Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34342e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34342e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          6ZRidIaQWbQ8Vy5Uh4WcynfGfRUudZitaD5JnKaPYRQ=
Subject key identifier:   0D:B4:79:13:D0:7A:17:B1:BF:E0:A4:F0:7C:3D:D2:02:EC:7B:BD:78
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       30614D694560CF0E62835B480111AEC9E3DB039B
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34342e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:61:4d:69:45:60:cf:0e:62:83:5b:48:01:11:ae:c9:e3:db:03:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=0DB47913D07A17B1BFE0A4F07C3DD202EC7BBD78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:89:a4:c2:26:cf:98:a8:c7:e3:ee:e8:5d:35:
                    46:ee:05:37:74:03:e5:bc:d0:f1:6d:43:d7:e4:6a:
                    3b:d3:3c:10:cd:0a:32:7c:29:36:c7:cf:ef:15:8e:
                    92:6f:3f:1b:fa:c6:ff:3d:ee:66:0c:b0:43:da:74:
                    5f:c5:a9:7b:70:20:0f:4f:48:f6:ea:ad:47:16:59:
                    3b:5f:85:c0:f6:a2:63:6c:fd:c2:3d:65:49:e7:0c:
                    58:fb:19:d6:29:3a:b0:40:8d:14:57:dd:41:9e:a7:
                    e2:d8:07:a5:fe:b8:06:1b:70:41:34:2a:b0:c2:06:
                    8a:ad:4e:df:4c:81:d4:d6:99:b3:81:d2:2e:bc:2c:
                    a0:50:dc:40:c0:d4:69:cc:ef:ea:f8:a7:7a:35:f3:
                    8f:c3:95:e2:b0:e8:85:64:8d:e5:17:12:01:06:3a:
                    1f:ff:1b:d6:1c:d9:61:09:02:29:9e:50:c7:9b:7d:
                    c5:a9:70:7c:c7:9d:d3:07:d8:15:24:bd:1b:06:13:
                    00:52:5a:38:41:44:85:33:a1:df:81:ef:dc:e2:ab:
                    d3:1b:34:8b:97:1f:fb:63:1f:ab:99:e1:6a:24:bb:
                    c5:20:05:a2:12:19:13:f8:59:7b:08:de:cd:c6:28:
                    70:c7:44:1e:f6:83:79:72:15:46:91:b5:18:25:d3:
                    bb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B4:79:13:D0:7A:17:B1:BF:E0:A4:F0:7C:3D:D2:02:EC:7B:BD:78
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34342e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:14:ed:ce:1d:d7:93:df:67:9d:df:59:9c:8d:4e:c8:a3:a7:
         e1:15:f7:8c:88:e4:4e:fa:c4:7d:1e:c7:d9:d4:09:bb:b4:69:
         31:21:ff:12:d5:fc:78:c3:b3:fb:29:1f:b4:a2:12:1a:07:e6:
         f5:6b:d6:54:c5:46:7f:e3:21:81:a4:34:fc:54:0d:b6:aa:9c:
         e0:dc:db:2d:39:a4:6c:02:00:23:54:02:f3:61:53:f1:90:ce:
         1a:a5:6a:01:41:7f:ff:98:b6:39:5c:0c:c5:16:2e:4e:9a:a7:
         ae:14:29:6a:8a:71:ab:5e:04:ff:59:40:1f:4f:69:f5:f3:6b:
         ac:47:63:c1:d9:c7:69:c9:bc:6d:08:7d:db:18:48:e3:51:94:
         80:ce:f4:cf:4b:dc:d3:d2:14:dd:9a:6c:49:a5:10:82:af:f6:
         e4:fe:7d:69:0e:a8:b1:b1:5c:2b:79:a2:7f:da:05:a0:0c:03:
         07:2f:4f:ab:77:a8:b7:c4:08:c9:e5:c8:67:0c:d2:1b:97:8b:
         9f:b8:15:ab:f1:80:d5:43:13:13:0d:3e:58:1c:a7:7d:00:1f:
         ca:af:31:dd:7a:86:ed:a5:8e:4a:e8:1e:b3:00:73:c9:1e:2a:
         e1:3a:e1:f7:a6:a8:41:29:40:25:dd:0d:2d:73:82:81:16:cf:
         4f:ca:fa:cb
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMGFNaUVgzw5ig1tIARGuyePbA5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKDBEQjQ3OTEzRDA3QTE3QjFCRkUwQTRGMDdDM0REMjAyRUM3QkJENzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUiaTCJs+YqMfj7uhdNUbuBTd0
A+W80PFtQ9fkajvTPBDNCjJ8KTbHz+8VjpJvPxv6xv897mYMsEPadF/FqXtwIA9P
SPbqrUcWWTtfhcD2omNs/cI9ZUnnDFj7GdYpOrBAjRRX3UGep+LYB6X+uAYbcEE0
KrDCBoqtTt9MgdTWmbOB0i68LKBQ3EDA1GnM7+r4p3o184/DleKw6IVkjeUXEgEG
Oh//G9Yc2WEJAimeUMebfcWpcHzHndMH2BUkvRsGEwBSWjhBRIUzod+B79ziq9Mb
NIuXH/tjH6uZ4Woku8UgBaISGRP4WXsI3s3GKHDHRB72g3lyFUaRtRgl07uvAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUDbR5E9B6F7G/4KTwfD3SAux7vXgwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYsMA0G
CSqGSIb3DQEBCwUAA4IBAQA5FO3OHdeT32ed31mcjU7Io6fhFfeMiORO+sR9HsfZ
1Am7tGkxIf8S1fx4w7P7KR+0ohIaB+b1a9ZUxUZ/4yGBpDT8VA22qpzg3NstOaRs
AgAjVALzYVPxkM4apWoBQX//mLY5XAzFFi5OmqeuFClqinGrXgT/WUAfT2n182us
R2PB2cdpybxtCH3bGEjjUZSAzvTPS9zT0hTdmmxJpRCCr/bk/n1pDqixsVwreaJ/
2gWgDAMHL0+rd6i3xAjJ5chnDNIbl4ufuBWr8YDVQxMTDT5YHKd9AB/KrzHdeobt
pY5K6B6zAHPJHirhOuH3pqhBKUAl3Q0tc4KBFs9PyvrL
-----END CERTIFICATE-----