Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35362e302f32342d3234203d3e20323136343538.roa
File:                     33312e362e35362e302f32342d3234203d3e20323136343538.roa (raw, json)
Hash identifier:          MzVC5egIJRnCzhOCF1G3cvPh0OLGHuhyJ26pm0eAqEg=
Subject key identifier:   56:98:18:7C:08:2E:08:EF:F6:CA:67:B6:EC:41:EE:F0:23:44:1C:F8
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0F0308E4AE743DB6C25BD5C6015F6F882F931CC8
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35362e302f32342d3234203d3e20323136343538.roa
Signing time:             Sat 11 May 2024 06:47:53 +0000
ROA not before:           Sat 11 May 2024 06:42:53 +0000
ROA not after:            Sat 10 May 2025 06:47:53 +0000
asID:                     216458
IP address blocks:        31.6.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:03:08:e4:ae:74:3d:b6:c2:5b:d5:c6:01:5f:6f:88:2f:93:1c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May 11 06:42:53 2024 GMT
            Not After : May 10 06:47:53 2025 GMT
        Subject: CN=5698187C082E08EFF6CA67B6EC41EEF023441CF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b8:f6:32:8a:4f:b1:bb:bc:03:79:75:03:f5:
                    55:67:0c:62:e3:bd:96:d1:43:2d:5e:95:54:25:09:
                    1e:3e:94:c0:34:f1:7c:2e:0a:5b:5d:76:e3:94:b7:
                    1b:b1:10:ad:86:4c:1d:9a:e1:bf:45:20:fb:6d:d4:
                    ea:98:30:24:c9:99:4a:ea:d2:43:ad:59:c2:63:01:
                    2c:c7:09:0e:5d:e1:97:bb:94:18:23:bf:3b:5b:38:
                    86:88:25:59:a4:27:d7:87:cd:d6:b1:b2:bf:ba:fe:
                    9f:2b:70:5f:8c:1a:6e:b6:06:68:a2:b6:fb:9d:45:
                    3b:68:dc:43:be:ac:21:a0:fc:5c:35:c5:d3:b6:b5:
                    0f:b3:21:0d:d2:94:24:6c:3c:07:6f:aa:05:44:a1:
                    a3:23:66:e8:35:ff:d3:bc:ca:02:8e:35:38:5d:e1:
                    c6:70:d6:3b:e6:2b:06:9d:e1:f8:52:e0:ce:4b:92:
                    79:1c:1d:43:cf:eb:bf:46:2c:f7:3d:f6:ac:8a:ec:
                    d6:41:3e:98:27:53:b1:52:2f:5b:e8:c5:59:af:5a:
                    6d:27:c0:77:18:05:a5:2a:1b:50:bf:20:e4:66:75:
                    1c:91:b0:7a:6b:1d:03:ad:d5:92:78:30:e2:85:cf:
                    59:40:b0:d6:5e:13:ef:3d:54:77:c7:24:98:9d:5d:
                    b7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:98:18:7C:08:2E:08:EF:F6:CA:67:B6:EC:41:EE:F0:23:44:1C:F8
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35362e302f32342d3234203d3e20323136343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:c0:2c:91:7f:e0:45:bc:b6:4b:5c:6e:02:d0:9c:e5:ec:c7:
         39:38:28:5b:15:6d:db:8b:f9:f5:ff:8e:46:08:44:62:dc:e1:
         4f:f9:ba:c8:eb:77:85:b3:09:99:cf:00:e8:51:36:94:62:07:
         b5:e4:51:25:fd:60:73:d9:06:f9:d5:be:2b:21:6b:6b:cf:9c:
         ef:0b:85:b7:dc:f0:d1:e0:99:29:3e:ef:f4:dd:8c:7a:e6:58:
         fb:30:83:96:a1:6a:d2:7a:91:6f:c0:23:fe:84:cc:c1:fe:da:
         01:8e:6c:a0:27:7d:5a:5f:ee:77:e5:05:30:e8:ac:be:22:78:
         75:6b:c4:01:6a:ad:58:cd:e1:ac:e6:26:45:60:56:6c:54:84:
         26:40:61:a0:20:24:48:40:48:3f:79:ed:d4:b7:99:c9:82:e4:
         94:29:84:1a:c0:1b:72:8b:e5:f3:ea:33:ec:10:6b:67:b6:72:
         27:57:b5:28:93:db:a3:3f:80:8a:56:f4:75:a0:d9:dd:9a:ff:
         14:2d:f1:34:4e:55:70:c0:cd:33:f6:fe:0d:92:df:9d:ab:f2:
         93:e4:f9:38:09:a5:3f:01:fb:59:29:26:23:6c:1e:a3:09:9b:
         26:e5:52:0f:5e:8b:65:46:5f:b6:11:c7:fe:2b:83:c5:54:40:
         01:2b:76:89
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDwMI5K50PbbCW9XGAV9viC+THMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA1MTEwNjQyNTNaFw0yNTA1MTAwNjQ3NTNaMDMxMTAvBgNV
BAMTKDU2OTgxODdDMDgyRTA4RUZGNkNBNjdCNkVDNDFFRUYwMjM0NDFDRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbuPYyik+xu7wDeXUD9VVnDGLj
vZbRQy1elVQlCR4+lMA08XwuCltdduOUtxuxEK2GTB2a4b9FIPtt1OqYMCTJmUrq
0kOtWcJjASzHCQ5d4Ze7lBgjvztbOIaIJVmkJ9eHzdaxsr+6/p8rcF+MGm62Bmii
tvudRTto3EO+rCGg/Fw1xdO2tQ+zIQ3SlCRsPAdvqgVEoaMjZug1/9O8ygKONThd
4cZw1jvmKwad4fhS4M5LknkcHUPP679GLPc99qyK7NZBPpgnU7FSL1voxVmvWm0n
wHcYBaUqG1C/IORmdRyRsHprHQOt1ZJ4MOKFz1lAsNZeE+89VHfHJJidXbeTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUVpgYfAguCO/2yme27EHu8CNEHPgwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzNDM1Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjgw
DQYJKoZIhvcNAQELBQADggEBAADALJF/4EW8tktcbgLQnOXsxzk4KFsVbduL+fX/
jkYIRGLc4U/5usjrd4WzCZnPAOhRNpRiB7XkUSX9YHPZBvnVvisha2vPnO8Lhbfc
8NHgmSk+7/TdjHrmWPswg5ahatJ6kW/AI/6EzMH+2gGObKAnfVpf7nflBTDorL4i
eHVrxAFqrVjN4azmJkVgVmxUhCZAYaAgJEhASD957dS3mcmC5JQphBrAG3KL5fPq
M+wQa2e2cidXtSiT26M/gIpW9HWg2d2a/xQt8TROVXDAzTP2/g2S352r8pPk+TgJ
pT8B+1kpJiNsHqMJmyblUg9ei2VGX7YRx/4rg8VUQAErdok=
-----END CERTIFICATE-----