Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323134363534.roa
File:                     33312e362e34362e302f32342d3234203d3e20323134363534.roa (raw, json)
Hash identifier:          iZHQLVSly9Muq8JunNI01VjjcT12cBaRsczOhIy6ing=
Subject key identifier:   F2:88:E0:1C:5A:B2:17:CD:9B:00:73:FA:42:34:37:EB:73:95:8A:9C
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       665FBA27117F231ACFC9960CE959AB4A4F8153D2
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323134363534.roa
Signing time:             Wed 06 Nov 2024 05:03:08 +0000
ROA not before:           Wed 06 Nov 2024 04:58:08 +0000
ROA not after:            Wed 05 Nov 2025 05:03:08 +0000
asID:                     214654
IP address blocks:        31.6.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:5f:ba:27:11:7f:23:1a:cf:c9:96:0c:e9:59:ab:4a:4f:81:53:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov  6 04:58:08 2024 GMT
            Not After : Nov  5 05:03:08 2025 GMT
        Subject: CN=F288E01C5AB217CD9B0073FA423437EB73958A9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:47:7a:0b:ea:b6:79:cd:57:9f:24:c3:95:2e:
                    3b:a9:9b:69:9e:f4:b7:33:df:1e:f2:d5:b3:6e:0a:
                    ec:0a:6e:b7:e7:13:f9:0e:3a:ac:10:0b:59:9d:ca:
                    0e:58:6e:71:79:b0:6a:3d:2d:cc:30:7a:e2:40:4b:
                    dd:49:e6:aa:da:a4:ff:1e:e9:80:a9:ed:ce:b6:5c:
                    f4:3d:1f:de:60:66:4c:d8:94:44:a7:bb:01:35:bd:
                    d2:92:43:f2:3e:69:d1:63:f1:7e:5a:5d:16:b4:bf:
                    73:fe:67:19:74:00:68:be:b8:9f:82:03:98:34:73:
                    9b:ef:f0:f5:14:a6:72:27:93:6f:4a:4c:30:f1:7a:
                    67:d0:00:e8:9a:24:10:fa:32:80:1b:11:62:92:65:
                    06:f8:b2:26:b4:89:d2:a7:da:91:55:a9:e7:25:89:
                    d6:07:90:7a:80:50:99:4e:b4:fc:df:07:41:e9:83:
                    e1:18:25:c2:78:e5:c9:84:c7:05:2e:7e:bc:9a:74:
                    c2:2d:4e:42:51:6e:51:5b:1c:84:b6:e6:ec:63:cc:
                    64:97:8f:d0:04:14:2f:f3:49:5a:73:62:0b:c9:65:
                    27:6f:25:98:57:e8:d8:86:c6:da:64:a2:aa:14:16:
                    f6:0e:32:8b:d4:34:0b:29:79:d7:ca:97:d0:a6:bb:
                    50:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:88:E0:1C:5A:B2:17:CD:9B:00:73:FA:42:34:37:EB:73:95:8A:9C
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323134363534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:d1:23:fb:b1:a2:b6:1d:24:c5:d9:71:97:55:9b:c7:40:ac:
         d3:53:10:1a:04:2a:8c:11:b4:77:1d:5c:68:87:98:15:1b:ae:
         c5:51:f9:f1:2b:bd:4a:f3:31:2c:b2:dc:b9:8f:f0:76:0a:4c:
         b7:b1:ca:30:4e:90:e3:b8:c8:a5:57:8b:ed:d9:aa:80:58:ff:
         4a:8a:d8:d9:63:59:d5:78:df:4a:4c:f6:73:e3:e0:59:d6:90:
         7f:36:76:4c:35:55:59:38:16:a9:df:e2:48:cb:33:9b:29:11:
         fc:40:7c:b1:c4:b3:4e:e1:05:6e:4e:84:df:54:0e:f9:d8:35:
         93:5b:34:c6:5f:0c:3e:35:68:1c:e4:b7:52:44:7a:46:46:47:
         7b:cd:b2:06:ec:c4:79:00:72:44:8d:10:65:3c:f8:60:2c:72:
         b5:97:0a:49:a3:67:46:b6:09:65:ff:c2:48:28:21:69:0c:75:
         01:a4:c3:ee:f3:25:57:5e:c6:04:ed:a5:94:af:a9:db:74:a3:
         3d:2a:88:81:8b:d1:6a:f7:e5:c4:4d:1e:1a:71:f3:95:bf:6d:
         cd:ab:2c:6f:8f:36:38:ef:9b:64:57:75:ae:38:12:01:38:da:
         9f:d7:3c:a3:aa:85:3c:29:3a:70:39:48:13:05:9e:82:14:fe:
         19:6e:db:47
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZl+6JxF/IxrPyZYM6VmrSk+BU9IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMDYwNDU4MDhaFw0yNTExMDUwNTAzMDhaMDMxMTAvBgNV
BAMTKEYyODhFMDFDNUFCMjE3Q0Q5QjAwNzNGQTQyMzQzN0VCNzM5NThBOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0R3oL6rZ5zVefJMOVLjupm2me
9Lcz3x7y1bNuCuwKbrfnE/kOOqwQC1mdyg5YbnF5sGo9LcwweuJAS91J5qrapP8e
6YCp7c62XPQ9H95gZkzYlESnuwE1vdKSQ/I+adFj8X5aXRa0v3P+Zxl0AGi+uJ+C
A5g0c5vv8PUUpnInk29KTDDxemfQAOiaJBD6MoAbEWKSZQb4sia0idKn2pFVqecl
idYHkHqAUJlOtPzfB0Hpg+EYJcJ45cmExwUufryadMItTkJRblFbHIS25uxjzGSX
j9AEFC/zSVpzYgvJZSdvJZhX6NiGxtpkoqoUFvYOMovUNAspedfKl9Cmu1C1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU8ojgHFqyF82bAHP6QjQ363OVipwwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzNjM1MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi4w
DQYJKoZIhvcNAQELBQADggEBAFzRI/uxorYdJMXZcZdVm8dArNNTEBoEKowRtHcd
XGiHmBUbrsVR+fErvUrzMSyy3LmP8HYKTLexyjBOkOO4yKVXi+3ZqoBY/0qK2Nlj
WdV430pM9nPj4FnWkH82dkw1VVk4Fqnf4kjLM5spEfxAfLHEs07hBW5OhN9UDvnY
NZNbNMZfDD41aBzkt1JEekZGR3vNsgbsxHkAckSNEGU8+GAscrWXCkmjZ0a2CWX/
wkgoIWkMdQGkw+7zJVdexgTtpZSvqdt0oz0qiIGL0Wr35cRNHhpx85W/bc2rLG+P
Njjvm2RXda44EgE42p/XPKOqhTwpOnA5SBMFnoIU/hlu20c=
-----END CERTIFICATE-----