Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35302e302f32342d3234203d3e20323133323030.roa
File:                     33312e362e35302e302f32342d3234203d3e20323133323030.roa (raw, json)
Hash identifier:          40/rs3DPFYgZcjRNUeSGhKzLW8nAQV1EFjRB50EtwAc=
Subject key identifier:   5D:E9:A0:17:62:85:B9:26:3D:B5:97:28:B5:68:1F:27:C0:39:33:69
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4DAB7267498E5D96F10AA72A06BCD0113448FF5F
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35302e302f32342d3234203d3e20323133323030.roa
Signing time:             Fri 27 Sep 2024 12:40:30 +0000
ROA not before:           Fri 27 Sep 2024 12:35:30 +0000
ROA not after:            Fri 26 Sep 2025 12:40:30 +0000
asID:                     213200
IP address blocks:        31.6.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ab:72:67:49:8e:5d:96:f1:0a:a7:2a:06:bc:d0:11:34:48:ff:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep 27 12:35:30 2024 GMT
            Not After : Sep 26 12:40:30 2025 GMT
        Subject: CN=5DE9A0176285B9263DB59728B5681F27C0393369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ca:4f:55:e7:11:8a:fa:5f:22:77:75:d3:e7:
                    03:6f:d9:bb:d8:67:13:51:95:00:5f:cc:8a:63:ca:
                    d3:c7:74:7a:2b:ad:6f:bc:6d:2d:e1:dc:71:7d:47:
                    60:4b:a1:84:6f:69:0d:a7:f4:62:00:b1:af:56:f3:
                    af:51:36:38:13:9b:b5:be:5a:63:60:ba:40:81:62:
                    52:86:ff:3d:b7:31:45:60:83:34:1d:95:1a:fa:5e:
                    f0:f9:c9:bf:34:3b:38:c3:05:5e:d9:47:5e:a2:d0:
                    2d:69:2b:89:76:5b:46:70:3c:8e:a9:29:95:e2:96:
                    55:e5:cd:9c:ae:41:59:cb:59:2a:7a:52:af:a1:23:
                    bd:8c:bb:e0:c3:0e:44:6e:c6:7a:b1:dd:39:9c:5e:
                    4c:99:ff:ff:d3:3d:59:d7:ab:e5:7d:c3:19:55:ad:
                    e6:ee:a6:fc:bf:40:1d:87:fd:eb:77:d2:ed:af:f5:
                    66:89:8f:20:5d:3a:cc:85:cc:c9:ab:e5:5a:76:02:
                    e4:97:ac:5a:34:84:2a:e1:d8:7c:6a:1b:17:01:95:
                    29:b6:23:02:5a:a8:8e:11:1f:31:03:b3:96:7b:80:
                    e0:5c:05:61:d9:f9:5f:33:95:5c:6d:92:29:1a:a3:
                    b0:e6:da:9b:f5:6f:62:6e:93:08:7e:c1:2d:50:89:
                    c0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:E9:A0:17:62:85:B9:26:3D:B5:97:28:B5:68:1F:27:C0:39:33:69
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35302e302f32342d3234203d3e20323133323030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:df:90:4f:e3:59:d3:98:22:81:84:a0:50:f3:49:48:d5:20:
         48:1d:60:51:d4:db:d8:ec:8c:d7:aa:f8:72:aa:56:60:62:e8:
         bf:7f:5c:98:8f:4c:9f:43:b4:cd:02:ef:e1:6a:de:9e:3f:64:
         6a:b5:5c:0d:cb:cf:bd:ac:30:90:97:0c:19:bb:e1:b7:12:63:
         13:6d:99:4e:72:d0:8b:f0:ee:52:fd:7a:29:97:8d:a8:be:cc:
         ab:d5:0b:56:97:33:9c:df:ca:93:eb:80:3d:8f:14:f4:4d:b8:
         74:ab:7c:a8:63:1d:6b:43:91:ed:0f:ad:42:76:9e:38:48:cf:
         4d:c1:4c:ec:90:9f:26:a4:40:6e:da:c2:3c:9b:b4:5e:c7:72:
         b0:58:10:ee:ab:c9:5b:6c:53:33:60:58:ab:02:af:5b:64:f9:
         e6:82:f3:5c:64:9c:15:ff:b9:07:b9:0d:09:40:5e:cb:4c:0c:
         f2:25:a8:cd:1d:f1:56:e5:e3:c0:63:7a:95:d3:d7:6c:c8:c2:
         2d:dc:19:b9:25:5d:32:08:99:2a:92:bb:01:f8:86:67:eb:70:
         60:6f:f1:05:88:25:9b:a3:f7:3e:a7:8f:f0:89:0a:ed:b9:4d:
         db:4a:52:59:47:d2:58:6c:5c:19:18:6e:66:3f:5c:a5:2e:b1:
         a2:b8:54:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTatyZ0mOXZbxCqcqBrzQETRI/18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MjcxMjM1MzBaFw0yNTA5MjYxMjQwMzBaMDMxMTAvBgNV
BAMTKDVERTlBMDE3NjI4NUI5MjYzREI1OTcyOEI1NjgxRjI3QzAzOTMzNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNyk9V5xGK+l8id3XT5wNv2bvY
ZxNRlQBfzIpjytPHdHorrW+8bS3h3HF9R2BLoYRvaQ2n9GIAsa9W869RNjgTm7W+
WmNgukCBYlKG/z23MUVggzQdlRr6XvD5yb80OzjDBV7ZR16i0C1pK4l2W0ZwPI6p
KZXillXlzZyuQVnLWSp6Uq+hI72Mu+DDDkRuxnqx3TmcXkyZ///TPVnXq+V9wxlV
rebupvy/QB2H/et30u2v9WaJjyBdOsyFzMmr5Vp2AuSXrFo0hCrh2HxqGxcBlSm2
IwJaqI4RHzEDs5Z7gOBcBWHZ+V8zlVxtkikao7Dm2pv1b2Jukwh+wS1QicATAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUXemgF2KFuSY9tZcotWgfJ8A5M2kwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzMzMjMwMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjIw
DQYJKoZIhvcNAQELBQADggEBAAzfkE/jWdOYIoGEoFDzSUjVIEgdYFHU29jsjNeq
+HKqVmBi6L9/XJiPTJ9DtM0C7+Fq3p4/ZGq1XA3Lz72sMJCXDBm74bcSYxNtmU5y
0Ivw7lL9eimXjai+zKvVC1aXM5zfypPrgD2PFPRNuHSrfKhjHWtDke0PrUJ2njhI
z03BTOyQnyakQG7awjybtF7HcrBYEO6ryVtsUzNgWKsCr1tk+eaC81xknBX/uQe5
DQlAXstMDPIlqM0d8Vbl48BjepXT12zIwi3cGbklXTIImSqSuwH4hmfrcGBv8QWI
JZuj9z6nj/CJCu25TdtKUllH0lhsXBkYbmY/XKUusaK4VLU=
-----END CERTIFICATE-----