Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e203336353330.roa
File:                     33312e362e34362e302f32342d3234203d3e203336353330.roa (raw, json)
Hash identifier:          uJZHyORi2YieB6c6Gd7gv9c3J16B/HSoax0nO8TlxxQ=
Subject key identifier:   78:A3:50:7C:48:95:19:2C:7E:BA:DD:A2:B5:A2:D5:A4:EE:36:DE:7E
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       042C2D9117E1D4DBA5B54EFD8BEF9A5FEA6AB43D
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e203336353330.roa
Signing time:             Thu 16 Jan 2025 09:21:48 +0000
ROA not before:           Thu 16 Jan 2025 09:16:48 +0000
ROA not after:            Thu 15 Jan 2026 09:21:48 +0000
asID:                     36530
IP address blocks:        31.6.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 17:49:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:2c:2d:91:17:e1:d4:db:a5:b5:4e:fd:8b:ef:9a:5f:ea:6a:b4:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jan 16 09:16:48 2025 GMT
            Not After : Jan 15 09:21:48 2026 GMT
        Subject: CN=78A3507C4895192C7EBADDA2B5A2D5A4EE36DE7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:55:01:4e:47:ee:7d:7d:ef:d1:4c:c4:0c:ba:
                    fe:5d:ee:24:0c:64:fb:fa:d7:7b:53:f1:33:c9:73:
                    b3:35:f2:d5:ce:62:17:34:7a:90:f8:66:0a:73:a7:
                    02:27:e0:fd:09:5b:3c:8c:3c:8c:a6:f1:f8:d7:76:
                    7f:fc:3e:62:71:9e:58:fa:c1:d4:ea:5a:9a:06:9e:
                    ec:de:bc:f9:d4:f8:50:b9:59:47:fc:ab:b2:6a:a1:
                    4f:64:4f:8e:51:38:8d:aa:c8:ee:38:fd:f4:a9:87:
                    55:9f:0d:48:e8:ae:0c:a0:a5:dd:d5:93:14:29:32:
                    86:7c:f1:d6:a1:67:bf:58:cf:23:6d:42:c4:b1:f7:
                    e5:07:23:4e:d7:80:4a:8c:81:80:c6:85:4a:26:4d:
                    5f:45:e3:34:9c:fe:d6:4e:da:1f:ee:a4:0f:79:6f:
                    f4:09:e3:5e:9f:cd:2e:18:4b:ab:5f:4a:85:fd:41:
                    06:be:63:10:b4:75:fb:03:14:3e:5c:a1:5f:b6:d1:
                    ff:19:35:25:12:5a:31:a2:f8:e0:26:90:6d:13:c7:
                    a0:14:96:c8:ff:4f:fa:1b:66:08:ae:a3:0a:74:61:
                    8c:dd:22:c3:49:26:9b:cc:90:da:16:48:ac:58:23:
                    35:65:46:6b:d4:16:e6:82:13:3a:42:7a:16:e7:b4:
                    0b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:A3:50:7C:48:95:19:2C:7E:BA:DD:A2:B5:A2:D5:A4:EE:36:DE:7E
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e203336353330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:20:b1:64:2e:7f:51:08:ad:29:bd:87:25:65:10:35:ae:d7:
         fc:55:25:f7:7b:25:a6:36:a3:54:bd:6a:aa:a0:46:4f:6f:61:
         8e:f8:7e:6c:ea:50:53:3e:9b:44:60:43:0f:fb:12:7a:c5:18:
         b4:2d:43:cc:3d:b1:a4:70:5c:e3:12:bd:da:5f:5f:9b:0a:32:
         90:1b:ee:ab:4d:7c:9e:72:bd:0d:66:62:d1:99:4c:ae:0d:3d:
         d1:06:be:1b:8f:db:c5:27:4b:a9:aa:c4:1a:84:45:d1:2f:7c:
         94:11:b6:ad:7e:97:ac:cc:ae:7e:41:cb:85:11:a0:91:13:69:
         9e:bf:28:a6:82:a5:1e:5f:c1:c6:09:2c:ff:4e:d2:9c:d6:33:
         fa:4f:da:ba:b5:b2:c1:5c:4d:39:96:c4:eb:47:8b:30:6a:6d:
         3d:19:a8:66:f7:ba:1f:b1:57:a6:30:0a:3f:9c:5a:24:4d:30:
         c0:f7:e2:6d:5b:81:38:73:fe:c6:30:8e:19:fb:70:d9:94:5a:
         40:b0:a8:29:b7:4f:34:d6:b1:01:8c:24:2e:19:97:c8:62:18:
         b9:f6:8f:3a:d9:ff:42:0c:32:de:bf:0f:b1:e2:ae:35:9a:89:
         70:91:5e:2b:4c:df:33:61:4d:3a:f0:08:57:ba:0c:b5:6b:24:
         15:3d:17:f4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUBCwtkRfh1NultU79i++aX+pqtD0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTAxMTYwOTE2NDhaFw0yNjAxMTUwOTIxNDhaMDMxMTAvBgNV
BAMTKDc4QTM1MDdDNDg5NTE5MkM3RUJBRERBMkI1QTJENUE0RUUzNkRFN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSVQFOR+59fe/RTMQMuv5d7iQM
ZPv613tT8TPJc7M18tXOYhc0epD4ZgpzpwIn4P0JWzyMPIym8fjXdn/8PmJxnlj6
wdTqWpoGnuzevPnU+FC5WUf8q7JqoU9kT45ROI2qyO44/fSph1WfDUjorgygpd3V
kxQpMoZ88dahZ79YzyNtQsSx9+UHI07XgEqMgYDGhUomTV9F4zSc/tZO2h/upA95
b/QJ416fzS4YS6tfSoX9QQa+YxC0dfsDFD5coV+20f8ZNSUSWjGi+OAmkG0Tx6AU
lsj/T/obZgiuowp0YYzdIsNJJpvMkNoWSKxYIzVlRmvUFuaCEzpCehbntAv9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUeKNQfEiVGSx+ut2itaLVpO423n4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM2MzUzMzMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYuMA0G
CSqGSIb3DQEBCwUAA4IBAQCPILFkLn9RCK0pvYclZRA1rtf8VSX3eyWmNqNUvWqq
oEZPb2GO+H5s6lBTPptEYEMP+xJ6xRi0LUPMPbGkcFzjEr3aX1+bCjKQG+6rTXye
cr0NZmLRmUyuDT3RBr4bj9vFJ0upqsQahEXRL3yUEbatfpeszK5+QcuFEaCRE2me
vyimgqUeX8HGCSz/TtKc1jP6T9q6tbLBXE05lsTrR4swam09Gahm97ofsVemMAo/
nFokTTDA9+JtW4E4c/7GMI4Z+3DZlFpAsKgpt0801rEBjCQuGZfIYhi59o862f9C
DDLevw+x4q41molwkV4rTN8zYU068AhXugy1ayQVPRf0
-----END CERTIFICATE-----