Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e203330363434.roa
File:                     33312e362e34372e302f32342d3234203d3e203330363434.roa (raw, json)
Hash identifier:          J+nrw7dCCsLyrSE4FMbOZJ81lbnn27tZuEdB/iHpqjE=
Subject key identifier:   8C:A1:7A:98:B7:37:CA:B3:8B:47:81:DD:5C:B0:34:A6:C8:DF:77:A7
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       39C7B2B9380238E78BB2D86A694C4A38AF9F474F
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e203330363434.roa
Signing time:             Mon 29 Apr 2024 18:12:35 +0000
ROA not before:           Mon 29 Apr 2024 18:07:35 +0000
ROA not after:            Mon 28 Apr 2025 18:12:35 +0000
asID:                     30644
IP address blocks:        31.6.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 14:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:c7:b2:b9:38:02:38:e7:8b:b2:d8:6a:69:4c:4a:38:af:9f:47:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Apr 29 18:07:35 2024 GMT
            Not After : Apr 28 18:12:35 2025 GMT
        Subject: CN=8CA17A98B737CAB38B4781DD5CB034A6C8DF77A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e9:16:76:dd:c9:f2:4d:83:cb:cd:7d:db:23:
                    76:1a:76:ab:e6:6f:96:d0:85:bd:3d:58:00:f2:7e:
                    aa:b6:31:a3:e6:76:05:80:48:6e:9f:a0:5c:f3:b0:
                    ef:fd:2a:21:02:8a:ae:be:01:5b:00:b7:82:03:4d:
                    2a:53:b4:b9:18:e8:83:a2:e9:3a:38:e6:c3:d5:ee:
                    81:ec:24:63:ef:59:11:1d:99:d0:c2:b6:0b:c1:ae:
                    c3:9b:d2:a0:ea:0a:78:78:d9:a4:20:09:f6:f4:8b:
                    c4:ef:33:3c:7e:6f:8f:a7:5c:55:96:dd:ef:28:9c:
                    31:e6:8a:d7:38:9e:b3:39:de:19:86:fa:43:1f:d0:
                    51:16:d7:88:35:db:34:5f:2c:49:77:03:d7:61:6b:
                    d6:60:cb:70:17:97:2e:9f:22:c0:05:26:77:7d:33:
                    c3:22:99:c5:15:7b:2f:2f:f6:4e:48:0b:4c:ae:5c:
                    4e:0b:be:b5:57:87:68:16:ff:57:c1:29:c6:f9:fc:
                    d7:1b:0d:78:a4:ff:a0:90:03:2b:8f:54:e3:b0:2d:
                    e2:e7:a3:39:35:c6:d6:7d:4d:f2:41:be:dd:fd:be:
                    0b:f6:fe:e0:0b:dd:cd:47:74:8c:a8:2d:c9:3b:22:
                    a0:8e:71:1d:1c:fd:4b:bf:23:13:f0:f8:d0:60:e8:
                    80:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A1:7A:98:B7:37:CA:B3:8B:47:81:DD:5C:B0:34:A6:C8:DF:77:A7
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e203330363434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:23:33:43:79:10:0c:b7:ce:4c:07:87:0e:01:f6:57:16:39:
         cd:13:53:19:44:49:cb:6e:7c:b1:f9:1f:82:d3:4c:4c:cd:30:
         66:f5:55:c6:22:44:42:bd:88:e7:52:d5:4a:ca:03:d6:13:67:
         77:15:df:61:07:7c:5a:c8:83:35:9c:66:a1:64:4a:6e:51:31:
         4e:92:38:13:1d:7e:35:d1:5c:74:ef:ee:36:12:a7:d3:43:c1:
         3f:0b:64:df:ab:73:39:39:0a:1c:50:07:71:51:02:34:c7:12:
         7b:97:9c:04:7b:55:04:55:c1:63:37:37:1b:0e:4b:5a:0e:59:
         79:d4:bf:65:f5:fa:d1:e5:5f:6e:45:59:5f:b9:70:05:74:db:
         d0:8e:53:c3:19:59:84:56:66:95:d3:7f:c0:61:04:c8:61:31:
         d3:c0:36:b0:38:86:ca:05:91:01:0e:89:52:45:05:e5:a7:52:
         39:ec:c2:f9:5b:4c:9b:3c:1b:4b:88:f8:ff:ac:78:73:58:43:
         61:d7:2c:c3:de:d2:0a:22:f1:6f:b5:f0:c8:e4:1f:6e:15:93:
         54:ef:b4:d5:ef:6d:95:50:5b:9f:49:50:e9:e0:bd:7b:0c:89:
         07:fc:40:b2:bc:16:6c:30:05:11:7f:6b:aa:a7:e3:2e:94:a6:
         10:f7:17:59
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUOceyuTgCOOeLsthqaUxKOK+fR08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA0MjkxODA3MzVaFw0yNTA0MjgxODEyMzVaMDMxMTAvBgNV
BAMTKDhDQTE3QTk4QjczN0NBQjM4QjQ3ODFERDVDQjAzNEE2QzhERjc3QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe6RZ23cnyTYPLzX3bI3Yadqvm
b5bQhb09WADyfqq2MaPmdgWASG6foFzzsO/9KiECiq6+AVsAt4IDTSpTtLkY6IOi
6To45sPV7oHsJGPvWREdmdDCtgvBrsOb0qDqCnh42aQgCfb0i8TvMzx+b4+nXFWW
3e8onDHmitc4nrM53hmG+kMf0FEW14g12zRfLEl3A9dha9Zgy3AXly6fIsAFJnd9
M8MimcUVey8v9k5IC0yuXE4LvrVXh2gW/1fBKcb5/NcbDXik/6CQAyuPVOOwLeLn
ozk1xtZ9TfJBvt39vgv2/uAL3c1HdIyoLck7IqCOcR0c/Uu/IxPw+NBg6ICtAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUjKF6mLc3yrOLR4HdXLA0psjfd6cwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMwMzYzNDM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYvMA0G
CSqGSIb3DQEBCwUAA4IBAQCVIzNDeRAMt85MB4cOAfZXFjnNE1MZREnLbnyx+R+C
00xMzTBm9VXGIkRCvYjnUtVKygPWE2d3Fd9hB3xayIM1nGahZEpuUTFOkjgTHX41
0Vx07+42EqfTQ8E/C2Tfq3M5OQocUAdxUQI0xxJ7l5wEe1UEVcFjNzcbDktaDll5
1L9l9frR5V9uRVlfuXAFdNvQjlPDGVmEVmaV03/AYQTIYTHTwDawOIbKBZEBDolS
RQXlp1I57ML5W0ybPBtLiPj/rHhzWENh1yzD3tIKIvFvtfDI5B9uFZNU77TV722V
UFufSVDp4L17DIkH/ECyvBZsMAURf2uqp+MulKYQ9xdZ
-----END CERTIFICATE-----