Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34332e302f32342d3234203d3e203336353330.roa
File:                     33312e362e34332e302f32342d3234203d3e203336353330.roa (raw, json)
Hash identifier:          M0JqW0jJxiCfpZHBQuid5LQxuTfXuPDUsOdIjQdVu2g=
Subject key identifier:   16:C0:2A:0F:31:50:04:B0:DF:2D:44:29:C0:A2:41:4A:7D:E6:5D:0B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       6E271A8FEB93601E6405113FCA5F121615AB4082
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34332e302f32342d3234203d3e203336353330.roa
Signing time:             Thu 16 Jan 2025 09:21:47 +0000
ROA not before:           Thu 16 Jan 2025 09:16:47 +0000
ROA not after:            Thu 15 Jan 2026 09:21:47 +0000
asID:                     36530
IP address blocks:        31.6.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:27:1a:8f:eb:93:60:1e:64:05:11:3f:ca:5f:12:16:15:ab:40:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jan 16 09:16:47 2025 GMT
            Not After : Jan 15 09:21:47 2026 GMT
        Subject: CN=16C02A0F315004B0DF2D4429C0A2414A7DE65D0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:56:31:59:02:43:58:51:23:ba:b3:5d:3a:df:
                    df:3d:ae:30:4c:a7:6b:ca:78:e1:a7:ea:8d:09:bc:
                    41:9b:18:97:a2:53:21:38:64:bb:b9:52:24:27:94:
                    8a:e8:62:90:9e:f1:97:8b:64:8a:7d:8e:ca:92:d7:
                    93:46:df:28:5d:a0:a4:c4:cf:36:b7:3b:29:82:55:
                    dd:42:2a:22:2b:cc:69:3b:82:96:d9:08:9f:70:32:
                    66:97:28:52:29:e3:51:c3:56:c8:2f:81:a0:1e:04:
                    f4:62:e6:bd:c3:65:ed:6e:5e:b3:78:e7:c7:b1:c9:
                    22:c2:23:05:78:8f:9a:f2:1e:2a:8f:78:5d:d8:32:
                    4c:56:d4:34:d4:8b:39:6d:79:7d:ad:fb:74:70:0e:
                    60:dc:ee:b7:c8:81:9c:26:53:ff:e6:4e:65:98:d0:
                    69:76:62:94:28:b9:b4:e2:06:01:14:08:f9:92:a3:
                    39:4b:0a:96:0f:ed:b7:7c:73:d3:fb:f7:86:38:ee:
                    4f:77:34:73:c3:fe:b8:5e:92:0d:57:2a:a2:2b:bf:
                    7f:a1:56:97:fd:10:06:8c:d4:ae:e9:09:72:05:66:
                    09:a1:02:40:7b:3a:83:22:51:6a:41:23:94:ec:bb:
                    a6:27:a2:76:ba:a6:a7:0a:e7:1f:42:14:90:86:e2:
                    5c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C0:2A:0F:31:50:04:B0:DF:2D:44:29:C0:A2:41:4A:7D:E6:5D:0B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34332e302f32342d3234203d3e203336353330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:68:32:36:55:3b:80:b7:ef:1e:45:67:b4:17:4f:5f:14:d4:
         4c:a6:3a:81:db:15:24:95:1c:ae:71:85:1a:37:e8:17:87:bf:
         78:83:8d:57:ef:c0:9a:be:76:c3:7b:4c:ef:9a:40:39:93:99:
         74:b3:6f:f7:49:de:1b:10:2d:65:95:62:41:a7:68:60:f3:18:
         21:57:c7:f8:f7:1a:5f:9a:ba:ae:02:43:95:f9:9f:eb:6e:8e:
         7e:5b:6f:d9:28:81:4e:ef:63:13:9a:5e:55:1c:dd:eb:55:5d:
         3f:c6:d4:13:3b:af:e6:ef:42:24:23:7c:22:6d:0d:b5:13:c6:
         37:b3:98:af:8b:ae:0e:d0:d4:b4:e7:e3:fd:23:ba:cd:0c:ab:
         95:3f:7c:e7:0e:bb:93:2c:92:29:7d:43:29:c3:4d:5e:8f:24:
         a7:ef:0a:3d:83:ea:08:d8:07:03:f3:1f:63:5f:a1:b8:d5:ec:
         c2:ab:2b:a8:f0:fb:6e:a1:4d:b8:a8:f4:34:7f:90:c6:a3:ef:
         e1:33:75:ff:45:4c:95:54:99:e7:69:0a:94:3b:5c:31:2d:29:
         e5:fd:a6:41:a3:9c:28:ca:88:7e:de:57:db:0c:88:b4:da:c3:
         ff:c4:ee:e6:16:be:bf:d4:3e:21:c9:ac:b4:71:b2:be:7b:40:
         0a:b7:e1:af
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUbicaj+uTYB5kBRE/yl8SFhWrQIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTAxMTYwOTE2NDdaFw0yNjAxMTUwOTIxNDdaMDMxMTAvBgNV
BAMTKDE2QzAyQTBGMzE1MDA0QjBERjJENDQyOUMwQTI0MTRBN0RFNjVEMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiVjFZAkNYUSO6s1063989rjBM
p2vKeOGn6o0JvEGbGJeiUyE4ZLu5UiQnlIroYpCe8ZeLZIp9jsqS15NG3yhdoKTE
zza3OymCVd1CKiIrzGk7gpbZCJ9wMmaXKFIp41HDVsgvgaAeBPRi5r3DZe1uXrN4
58exySLCIwV4j5ryHiqPeF3YMkxW1DTUizlteX2t+3RwDmDc7rfIgZwmU//mTmWY
0Gl2YpQoubTiBgEUCPmSozlLCpYP7bd8c9P794Y47k93NHPD/rhekg1XKqIrv3+h
Vpf9EAaM1K7pCXIFZgmhAkB7OoMiUWpBI5Tsu6Ynona6pqcK5x9CFJCG4lzVAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUFsAqDzFQBLDfLUQpwKJBSn3mXQswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM2MzUzMzMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYrMA0G
CSqGSIb3DQEBCwUAA4IBAQCAaDI2VTuAt+8eRWe0F09fFNRMpjqB2xUklRyucYUa
N+gXh794g41X78CavnbDe0zvmkA5k5l0s2/3Sd4bEC1llWJBp2hg8xghV8f49xpf
mrquAkOV+Z/rbo5+W2/ZKIFO72MTml5VHN3rVV0/xtQTO6/m70IkI3wibQ21E8Y3
s5ivi64O0NS05+P9I7rNDKuVP3znDruTLJIpfUMpw01ejySn7wo9g+oI2AcD8x9j
X6G41ezCqyuo8PtuoU24qPQ0f5DGo+/hM3X/RUyVVJnnaQqUO1wxLSnl/aZBo5wo
yoh+3lfbDIi02sP/xO7mFr6/1D4hyay0cbK+e0AKt+Gv
-----END CERTIFICATE-----