Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20323033333633.roa
File:                     33312e362e35312e302f32342d3234203d3e20323033333633.roa (raw, json)
Hash identifier:          6wtrjCYqwaqyq92rU/rulW2FRkC2kV77/JSSKeMhOFQ=
Subject key identifier:   34:F3:26:0C:56:B9:B0:9A:0C:61:2A:79:C3:13:DD:F7:0D:2D:F5:71
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       6F778669283F4E553F35573AEE0ED464B9B855D7
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20323033333633.roa
Signing time:             Mon 20 May 2024 08:46:18 +0000
ROA not before:           Mon 20 May 2024 08:41:18 +0000
ROA not after:            Mon 19 May 2025 08:46:18 +0000
asID:                     203363
IP address blocks:        31.6.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:77:86:69:28:3f:4e:55:3f:35:57:3a:ee:0e:d4:64:b9:b8:55:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May 20 08:41:18 2024 GMT
            Not After : May 19 08:46:18 2025 GMT
        Subject: CN=34F3260C56B9B09A0C612A79C313DDF70D2DF571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:e7:ef:a9:bb:d2:a0:77:b5:b6:eb:75:ab:62:
                    a6:60:2d:fb:06:9b:7f:62:92:93:13:30:cb:bb:9c:
                    82:61:b3:20:d4:52:57:0c:a8:c0:d1:02:4c:81:85:
                    ad:92:25:42:fd:17:b5:65:5e:e3:ee:6b:27:36:d5:
                    43:a1:d0:df:c4:1c:32:a6:82:41:65:b4:52:15:c4:
                    a3:35:86:a2:42:21:75:a2:73:4e:73:ce:6a:45:c6:
                    a0:04:0a:0a:03:8a:46:b3:01:57:68:68:bb:45:85:
                    29:a2:5f:77:a0:d9:8f:4e:2d:3a:7a:38:df:8c:91:
                    97:99:7c:04:9d:8b:db:b2:56:52:7c:1e:bb:3c:40:
                    26:58:f7:b9:dd:ae:08:7a:90:57:10:18:04:b7:5e:
                    9d:a6:4f:5f:41:d8:5d:1d:cf:30:e8:3f:9e:05:c3:
                    d5:70:3a:a2:5c:ab:1c:37:94:9a:63:10:68:da:5d:
                    17:06:17:65:6d:2a:ed:3e:9f:a8:e2:b6:b8:ae:5a:
                    84:ec:51:4e:e9:bc:ff:00:77:77:93:da:03:2f:30:
                    dc:65:aa:c1:37:d2:e4:11:03:7f:4d:c0:3e:c0:60:
                    28:0f:54:44:c7:05:cc:23:3c:bb:ff:cb:fe:be:bf:
                    38:06:74:34:a5:8c:e5:69:e0:64:b2:f7:18:d4:88:
                    9a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F3:26:0C:56:B9:B0:9A:0C:61:2A:79:C3:13:DD:F7:0D:2D:F5:71
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20323033333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:c1:a5:7e:f3:15:03:d7:ac:d8:e2:c0:ee:40:eb:a8:bf:dd:
         0e:20:23:e4:9e:77:6a:00:73:a0:d8:76:48:4a:57:a8:fc:00:
         52:ea:5f:08:e6:74:18:e8:71:bb:27:1f:39:5f:e6:66:1b:a1:
         84:51:5a:23:09:40:33:1a:38:ad:52:f4:99:80:51:3e:88:4d:
         d0:15:a3:33:a2:e2:52:a6:20:42:b6:28:02:e5:fb:ae:76:91:
         22:ae:b8:52:ca:05:33:2e:dd:44:a3:be:10:2d:5f:a2:d9:66:
         19:71:c4:2c:6f:35:ad:8f:f9:af:91:85:6e:71:cf:5f:99:3c:
         29:0b:30:a3:33:b0:40:5c:7e:7a:24:97:7a:5d:ba:88:26:59:
         29:09:bc:25:15:88:81:56:ff:04:59:a2:61:74:4a:e9:73:b8:
         00:d5:a3:d7:1a:45:db:36:e9:6c:6b:c1:ae:cf:6f:f0:a8:9d:
         b9:e3:94:0e:e6:d6:ca:47:88:77:41:24:35:80:99:02:49:3a:
         55:2a:10:15:e0:22:69:51:95:72:72:7f:42:92:2a:38:c4:06:
         a6:32:dd:0b:45:6d:87:4c:d4:88:f8:8d:05:08:d2:b7:2b:0a:
         e8:5e:13:49:26:db:4a:b1:79:c1:c1:58:b1:58:3c:12:d0:d8:
         8d:ee:2d:ca
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUb3eGaSg/TlU/NVc67g7UZLm4VdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA1MjAwODQxMThaFw0yNTA1MTkwODQ2MThaMDMxMTAvBgNV
BAMTKDM0RjMyNjBDNTZCOUIwOUEwQzYxMkE3OUMzMTNEREY3MEQyREY1NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG5++pu9Kgd7W263WrYqZgLfsG
m39ikpMTMMu7nIJhsyDUUlcMqMDRAkyBha2SJUL9F7VlXuPuayc21UOh0N/EHDKm
gkFltFIVxKM1hqJCIXWic05zzmpFxqAECgoDikazAVdoaLtFhSmiX3eg2Y9OLTp6
ON+MkZeZfASdi9uyVlJ8Hrs8QCZY97ndrgh6kFcQGAS3Xp2mT19B2F0dzzDoP54F
w9VwOqJcqxw3lJpjEGjaXRcGF2VtKu0+n6jitriuWoTsUU7pvP8Ad3eT2gMvMNxl
qsE30uQRA39NwD7AYCgPVETHBcwjPLv/y/6+vzgGdDSljOVp4GSy9xjUiJoxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUNPMmDFa5sJoMYSp5wxPd9w0t9XEwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzMzMzM2MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjMw
DQYJKoZIhvcNAQELBQADggEBAITBpX7zFQPXrNjiwO5A66i/3Q4gI+Sed2oAc6DY
dkhKV6j8AFLqXwjmdBjocbsnHzlf5mYboYRRWiMJQDMaOK1S9JmAUT6ITdAVozOi
4lKmIEK2KALl+652kSKuuFLKBTMu3USjvhAtX6LZZhlxxCxvNa2P+a+RhW5xz1+Z
PCkLMKMzsEBcfnokl3pduogmWSkJvCUViIFW/wRZomF0SulzuADVo9caRds26Wxr
wa7Pb/ConbnjlA7m1spHiHdBJDWAmQJJOlUqEBXgImlRlXJyf0KSKjjEBqYy3QtF
bYdM1Ij4jQUI0rcrCuheE0km20qxecHBWLFYPBLQ2I3uLco=
-----END CERTIFICATE-----