:4e:67:8d:b9:49:
                    f4:31:88:cb:52:92:6f:2f:73:d8:8b:92:27:5a:cd:
                    41:cf:43:8c:65:0b:42:26:a4:46:dc:46:47:a4:3e:
                    0f:0e:01:f1:9f:14:10:99:f4:9b:8e:b7:a5:54:e0:
                    56:27:97:da:00:74:94:7d:e6:54:f3:45:10:00:0b:
                    b6:76:95:fa:51:8e:e0:ef:20:70:e9:67:23:85:0c:
                    0f:44:11:94:67:2c:47:ac:3f:dc:8a:f8:9e:b6:80:
                    6b:6a:85:dd:11:8d:1b:52:45:9e:fb:97:2f:e8:c0:
                    3f:4d:17:b6:03:bf:42:7e:30:0d:0d:2e:ca:24:a8:
                    d6:39:29:cd:fb:9b:00:af:4a:05:51:57:23:4c:fa:
                    e5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:27:4A:54:17:4E:FC:F7:A6:90:BB:55:DF:DA:F6:48:04:AE:32:1B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34332e302f32342d3234203d3e20323134363534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c3:bf:12:1f:dd:41:41:c8:fe:1a:32:d1:55:57:fb:2a:70:
         e4:ca:fc:4b:72:ab:ac:0b:71:30:a9:14:e0:4b:c9:85:ba:a8:
         b6:42:51:b7:2b:f0:53:81:cb:d2:b2:ac:f6:a9:15:24:16:a5:
         03:ab:1f:7e:14:e1:a6:a1:c1:0f:a0:7c:ec:79:d3:3c:4e:0e:
         42:6d:2e:ef:2b:4e:34:f1:c8:be:44:8c:79:f9:6a:81:9d:4f:
         97:5c:e6:ef:78:0d:c0:08:9b:31:ec:02:c6:f0:9f:c1:5a:9d:
         ea:d6:17:43:6e:d1:cf:f5:b8:11:9e:c1:ed:8f:45:93:72:d0:
         f0:31:c3:34:15:dd:a1:bc:31:96:38:de:10:70:61:96:75:cc:
         9f:46:08:59:7b:65:28:db:cd:55:93:4f:d5:c4:ea:c6:fd:30:
         ce:64:ce:3f:ba:0a:00:7a:e5:68:3f:95:24:3d:cf:e4:56:c8:
         81:7b:15:a0:9a:c8:a5:9c:e2:39:2d:68:47:16:3c:49:da:10:
         c8:12:41:71:7b:39:fd:66:60:f8:bf:b7:3d:e2:ef:f1:c8:2e:
         78:1b:f7:a0:14:89:d8:68:20:07:40:52:d4:f7:d2:3d:c0:07:
         3c:fd:98:b4:44:39:0f:bc:af:d7:11:4b:c6:0a:1b:10:44:e0:
         d7:3a:65:31
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGB1/D11OzR52w7VCs3+CTYTgup0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMDYwNDU4MDlaFw0yNTExMDUwNTAzMDlaMDMxMTAvBgNV
BAMTKERCMjc0QTU0MTc0RUZDRjdBNjkwQkI1NURGREFGNjQ4MDRBRTMyMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPyB7mGO9SgoW+sY9tq9irm3R
hnZkKkus1/sBu7/fh1UODRjowci+1fNeld+C9/SVVYFbp10hslKFHw6yEqTdYru9
4A3u6tQYbFPv4Miw6051egKm4D5wkK39ZELri5aSaj9hcFRDGFbbMYRvQSg9HABO
Z425SfQxiMtSkm8vc9iLkidazUHPQ4xlC0ImpEbcRkekPg8OAfGfFBCZ9JuOt6VU
4FYnl9oAdJR95lTzRRAAC7Z2lfpRjuDvIHDpZyOFDA9EEZRnLEesP9yK+J62gGtq
hd0RjRtSRZ77ly/owD9NF7YDv0J+MA0NLsokqNY5Kc37mwCvSgVRVyNM+uU3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU2ydKVBdO/PemkLtV39r2SASuMhswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzNjM1MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBisw
DQYJKoZIhvcNAQELBQADggEBAATDvxIf3UFByP4aMtFVV/sqcOTK/Etyq6wLcTCp
FOBLyYW6qLZCUbcr8FOBy9KyrPapFSQWpQOrH34U4aahwQ+gfOx50zxODkJtLu8r
TjTxyL5EjHn5aoGdT5dc5u94DcAImzHsAsbwn8FanerWF0Nu0c/1uBGewe2PRZNy
0PAxwzQV3aG8MZY43hBwYZZ1zJ9GCFl7ZSjbzVWTT9XE6sb9MM5kzj+6CgB65Wg/
lSQ9z+RWyIF7FaCayKWc4jktaEcWPEnaEMgSQXF7Of1mYPi/tz3i7/HILngb96AU
idhoIAdAUtT30j3ABzz9mLREOQ+8r9cRS8YKGxBE4Nc6ZTE=
-----END CERTIFICATE-----