Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32332d3234203d3e203230343733.roa
File:                     33312e362e35342e302f32332d3234203d3e203230343733.roa (raw, json)
Hash identifier:          6+X46joMzaQxZ8eAr/B3W0N89sKC/06G1+Ka3v2j6u0=
Subject key identifier:   8A:4E:5F:19:4F:8F:A8:61:D3:D4:D8:73:93:94:D2:93:CC:22:EE:8C
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       090B1E168C8285026C1DE352B58FE0E814E14628
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32332d3234203d3e203230343733.roa
Signing time:             Thu 14 Nov 2024 18:00:40 +0000
ROA not before:           Thu 14 Nov 2024 17:55:40 +0000
ROA not after:            Thu 13 Nov 2025 18:00:40 +0000
asID:                     20473
IP address blocks:        31.6.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:0b:1e:16:8c:82:85:02:6c:1d:e3:52:b5:8f:e0:e8:14:e1:46:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 14 17:55:40 2024 GMT
            Not After : Nov 13 18:00:40 2025 GMT
        Subject: CN=8A4E5F194F8FA861D3D4D8739394D293CC22EE8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:aa:d7:91:a4:9a:a2:6f:0f:4d:12:1d:71:20:
                    bf:a2:0c:b8:88:e2:db:ce:d9:3d:03:d7:f6:26:1f:
                    0a:5a:26:35:35:ea:09:8d:91:3d:ad:e5:b0:d1:f0:
                    d8:08:7d:d5:4f:ce:ec:5a:e1:48:ae:6c:59:14:d7:
                    a3:39:d3:e8:9d:0e:db:6b:9d:c5:6a:e6:e8:1c:4c:
                    22:95:e2:74:4d:b3:77:b0:06:6e:f6:91:7a:40:5b:
                    4b:c9:ba:fc:07:47:83:8f:6f:fc:18:6f:a3:66:ba:
                    5f:7e:c0:71:07:74:92:6d:a2:b2:9e:bd:e7:cc:82:
                    bd:b8:73:59:76:6d:80:59:0a:c8:16:b0:3e:76:4b:
                    67:d0:20:7d:af:fb:05:bc:f8:9f:15:7a:6c:89:75:
                    3d:d8:6b:91:70:5c:9f:41:83:e6:8b:05:09:91:83:
                    34:71:ce:36:b1:83:68:e7:ae:2c:e6:1f:fc:0e:3f:
                    35:84:22:0d:25:87:37:31:60:19:3d:ff:12:66:96:
                    ce:07:b5:4d:ec:c5:71:8b:4c:33:d3:88:f1:61:28:
                    fd:4d:14:2f:bc:2b:29:e0:19:03:97:76:ff:b0:1d:
                    bb:2a:f6:80:7a:c0:da:5a:02:b9:c5:4a:9d:29:98:
                    cb:07:45:1b:aa:f8:2c:c9:ca:ac:c7:ea:9e:69:ae:
                    9e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:4E:5F:19:4F:8F:A8:61:D3:D4:D8:73:93:94:D2:93:CC:22:EE:8C
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32332d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:86:6c:b9:28:06:64:24:4f:ea:ff:1b:8e:a3:86:f7:b6:40:
         65:6e:e2:e6:6a:c1:b6:8d:69:ed:06:a4:56:fd:e8:a3:6c:8b:
         b0:b6:bc:74:96:d5:90:fe:12:3d:3f:c6:b8:e2:03:c0:4c:48:
         58:ae:c5:99:63:73:ac:a7:c4:27:1d:a0:ac:5b:2c:0f:eb:fa:
         5c:54:45:36:c2:5f:a7:fa:50:1f:5d:9f:e5:84:c6:80:05:96:
         e0:8a:d5:6a:dc:9f:ef:18:39:a0:a9:90:e3:00:ee:b5:33:e8:
         93:2d:f4:13:7e:e8:b2:f1:aa:cb:3e:23:e7:7c:b0:de:f1:bd:
         fb:90:a3:eb:9e:61:af:fd:80:9d:b8:50:ce:aa:92:25:8b:3b:
         6f:ac:db:e9:3c:2d:55:66:43:db:9c:be:34:84:8d:12:0e:69:
         d0:76:5a:ed:f4:15:e6:8c:e1:32:01:40:f5:0a:a5:07:e0:90:
         3c:a3:18:aa:30:60:8a:54:35:d9:0a:44:9a:ef:65:ec:3b:1d:
         d0:92:d6:c8:2c:d6:5e:75:df:d4:5f:e0:80:d5:0d:ed:56:6d:
         b6:3b:c7:05:33:87:04:7b:f3:f8:fd:23:71:18:fb:5e:65:ab:
         fa:52:25:69:4e:7d:c8:59:ae:6d:1a:e7:b4:48:5a:a2:d1:d0:
         06:45:e2:14
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUCQseFoyChQJsHeNStY/g6BThRigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMTQxNzU1NDBaFw0yNTExMTMxODAwNDBaMDMxMTAvBgNV
BAMTKDhBNEU1RjE5NEY4RkE4NjFEM0Q0RDg3MzkzOTREMjkzQ0MyMkVFOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaqteRpJqibw9NEh1xIL+iDLiI
4tvO2T0D1/YmHwpaJjU16gmNkT2t5bDR8NgIfdVPzuxa4UiubFkU16M50+idDttr
ncVq5ugcTCKV4nRNs3ewBm72kXpAW0vJuvwHR4OPb/wYb6Nmul9+wHEHdJJtorKe
vefMgr24c1l2bYBZCsgWsD52S2fQIH2v+wW8+J8VemyJdT3Ya5FwXJ9Bg+aLBQmR
gzRxzjaxg2jnrizmH/wOPzWEIg0lhzcxYBk9/xJmls4HtU3sxXGLTDPTiPFhKP1N
FC+8KyngGQOXdv+wHbsq9oB6wNpaArnFSp0pmMsHRRuq+CzJyqzH6p5prp6NAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUik5fGU+PqGHT1Nhzk5TSk8wi7owwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzQyZTMw
MmYzMjMzMmQzMjM0MjAzZDNlMjAzMjMwMzQzNzMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHwY2MA0G
CSqGSIb3DQEBCwUAA4IBAQAKhmy5KAZkJE/q/xuOo4b3tkBlbuLmasG2jWntBqRW
/eijbIuwtrx0ltWQ/hI9P8a44gPATEhYrsWZY3Osp8QnHaCsWywP6/pcVEU2wl+n
+lAfXZ/lhMaABZbgitVq3J/vGDmgqZDjAO61M+iTLfQTfuiy8arLPiPnfLDe8b37
kKPrnmGv/YCduFDOqpIliztvrNvpPC1VZkPbnL40hI0SDmnQdlrt9BXmjOEyAUD1
CqUH4JA8oxiqMGCKVDXZCkSa72XsOx3QktbILNZedd/UX+CA1Q3tVm22O8cFM4cE
e/P4/SNxGPteZav6UiVpTn3IWa5tGue0SFqi0dAGReIU
-----END CERTIFICATE-----