Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323135333034.roa
File:                     33312e362e34362e302f32342d3234203d3e20323135333034.roa (raw, json)
Hash identifier:          c2AWCBEtXkyhrSE5U5dUmBB6x+O4nIK8dLeyvABlgvc=
Subject key identifier:   3B:B6:14:D5:0A:FE:05:79:E3:9F:0F:AE:8F:8E:D8:02:F6:0E:D0:7E
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7B319D81A71543B646C4D2889EE75762FEF5A4CC
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323135333034.roa
Signing time:             Fri 08 Nov 2024 14:25:55 +0000
ROA not before:           Fri 08 Nov 2024 14:20:55 +0000
ROA not after:            Fri 07 Nov 2025 14:25:55 +0000
asID:                     215304
IP address blocks:        31.6.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:31:9d:81:a7:15:43:b6:46:c4:d2:88:9e:e7:57:62:fe:f5:a4:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov  8 14:20:55 2024 GMT
            Not After : Nov  7 14:25:55 2025 GMT
        Subject: CN=3BB614D50AFE0579E39F0FAE8F8ED802F60ED07E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:92:10:21:7d:8b:55:73:5d:a8:2c:f5:20:be:
                    02:14:d9:77:08:3e:1f:d9:40:c8:b3:22:79:09:a1:
                    0f:b7:59:81:af:e5:df:78:00:29:92:f9:66:dc:9f:
                    c3:de:01:98:46:54:ab:2c:c9:dd:7b:0e:5a:da:f1:
                    f4:d4:f8:6b:3d:82:2e:8d:30:b8:48:96:3c:81:61:
                    e5:a3:c0:ef:ab:78:83:32:86:d7:8e:38:d6:2e:76:
                    74:83:92:ca:b5:10:66:e8:64:9a:30:50:b9:22:f2:
                    38:04:6b:73:c4:b0:b7:a2:ce:69:1a:a3:b3:c3:87:
                    f4:1b:29:30:4b:63:b8:f0:43:a3:89:a9:26:28:a6:
                    66:63:fa:c7:08:74:4b:7d:8b:62:5c:32:c4:a6:7c:
                    a9:fc:32:42:e1:c3:b6:f5:0e:ab:af:8c:ec:9d:14:
                    d9:3a:dd:2f:7a:b9:b9:4c:8f:b5:cc:42:b3:c6:19:
                    a9:01:03:79:93:6b:75:09:1f:2e:28:c5:45:be:0e:
                    2a:4f:ca:fa:2f:23:af:a9:cb:39:e7:a0:58:3b:1d:
                    ee:7e:f9:a8:84:7c:a9:b9:74:2d:c0:fe:ed:b1:ca:
                    12:68:6b:56:06:63:79:d3:5a:b9:fc:6d:09:78:02:
                    78:6c:83:90:05:08:42:c5:28:cf:a2:a6:5e:23:84:
                    25:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B6:14:D5:0A:FE:05:79:E3:9F:0F:AE:8F:8E:D8:02:F6:0E:D0:7E
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323135333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:c8:25:f1:54:8e:3e:08:3e:6b:e6:22:af:e8:24:1f:71:e4:
         75:63:5c:9d:c2:1b:30:e7:04:3b:21:89:c9:e2:ba:96:f2:c0:
         cd:68:3e:22:6f:49:f6:76:2e:be:53:08:9d:08:1f:ec:4c:b7:
         cf:2a:4a:5b:f0:24:0e:a6:5d:a0:34:7a:f5:18:fa:6f:2a:c3:
         09:50:91:47:76:68:85:9d:39:44:46:49:0b:a0:c6:6a:de:b3:
         5d:a4:26:68:d5:f2:0c:34:d6:0f:fe:9b:1f:f1:d4:a5:79:43:
         05:3e:1c:88:21:a3:4b:ab:e6:18:29:c0:ef:e7:07:5c:d2:fc:
         c8:b2:fc:2d:56:f6:29:ff:18:fb:ed:0a:fa:a6:c9:aa:94:ec:
         71:ed:26:d4:bb:51:c7:d4:d7:ce:3c:a8:43:35:e5:17:f2:5c:
         3d:33:1e:e3:71:50:fe:af:60:a1:e5:c4:22:9e:22:69:8e:66:
         20:dc:3c:69:3f:e9:c3:d0:54:85:e2:2d:d5:e0:b2:70:da:b8:
         0e:8b:11:f8:26:06:57:8b:38:ab:39:7f:8f:8b:8e:28:06:40:
         0e:4f:80:d6:26:81:3f:50:0e:0c:b8:0b:05:19:c7:16:3f:8f:
         e2:03:21:67:5b:01:01:1f:d7:46:b1:b1:d7:cf:99:db:44:a0:
         60:05:66:c5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUezGdgacVQ7ZGxNKInudXYv71pMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMDgxNDIwNTVaFw0yNTExMDcxNDI1NTVaMDMxMTAvBgNV
BAMTKDNCQjYxNEQ1MEFGRTA1NzlFMzlGMEZBRThGOEVEODAyRjYwRUQwN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPkhAhfYtVc12oLPUgvgIU2XcI
Ph/ZQMizInkJoQ+3WYGv5d94ACmS+Wbcn8PeAZhGVKssyd17Dlra8fTU+Gs9gi6N
MLhIljyBYeWjwO+reIMyhteOONYudnSDksq1EGboZJowULki8jgEa3PEsLeizmka
o7PDh/QbKTBLY7jwQ6OJqSYopmZj+scIdEt9i2JcMsSmfKn8MkLhw7b1DquvjOyd
FNk63S96ublMj7XMQrPGGakBA3mTa3UJHy4oxUW+DipPyvovI6+pyznnoFg7He5+
+aiEfKm5dC3A/u2xyhJoa1YGY3nTWrn8bQl4Anhsg5AFCELFKM+ipl4jhCVZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUO7YU1Qr+BXnjnw+uj47YAvYO0H4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzUzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi4w
DQYJKoZIhvcNAQELBQADggEBAGnIJfFUjj4IPmvmIq/oJB9x5HVjXJ3CGzDnBDsh
icniupbywM1oPiJvSfZ2Lr5TCJ0IH+xMt88qSlvwJA6mXaA0evUY+m8qwwlQkUd2
aIWdOURGSQugxmres12kJmjV8gw01g/+mx/x1KV5QwU+HIgho0ur5hgpwO/nB1zS
/Miy/C1W9in/GPvtCvqmyaqU7HHtJtS7UcfU1848qEM15RfyXD0zHuNxUP6vYKHl
xCKeImmOZiDcPGk/6cPQVIXiLdXgsnDauA6LEfgmBleLOKs5f4+LjigGQA5PgNYm
gT9QDgy4CwUZxxY/j+IDIWdbAQEf10axsdfPmdtEoGAFZsU=
-----END CERTIFICATE-----