Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323134303234.roa
File:                     33312e362e34362e302f32342d3234203d3e20323134303234.roa (raw, json)
Hash identifier:          Y3pSf7XYMTwox0PW/rMGHFYHfEWZYS3wI9eXlV9DiRE=
Subject key identifier:   37:34:D3:85:9F:A6:1E:6C:DB:BD:E4:85:36:7A:B9:F7:30:9E:E4:1E
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       44502DCAD237E1B6272DA2A4EC0BF3FF243F1C28
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323134303234.roa
Signing time:             Sat 09 Nov 2024 13:06:13 +0000
ROA not before:           Sat 09 Nov 2024 13:01:13 +0000
ROA not after:            Sat 08 Nov 2025 13:06:13 +0000
asID:                     214024
IP address blocks:        31.6.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:50:2d:ca:d2:37:e1:b6:27:2d:a2:a4:ec:0b:f3:ff:24:3f:1c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov  9 13:01:13 2024 GMT
            Not After : Nov  8 13:06:13 2025 GMT
        Subject: CN=3734D3859FA61E6CDBBDE485367AB9F7309EE41E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:61:87:6f:49:4a:a1:06:4f:79:50:29:5c:8f:
                    42:7b:a1:02:9a:6b:17:a8:1d:00:6e:fa:b8:a0:0d:
                    c8:85:36:aa:13:08:72:e6:c9:2b:56:ab:cb:3f:4f:
                    1e:2b:1f:6c:aa:96:58:a4:e8:eb:ad:a4:2e:af:81:
                    1a:33:bd:03:dc:67:5a:07:c8:10:21:f3:1a:9a:55:
                    e4:70:e9:ee:7a:89:a6:ff:fc:ae:93:66:0d:92:0e:
                    2e:3a:48:9e:c9:35:5d:df:e2:ee:fd:7e:f0:78:b1:
                    46:ae:8b:e1:1d:b4:b0:0e:83:ab:f0:20:57:c1:8b:
                    13:d5:64:c9:93:81:f3:2f:56:f2:a7:87:c6:80:67:
                    fa:bf:16:25:7f:da:a0:dc:1f:2a:ee:75:9f:b2:52:
                    e8:5a:e5:21:10:e7:fe:a0:75:12:98:3f:9b:58:cf:
                    1f:f7:45:56:3c:81:43:38:78:67:ac:74:d8:56:ee:
                    04:f7:da:dc:93:2f:6a:49:e5:0e:14:6b:90:09:a2:
                    a4:f6:b9:6d:0f:50:12:56:f9:7e:a9:af:ec:cc:0e:
                    73:2d:20:00:e2:f1:ff:29:48:59:c8:f3:5f:a4:72:
                    75:e9:4c:d3:8b:26:67:5a:e6:f7:7d:bc:27:a6:f7:
                    82:39:74:d0:a6:80:9e:c9:69:c5:2f:7c:4e:66:9c:
                    67:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:34:D3:85:9F:A6:1E:6C:DB:BD:E4:85:36:7A:B9:F7:30:9E:E4:1E
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323134303234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:8d:b8:0a:73:d4:55:70:0d:c9:fa:72:d7:e9:99:38:e6:c7:
         de:b8:69:c5:1c:ad:4e:4e:76:5a:9d:a8:9f:c9:a9:11:b6:73:
         26:f2:5e:de:8b:e0:76:83:96:70:9a:cc:96:31:81:a4:c9:12:
         2a:e9:5f:43:d1:e8:8a:7b:1f:1c:e0:cc:82:be:75:6c:b1:97:
         29:26:b4:bf:37:a1:b5:fb:96:d2:27:09:89:ca:5a:34:de:1f:
         c4:8d:e8:66:8a:79:02:a3:e2:b5:e4:01:ee:c0:1e:e2:54:73:
         22:e6:d3:c2:d7:91:e0:21:c8:9f:c7:92:63:f9:18:17:72:f0:
         77:d5:f7:d1:eb:c3:e6:6c:07:9f:9d:27:a3:d7:3f:48:f6:55:
         73:c0:9e:31:d2:11:c8:56:27:79:31:67:35:6a:bc:52:a7:0d:
         0f:69:d4:a1:27:a0:a6:48:ac:2a:7b:8d:fd:03:5c:ac:88:6f:
         3f:1a:cc:00:a7:a6:d7:45:72:94:61:7d:68:f6:08:d7:7b:1b:
         57:dc:00:c3:15:be:2c:2d:39:ee:1f:3e:09:a5:78:08:92:9e:
         08:ff:7d:6c:17:69:67:ee:33:7f:a3:06:f1:f6:09:06:50:ea:
         a1:fc:c2:fb:40:3b:20:b5:88:50:9a:cf:f2:7e:6a:b9:cd:23:
         35:5c:e7:2e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURFAtytI34bYnLaKk7Avz/yQ/HCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMDkxMzAxMTNaFw0yNTExMDgxMzA2MTNaMDMxMTAvBgNV
BAMTKDM3MzREMzg1OUZBNjFFNkNEQkJERTQ4NTM2N0FCOUY3MzA5RUU0MUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbYYdvSUqhBk95UClcj0J7oQKa
axeoHQBu+rigDciFNqoTCHLmyStWq8s/Tx4rH2yqllik6OutpC6vgRozvQPcZ1oH
yBAh8xqaVeRw6e56iab//K6TZg2SDi46SJ7JNV3f4u79fvB4sUaui+EdtLAOg6vw
IFfBixPVZMmTgfMvVvKnh8aAZ/q/FiV/2qDcHyrudZ+yUuha5SEQ5/6gdRKYP5tY
zx/3RVY8gUM4eGesdNhW7gT32tyTL2pJ5Q4Ua5AJoqT2uW0PUBJW+X6pr+zMDnMt
IADi8f8pSFnI81+kcnXpTNOLJmda5vd9vCem94I5dNCmgJ7JacUvfE5mnGcXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUNzTThZ+mHmzbveSFNnq59zCe5B4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzMDMyMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi4w
DQYJKoZIhvcNAQELBQADggEBAKSNuApz1FVwDcn6ctfpmTjmx964acUcrU5Odlqd
qJ/JqRG2cybyXt6L4HaDlnCazJYxgaTJEirpX0PR6Ip7HxzgzIK+dWyxlykmtL83
obX7ltInCYnKWjTeH8SN6GaKeQKj4rXkAe7AHuJUcyLm08LXkeAhyJ/HkmP5GBdy
8HfV99Hrw+ZsB5+dJ6PXP0j2VXPAnjHSEchWJ3kxZzVqvFKnDQ9p1KEnoKZIrCp7
jf0DXKyIbz8azACnptdFcpRhfWj2CNd7G1fcAMMVviwtOe4fPgmleAiSngj/fWwX
aWfuM3+jBvH2CQZQ6qH8wvtAOyC1iFCaz/J+arnNIzVc5y4=
-----END CERTIFICATE-----