Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20323132323338.roa
File:                     33312e362e34372e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          v188J9WHE0yGRRneGAI3diaAtitoYVux5AoCL2LOPms=
Subject key identifier:   32:E6:97:C1:3E:68:C1:8D:77:72:D2:31:A1:D7:E0:88:3A:B4:BD:C6
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       76698F424639A13363ECEA678DB42BBDDDA79F29
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20323132323338.roa
Signing time:             Fri 28 Mar 2025 06:53:59 +0000
ROA not before:           Fri 28 Mar 2025 06:48:59 +0000
ROA not after:            Fri 27 Mar 2026 06:53:59 +0000
asID:                     212238
IP address blocks:        31.6.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:69:8f:42:46:39:a1:33:63:ec:ea:67:8d:b4:2b:bd:dd:a7:9f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 28 06:48:59 2025 GMT
            Not After : Mar 27 06:53:59 2026 GMT
        Subject: CN=32E697C13E68C18D7772D231A1D7E0883AB4BDC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c4:fb:d7:49:e3:30:6a:5c:a0:87:7a:a1:a7:
                    e4:f6:9a:cc:ee:41:9e:6b:82:22:c1:19:47:aa:37:
                    d3:ab:39:1d:21:7c:10:13:31:c2:bf:13:ac:fc:1e:
                    9f:53:4e:00:df:0b:25:db:92:84:9f:fd:64:ef:b7:
                    a0:b0:45:5a:5e:ca:86:18:ab:d9:1d:24:bf:f3:12:
                    70:e1:f0:16:44:b8:22:3d:97:99:30:32:a8:be:69:
                    3e:ac:6c:6e:f1:50:7b:0e:c1:87:c4:16:33:0f:ee:
                    29:4b:a4:7c:83:5d:9b:72:0d:07:b3:3f:99:7b:cb:
                    bc:cc:50:8d:13:b2:a9:a1:b7:11:2c:7a:38:0c:bd:
                    e3:09:da:44:a0:8a:74:c9:0d:1a:6d:23:e2:f9:d3:
                    dc:3a:fc:2d:9c:41:a3:a6:4e:58:b0:03:e9:57:b8:
                    bc:66:79:71:02:a2:e8:07:a9:9c:a4:85:92:62:54:
                    cb:f7:3d:4a:39:c4:14:92:3c:21:1c:f2:5a:74:10:
                    52:c4:b1:87:d2:f0:37:ee:dd:ab:41:f2:84:4d:fe:
                    bf:27:3d:8c:5d:87:d9:64:31:88:35:32:52:42:e3:
                    b1:a3:a7:5e:2f:35:a5:46:c7:92:43:26:ac:24:22:
                    e4:24:d4:ad:4e:c8:91:01:a4:61:8e:c6:6b:ea:c1:
                    6a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:E6:97:C1:3E:68:C1:8D:77:72:D2:31:A1:D7:E0:88:3A:B4:BD:C6
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:57:83:98:39:99:8e:2c:42:2b:64:fe:43:64:ad:fa:df:d4:
         b9:d9:75:08:c7:f9:05:2c:4d:95:3d:c6:66:86:18:36:86:ed:
         00:47:43:e5:6d:5e:b9:f7:d1:4f:de:d8:8f:0b:dc:5a:15:31:
         b7:ca:f8:74:7d:c1:19:06:82:2d:4f:da:da:a6:e3:6d:36:2b:
         cf:4f:9f:6d:43:35:df:80:5c:b0:78:94:ba:7a:a1:02:05:f7:
         24:b7:82:2f:76:13:0d:b9:8f:62:7b:b6:6f:62:f1:de:6b:84:
         b7:42:80:2a:b1:75:30:97:10:8d:be:9f:6c:dd:6f:0f:81:0d:
         7c:ea:c2:1e:9e:ad:51:75:54:5c:4a:69:22:cb:19:02:f4:e8:
         92:c3:a7:bd:70:e5:71:dd:7a:77:3e:47:72:0e:fe:52:e5:0e:
         e8:6e:0f:ae:24:8f:31:a1:dd:a0:f1:40:72:a7:65:35:c8:38:
         eb:f0:a5:84:6e:71:9c:a1:88:b1:4b:fd:6c:f4:67:7a:3a:49:
         07:d5:57:7b:da:80:4e:10:f1:f4:95:51:d9:ac:57:5b:3f:2d:
         c9:02:88:d0:1e:a8:40:8b:95:c1:35:42:77:64:1b:9e:c3:b7:
         c1:fd:aa:c0:3a:a5:10:74:09:66:a8:91:b2:5f:b6:51:ca:c2:
         b3:6c:c5:10
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdmmPQkY5oTNj7OpnjbQrvd2nnykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTAzMjgwNjQ4NTlaFw0yNjAzMjcwNjUzNTlaMDMxMTAvBgNV
BAMTKDMyRTY5N0MxM0U2OEMxOEQ3NzcyRDIzMUExRDdFMDg4M0FCNEJEQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWxPvXSeMwalygh3qhp+T2mszu
QZ5rgiLBGUeqN9OrOR0hfBATMcK/E6z8Hp9TTgDfCyXbkoSf/WTvt6CwRVpeyoYY
q9kdJL/zEnDh8BZEuCI9l5kwMqi+aT6sbG7xUHsOwYfEFjMP7ilLpHyDXZtyDQez
P5l7y7zMUI0TsqmhtxEsejgMveMJ2kSginTJDRptI+L509w6/C2cQaOmTliwA+lX
uLxmeXECougHqZykhZJiVMv3PUo5xBSSPCEc8lp0EFLEsYfS8Dfu3atB8oRN/r8n
PYxdh9lkMYg1MlJC47Gjp14vNaVGx5JDJqwkIuQk1K1OyJEBpGGOxmvqwWo3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMuaXwT5owY13ctIxodfgiDq0vcYwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi8w
DQYJKoZIhvcNAQELBQADggEBAIxXg5g5mY4sQitk/kNkrfrf1LnZdQjH+QUsTZU9
xmaGGDaG7QBHQ+VtXrn30U/e2I8L3FoVMbfK+HR9wRkGgi1P2tqm4202K89Pn21D
Nd+AXLB4lLp6oQIF9yS3gi92Ew25j2J7tm9i8d5rhLdCgCqxdTCXEI2+n2zdbw+B
DXzqwh6erVF1VFxKaSLLGQL06JLDp71w5XHdenc+R3IO/lLlDuhuD64kjzGh3aDx
QHKnZTXIOOvwpYRucZyhiLFL/Wz0Z3o6SQfVV3vagE4Q8fSVUdmsV1s/LckCiNAe
qECLlcE1QndkG57Dt8H9qsA6pRB0CWaokbJftlHKwrNsxRA=
-----END CERTIFICATE-----