Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20333937363330.roa
File:                     33312e362e35322e302f32342d3234203d3e20333937363330.roa (raw, json)
Hash identifier:          Na9XN443wQLfYm/73h8f/AdNSOrc8D+pKvpMndYJ+G0=
Subject key identifier:   58:5D:4C:89:10:B3:60:53:5E:99:61:95:4A:11:0A:49:9B:00:BC:A3
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       5EEBD7DABE013A72D9BEE870673B15E170A43056
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20333937363330.roa
Signing time:             Tue 14 Nov 2023 15:02:30 +0000
ROA not before:           Tue 14 Nov 2023 14:57:30 +0000
ROA not after:            Tue 12 Nov 2024 15:02:30 +0000
asID:                     397630
IP address blocks:        31.6.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:eb:d7:da:be:01:3a:72:d9:be:e8:70:67:3b:15:e1:70:a4:30:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 14 14:57:30 2023 GMT
            Not After : Nov 12 15:02:30 2024 GMT
        Subject: CN=585D4C8910B360535E9961954A110A499B00BCA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f0:8c:d6:cd:d4:bb:28:08:7c:bd:3d:7f:8f:
                    1a:28:9b:43:1b:97:4d:48:e0:8f:99:b0:42:df:aa:
                    87:78:0d:fd:66:e8:10:77:c1:15:d5:9f:7e:4b:5f:
                    63:63:2c:db:47:a3:8f:17:75:58:86:b6:3d:c0:6c:
                    6e:a4:ed:1c:ce:bf:44:e6:02:0d:14:cf:85:4e:c1:
                    40:b2:a0:ec:da:ce:b0:29:e9:c6:2f:23:5e:4b:d4:
                    13:ec:63:ae:14:c3:85:df:ef:94:ab:1f:dc:93:75:
                    76:ae:00:e3:c0:bd:c7:d2:de:1e:8c:f6:70:27:5b:
                    51:be:81:e5:c7:ad:6c:84:2d:b3:a5:fe:c2:e7:24:
                    44:d8:df:9c:5d:73:e1:47:a0:55:81:57:53:a9:50:
                    62:d0:53:b5:9d:6e:90:e7:de:8a:9b:0d:e3:19:18:
                    0e:78:44:c1:0e:aa:39:ad:34:9a:83:b9:28:d7:3f:
                    c5:46:dc:a6:c7:42:4e:20:57:d2:05:6f:6f:ea:e2:
                    80:11:81:62:0f:53:b3:82:5f:7e:c7:00:b0:dd:8c:
                    56:28:f0:02:71:e7:d4:e8:9d:39:49:3c:0a:c0:61:
                    fb:fb:a0:71:44:2e:26:3a:17:a0:9b:e2:3b:48:90:
                    d9:3d:a0:27:0a:08:73:cc:21:80:02:c5:90:62:b9:
                    5e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:5D:4C:89:10:B3:60:53:5E:99:61:95:4A:11:0A:49:9B:00:BC:A3
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20333937363330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:61:cd:5d:35:f5:2f:8d:d4:79:43:61:5f:01:c4:a5:8d:43:
         dd:a7:42:76:29:b2:02:b0:19:44:ec:af:d5:39:03:5b:6d:46:
         e8:e1:42:8f:d4:34:12:b1:1e:79:83:5d:32:1e:c6:af:61:a0:
         fe:b1:e4:73:9e:d5:19:47:1f:d8:10:2f:e3:9b:44:0d:2d:0b:
         eb:6d:a2:37:9b:b1:92:4a:bd:d4:32:fb:9e:02:8c:cc:b0:b8:
         48:8a:c4:0b:20:9b:54:46:d9:ea:7e:4c:6d:ed:04:09:16:db:
         6d:ce:59:07:cc:7a:d4:58:e8:3f:b8:09:77:ca:74:37:e4:6d:
         60:a9:10:c7:b9:2c:a9:9b:b5:78:18:38:f0:5b:a7:f4:5e:2f:
         0a:db:7e:89:19:9f:53:66:fe:08:71:3b:b9:ec:50:f7:77:10:
         5c:17:70:fd:5f:3e:4c:7f:23:66:81:2f:db:16:9c:4e:8a:72:
         ea:34:23:b0:11:64:11:0d:0b:77:94:b8:d2:95:c7:db:e3:59:
         92:a9:c9:09:b9:bb:78:6b:ff:fb:15:f1:2f:65:83:32:99:63:
         45:83:35:6d:17:51:90:2c:d4:eb:57:10:7e:f8:6c:73:81:04:
         fd:74:a3:fa:bc:68:c2:d7:a8:be:97:ab:e3:51:97:70:ad:7e:
         28:6e:7b:79
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXuvX2r4BOnLZvuhwZzsV4XCkMFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzExMTQxNDU3MzBaFw0yNDExMTIxNTAyMzBaMDMxMTAvBgNV
BAMTKDU4NUQ0Qzg5MTBCMzYwNTM1RTk5NjE5NTRBMTEwQTQ5OUIwMEJDQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC18IzWzdS7KAh8vT1/jxoom0Mb
l01I4I+ZsELfqod4Df1m6BB3wRXVn35LX2NjLNtHo48XdViGtj3AbG6k7RzOv0Tm
Ag0Uz4VOwUCyoOzazrAp6cYvI15L1BPsY64Uw4Xf75SrH9yTdXauAOPAvcfS3h6M
9nAnW1G+geXHrWyELbOl/sLnJETY35xdc+FHoFWBV1OpUGLQU7WdbpDn3oqbDeMZ
GA54RMEOqjmtNJqDuSjXP8VG3KbHQk4gV9IFb2/q4oARgWIPU7OCX37HALDdjFYo
8AJx59TonTlJPArAYfv7oHFELiY6F6Cb4jtIkNk9oCcKCHPMIYACxZBiuV69AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUWF1MiRCzYFNemWGVShEKSZsAvKMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzczNjMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjQw
DQYJKoZIhvcNAQELBQADggEBAAdhzV019S+N1HlDYV8BxKWNQ92nQnYpsgKwGUTs
r9U5A1ttRujhQo/UNBKxHnmDXTIexq9hoP6x5HOe1RlHH9gQL+ObRA0tC+ttojeb
sZJKvdQy+54CjMywuEiKxAsgm1RG2ep+TG3tBAkW223OWQfMetRY6D+4CXfKdDfk
bWCpEMe5LKmbtXgYOPBbp/ReLwrbfokZn1Nm/ghxO7nsUPd3EFwXcP1fPkx/I2aB
L9sWnE6Kcuo0I7ARZBENC3eUuNKVx9vjWZKpyQm5u3hr//sV8S9lgzKZY0WDNW0X
UZAs1OtXEH74bHOBBP10o/q8aMLXqL6Xq+NRl3Ctfihue3k=
-----END CERTIFICATE-----