Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa
File:                     33312e362e34352e302f32342d3234203d3e20323039303433.roa (raw, json)
Hash identifier:          wLTuRL/a/8knYCKoJdODrI0s0g7Dj4jzbE0QJ69DVPU=
Subject key identifier:   88:B8:D7:87:7F:42:C4:94:F3:FF:A2:28:8B:BA:02:31:CD:45:69:54
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       267B2891A6104D2842F6ADE5A6628553081AAD42
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa
Signing time:             Thu 16 May 2024 09:26:40 +0000
ROA not before:           Thu 16 May 2024 09:21:40 +0000
ROA not after:            Thu 15 May 2025 09:26:40 +0000
asID:                     209043
IP address blocks:        31.6.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:7b:28:91:a6:10:4d:28:42:f6:ad:e5:a6:62:85:53:08:1a:ad:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May 16 09:21:40 2024 GMT
            Not After : May 15 09:26:40 2025 GMT
        Subject: CN=88B8D7877F42C494F3FFA2288BBA0231CD456954
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:44:9b:16:8a:11:9d:95:de:17:5d:8d:97:cf:
                    b4:56:8b:bd:39:86:fb:b4:7c:cb:c7:64:3c:8d:63:
                    e1:ff:db:8a:d9:58:ca:4b:c2:10:bb:e8:15:08:32:
                    81:25:3a:98:f8:86:03:c5:29:ab:ce:51:71:9b:71:
                    bb:70:f3:7e:e5:83:69:aa:9e:37:ab:4d:f1:95:c1:
                    91:9e:bf:21:c5:ec:92:ea:18:ec:17:5a:3f:95:fb:
                    08:94:68:46:17:9d:32:29:f1:44:e4:96:59:03:d9:
                    0d:45:ab:39:13:81:d5:16:75:df:f9:b5:a4:45:54:
                    7a:76:cb:95:07:ab:91:b6:d3:67:8d:aa:d4:4f:21:
                    46:7e:80:b4:26:63:d0:98:e1:c8:28:9e:43:f9:f7:
                    22:62:bc:a7:63:5b:1f:56:41:08:33:19:9c:b0:ab:
                    25:c0:ba:ae:66:56:19:91:7c:0a:4a:2e:c3:35:ea:
                    9e:00:91:8c:a6:18:92:f8:5b:9e:b1:82:76:94:4c:
                    6d:23:8b:ec:09:fd:f6:77:25:2d:c1:28:4f:b6:a4:
                    ea:41:47:bb:20:30:06:8e:af:b5:87:f1:e8:e3:7d:
                    62:61:41:d0:aa:82:b1:2d:2c:c9:a6:9d:f3:e1:ae:
                    85:d2:9c:17:a4:bb:b0:67:48:e7:20:65:03:40:5d:
                    cb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B8:D7:87:7F:42:C4:94:F3:FF:A2:28:8B:BA:02:31:CD:45:69:54
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:de:31:f9:fe:55:2a:72:32:f0:90:12:dd:f8:89:c2:6a:f2:
         e6:c4:62:55:1f:a5:4e:00:ed:8d:3c:94:30:0c:b5:45:a7:e1:
         01:e7:eb:6c:fa:2b:de:40:2f:dc:d5:e6:5b:14:50:f4:47:69:
         2f:95:b6:3d:c2:bb:08:6d:2e:82:c9:d9:ff:b5:73:7a:c5:8a:
         6d:fe:43:a3:6f:c6:21:f0:9a:ac:81:ea:3a:f2:25:1d:51:ff:
         cb:69:73:61:f4:c0:a4:50:14:d2:fa:f8:64:40:2a:52:4d:da:
         54:10:94:b8:14:55:f3:88:80:d3:de:76:27:b3:c6:46:d4:e4:
         0f:5b:3b:73:b8:6b:9d:72:56:1a:12:d0:14:74:32:03:20:d7:
         13:2b:30:dc:b7:1c:ed:8a:0a:8f:38:36:2a:06:8d:5e:0b:31:
         fa:fe:1b:9b:39:8f:c3:98:d4:fa:ef:df:a2:5c:91:cf:16:13:
         f8:f2:f7:e4:8e:c5:93:91:18:dd:e1:fe:8e:a3:d9:4c:3d:37:
         da:67:73:c5:1e:0d:4d:78:e7:fe:2d:70:0f:f7:be:49:49:17:
         19:11:df:1d:ab:93:cd:65:51:e1:18:4e:a8:77:a8:f6:c5:73:
         07:39:ae:e0:37:69:93:7b:88:58:e2:94:1d:a2:5e:2d:62:26:
         fb:48:a9:11
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJnsokaYQTShC9q3lpmKFUwgarUIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA1MTYwOTIxNDBaFw0yNTA1MTUwOTI2NDBaMDMxMTAvBgNV
BAMTKDg4QjhENzg3N0Y0MkM0OTRGM0ZGQTIyODhCQkEwMjMxQ0Q0NTY5NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTRJsWihGdld4XXY2Xz7RWi705
hvu0fMvHZDyNY+H/24rZWMpLwhC76BUIMoElOpj4hgPFKavOUXGbcbtw837lg2mq
njerTfGVwZGevyHF7JLqGOwXWj+V+wiUaEYXnTIp8UTkllkD2Q1FqzkTgdUWdd/5
taRFVHp2y5UHq5G202eNqtRPIUZ+gLQmY9CY4cgonkP59yJivKdjWx9WQQgzGZyw
qyXAuq5mVhmRfApKLsM16p4AkYymGJL4W56xgnaUTG0ji+wJ/fZ3JS3BKE+2pOpB
R7sgMAaOr7WH8ejjfWJhQdCqgrEtLMmmnfPhroXSnBeku7BnSOcgZQNAXcuzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUiLjXh39CxJTz/6Ioi7oCMc1FaVQwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzkzMDM0MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi0w
DQYJKoZIhvcNAQELBQADggEBAILeMfn+VSpyMvCQEt34icJq8ubEYlUfpU4A7Y08
lDAMtUWn4QHn62z6K95AL9zV5lsUUPRHaS+Vtj3CuwhtLoLJ2f+1c3rFim3+Q6Nv
xiHwmqyB6jryJR1R/8tpc2H0wKRQFNL6+GRAKlJN2lQQlLgUVfOIgNPediezxkbU
5A9bO3O4a51yVhoS0BR0MgMg1xMrMNy3HO2KCo84NioGjV4LMfr+G5s5j8OY1Prv
36Jckc8WE/jy9+SOxZORGN3h/o6j2Uw9N9pnc8UeDU145/4tcA/3vklJFxkR3x2r
k81lUeEYTqh3qPbFcwc5ruA3aZN7iFjilB2iXi1iJvtIqRE=
-----END CERTIFICATE-----