Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34392e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34392e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          rDYTrd3U1DXRCWwqalS0YTl/iBgySzGHtDYPwjx9JZU=
Subject key identifier:   65:FC:F5:93:B6:12:C6:A9:D1:B8:85:BF:AE:E4:C8:40:10:AA:9B:B1
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4DD2989F5AC398BCDA4311C133A31EAC87A21F6A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34392e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     22363
IP address blocks:        31.6.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d2:98:9f:5a:c3:98:bc:da:43:11:c1:33:a3:1e:ac:87:a2:1f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=65FCF593B612C6A9D1B885BFAEE4C84010AA9BB1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:46:de:07:99:e1:1b:4c:82:f1:2e:c8:25:9e:
                    6c:4e:4e:66:0c:e6:09:a8:61:0e:46:57:fb:5b:16:
                    6e:8c:40:37:b9:81:9b:71:a1:17:ff:94:49:ca:9a:
                    3e:96:65:32:ef:a8:8f:0b:51:2e:a4:50:8c:f0:8f:
                    25:22:ef:2c:03:fb:9f:1b:54:b4:85:80:08:6d:9c:
                    07:eb:81:de:92:10:23:43:75:1d:f1:5a:b4:ef:e0:
                    f6:b7:f9:19:7c:15:f8:55:c6:1f:fb:6c:08:b0:dd:
                    e6:a9:3e:c0:8b:1b:ae:d0:36:c8:58:60:23:14:4e:
                    73:83:57:9b:a0:64:9c:0d:81:44:14:fe:30:ba:86:
                    92:e8:b8:3b:3d:a1:d4:8d:b8:6c:f8:24:7e:41:63:
                    da:da:31:a3:7f:44:e1:76:8c:e8:d6:4a:97:df:32:
                    17:3d:b3:16:13:8b:42:d5:5c:2b:fc:7f:83:1d:1b:
                    f8:83:6b:5e:07:30:91:d7:eb:9a:c4:34:4b:1e:78:
                    9b:be:e7:44:a4:b8:2d:86:2a:cf:20:33:bc:6c:fd:
                    56:fb:1e:45:76:93:14:a4:74:0c:3f:08:3d:ab:b6:
                    25:65:cc:11:e3:ad:b9:c3:43:20:b1:30:18:19:94:
                    0a:cd:64:27:1d:c4:cd:22:dc:23:e3:49:0d:07:15:
                    50:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:FC:F5:93:B6:12:C6:A9:D1:B8:85:BF:AE:E4:C8:40:10:AA:9B:B1
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34392e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:da:a7:f9:03:2f:0f:52:01:f7:03:36:a7:62:1c:63:af:39:
         51:66:71:7f:90:a0:f7:34:e7:97:49:7e:f1:4d:d0:c0:06:64:
         a5:fb:e9:92:d3:00:d3:b2:53:6d:f9:e2:d5:05:f3:e1:78:b7:
         ed:ae:c6:33:ba:91:d2:b8:8b:2a:fc:35:71:fa:b9:71:77:22:
         4a:cf:94:4e:0d:f3:60:7a:67:e9:4f:31:72:6a:6a:73:25:71:
         5f:60:a7:cd:27:92:b2:9e:38:51:af:44:01:7f:52:3e:a6:8b:
         c6:fe:48:49:da:95:af:30:03:b6:44:d5:90:4b:25:98:ad:de:
         92:f3:ae:aa:e5:db:8f:68:e3:33:bb:bd:3b:fc:8e:d8:f1:23:
         31:bf:d6:36:d2:16:ba:cd:db:48:42:e2:81:e1:5b:90:3f:92:
         65:73:5c:ea:b4:95:97:5a:ee:87:42:65:a2:a4:b3:31:48:a7:
         f7:e2:97:38:a2:82:40:a6:a8:4f:f5:cc:db:79:4c:49:25:f9:
         0c:cd:cc:4b:2b:37:fa:79:9c:d7:6f:98:89:73:84:09:36:cf:
         84:1d:9f:1d:0f:e0:06:d1:9b:eb:29:72:1b:a5:14:7f:82:fc:
         40:d5:4a:04:e4:21:62:2c:cc:ff:49:7c:62:e7:7d:47:a9:ef:
         54:59:a8:80
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUTdKYn1rDmLzaQxHBM6MerIeiH2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKDY1RkNGNTkzQjYxMkM2QTlEMUI4ODVCRkFFRTRDODQwMTBBQTlCQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkRt4HmeEbTILxLsglnmxOTmYM
5gmoYQ5GV/tbFm6MQDe5gZtxoRf/lEnKmj6WZTLvqI8LUS6kUIzwjyUi7ywD+58b
VLSFgAhtnAfrgd6SECNDdR3xWrTv4Pa3+Rl8FfhVxh/7bAiw3eapPsCLG67QNshY
YCMUTnODV5ugZJwNgUQU/jC6hpLouDs9odSNuGz4JH5BY9raMaN/ROF2jOjWSpff
Mhc9sxYTi0LVXCv8f4MdG/iDa14HMJHX65rENEseeJu+50SkuC2GKs8gM7xs/Vb7
HkV2kxSkdAw/CD2rtiVlzBHjrbnDQyCxMBgZlArNZCcdxM0i3CPjSQ0HFVCBAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUZfz1k7YSxqnRuIW/ruTIQBCqm7EwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYxMA0G
CSqGSIb3DQEBCwUAA4IBAQAs2qf5Ay8PUgH3AzanYhxjrzlRZnF/kKD3NOeXSX7x
TdDABmSl++mS0wDTslNt+eLVBfPheLftrsYzupHSuIsq/DVx+rlxdyJKz5RODfNg
emfpTzFyampzJXFfYKfNJ5KynjhRr0QBf1I+povG/khJ2pWvMAO2RNWQSyWYrd6S
866q5duPaOMzu707/I7Y8SMxv9Y20ha6zdtIQuKB4VuQP5Jlc1zqtJWXWu6HQmWi
pLMxSKf34pc4ooJApqhP9czbeUxJJfkMzcxLKzf6eZzXb5iJc4QJNs+EHZ8dD+AG
0ZvrKXIbpRR/gvxA1UoE5CFiLMz/SXxi531Hqe9UWaiA
-----END CERTIFICATE-----