Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35362e302f32342d3234203d3e20323134303133.roa
File:                     33312e362e35362e302f32342d3234203d3e20323134303133.roa (raw, json)
Hash identifier:          8CM4EEVMnWbU9RUTBY0T9f7MGaDYvaN8QLcIJ6nlb4s=
Subject key identifier:   75:4C:72:97:F6:7F:09:6C:F8:8E:AF:1B:AA:4B:49:CF:27:D2:F4:9F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       52B061252802C45C7B8F28FFBCEF6BA47A516DF0
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35362e302f32342d3234203d3e20323134303133.roa
Signing time:             Sun 01 Dec 2024 09:46:28 +0000
ROA not before:           Sun 01 Dec 2024 09:41:28 +0000
ROA not after:            Sun 30 Nov 2025 09:46:28 +0000
asID:                     214013
IP address blocks:        31.6.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 20:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:b0:61:25:28:02:c4:5c:7b:8f:28:ff:bc:ef:6b:a4:7a:51:6d:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Dec  1 09:41:28 2024 GMT
            Not After : Nov 30 09:46:28 2025 GMT
        Subject: CN=754C7297F67F096CF88EAF1BAA4B49CF27D2F49F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:95:ed:0b:2e:62:a7:15:fa:6f:45:ce:2e:a1:
                    02:35:37:c8:10:8d:40:5f:ed:a7:ef:01:36:57:be:
                    3f:f5:4f:97:37:5b:06:9b:b5:dd:f5:57:92:a9:e8:
                    6a:86:42:34:f6:20:84:18:32:b5:e9:0f:81:b9:60:
                    d9:77:c6:f4:51:e4:7a:29:25:05:2f:ce:b0:52:bb:
                    4b:e6:90:d6:24:a6:b3:39:a6:bc:a1:fc:7d:09:65:
                    88:15:3a:08:92:0e:1a:d5:43:e7:04:42:ae:6f:84:
                    91:10:47:a7:c8:ba:1d:2c:c4:88:4f:2e:11:9e:d8:
                    a7:4e:24:38:85:6b:52:f3:7f:28:0b:51:9e:9c:2d:
                    e5:b3:dc:e0:3d:4e:c7:b2:ac:0a:74:26:ab:d1:b4:
                    45:4c:27:6d:ac:40:6d:e0:7d:77:e2:7d:84:8a:a8:
                    bc:8b:ab:34:07:a5:88:30:49:da:8d:4d:b9:ed:cb:
                    8b:98:ab:39:a5:31:f7:a5:9f:47:d0:25:af:73:43:
                    ca:ed:ce:92:bc:f1:fd:5b:57:ea:0e:a0:f7:af:7c:
                    2f:d4:8f:24:3e:62:7a:98:ec:4c:8f:3f:b0:31:03:
                    1b:3a:90:ca:2d:cc:b4:cd:d3:dc:2e:e6:db:fc:8c:
                    8c:5d:88:d3:76:5a:94:a3:82:d3:84:a3:b8:70:88:
                    b9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4C:72:97:F6:7F:09:6C:F8:8E:AF:1B:AA:4B:49:CF:27:D2:F4:9F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35362e302f32342d3234203d3e20323134303133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:b3:85:33:27:4a:dc:30:01:b4:82:66:f0:f1:21:11:07:22:
         d6:64:46:90:8d:50:76:c3:c4:bd:e2:d9:7e:cb:06:49:4c:95:
         47:15:ee:b5:27:ba:5e:eb:d5:ed:24:c2:22:90:40:a9:ef:c6:
         55:5c:e6:80:25:cb:14:ef:08:b7:46:44:dd:de:55:97:dc:f8:
         e5:7d:56:c3:b2:98:be:40:e3:cf:7e:28:64:09:14:34:43:10:
         84:53:e2:71:25:81:d3:3c:49:8f:01:1a:8d:22:46:e7:c4:6f:
         a8:7d:e3:bf:52:41:63:25:e2:76:79:bc:7f:e7:9c:9c:66:f7:
         43:2d:b0:fe:12:b0:a5:92:c3:4f:0c:b5:ac:ba:57:10:2e:fc:
         f7:68:d5:81:b7:68:14:ef:80:75:f7:54:63:28:de:75:d1:a9:
         8a:9e:d3:12:34:40:5c:0d:de:ad:e9:87:70:e9:ae:dc:7f:11:
         a8:26:46:ee:64:a1:56:8d:cc:01:72:22:2a:86:52:c1:8a:7e:
         f7:1c:2d:0d:62:a0:27:2f:e0:37:ed:02:6c:35:6f:71:2f:21:
         95:bc:21:8b:61:d3:bb:1b:40:62:5b:97:33:4e:6e:36:85:95:
         f2:04:08:89:d2:b3:01:32:96:e0:68:b7:cd:8f:d5:6e:5e:ec:
         72:bb:2e:16
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUrBhJSgCxFx7jyj/vO9rpHpRbfAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDEyMDEwOTQxMjhaFw0yNTExMzAwOTQ2MjhaMDMxMTAvBgNV
BAMTKDc1NEM3Mjk3RjY3RjA5NkNGODhFQUYxQkFBNEI0OUNGMjdEMkY0OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRle0LLmKnFfpvRc4uoQI1N8gQ
jUBf7afvATZXvj/1T5c3Wwabtd31V5Kp6GqGQjT2IIQYMrXpD4G5YNl3xvRR5Hop
JQUvzrBSu0vmkNYkprM5pryh/H0JZYgVOgiSDhrVQ+cEQq5vhJEQR6fIuh0sxIhP
LhGe2KdOJDiFa1LzfygLUZ6cLeWz3OA9TseyrAp0JqvRtEVMJ22sQG3gfXfifYSK
qLyLqzQHpYgwSdqNTbnty4uYqzmlMfeln0fQJa9zQ8rtzpK88f1bV+oOoPevfC/U
jyQ+YnqY7EyPP7AxAxs6kMotzLTN09wu5tv8jIxdiNN2WpSjgtOEo7hwiLkBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUdUxyl/Z/CWz4jq8bqktJzyfS9J8wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzMDMxMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjgw
DQYJKoZIhvcNAQELBQADggEBAD+zhTMnStwwAbSCZvDxIREHItZkRpCNUHbDxL3i
2X7LBklMlUcV7rUnul7r1e0kwiKQQKnvxlVc5oAlyxTvCLdGRN3eVZfc+OV9VsOy
mL5A489+KGQJFDRDEIRT4nElgdM8SY8BGo0iRufEb6h9479SQWMl4nZ5vH/nnJxm
90MtsP4SsKWSw08Mtay6VxAu/Pdo1YG3aBTvgHX3VGMo3nXRqYqe0xI0QFwN3q3p
h3Dprtx/EagmRu5koVaNzAFyIiqGUsGKfvccLQ1ioCcv4DftAmw1b3EvIZW8IYth
07sbQGJblzNObjaFlfIECInSswEyluBot82P1W5e7HK7LhY=
-----END CERTIFICATE-----