Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa
File:                     33312e362e362e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          NIWqVSXB5uJ2z2Ee1XBGVuwiftyGSGNdyZzRn42tOc8=
Subject key identifier:   53:7C:10:12:7C:EB:22:1E:BC:BD:BF:F1:46:34:31:53:B7:C6:E1:88
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7FB73147111A07DE7E6F0B1A93AF23E6B2F535F6
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:b7:31:47:11:1a:07:de:7e:6f:0b:1a:93:af:23:e6:b2:f5:35:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=537C10127CEB221EBCBDBFF146343153B7C6E188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:99:e5:cb:b2:46:86:1d:35:39:fc:36:5e:dd:
                    da:ac:b1:8a:be:89:85:6b:4c:57:01:44:8e:42:d1:
                    d8:e7:48:00:d7:af:f4:50:03:03:8c:11:41:27:ab:
                    f7:d0:f3:aa:70:3d:5b:82:4c:b4:f4:b9:ee:1a:78:
                    1c:ff:21:a0:9a:f4:9b:b1:cc:c0:42:73:69:bd:c8:
                    71:2d:15:dd:b1:44:0a:6c:22:ad:e0:b8:8b:e2:6f:
                    64:3b:d0:26:e3:d4:ee:bd:fe:49:0c:6a:ee:88:1a:
                    56:d8:d9:40:d8:71:f3:98:7e:cf:45:02:61:0a:dd:
                    26:9f:b0:b1:29:29:75:bc:33:3e:f2:d4:22:a8:17:
                    c0:6c:87:a7:af:54:29:3e:5e:84:af:51:c6:4e:49:
                    42:9b:9c:65:8f:5a:98:a9:30:64:9b:7a:83:1d:a6:
                    8f:3b:fe:b1:25:7b:78:35:07:92:f7:d9:10:20:1f:
                    8b:f9:3f:0e:13:f0:a6:95:b4:ee:16:08:45:85:87:
                    82:3d:5b:20:d3:d7:bc:46:67:14:b0:c7:fe:51:62:
                    fd:4e:06:1c:de:1a:8f:b9:01:67:62:cd:85:27:06:
                    9d:80:35:c7:78:d7:8a:55:93:9e:75:38:6a:80:99:
                    3d:19:69:b4:a3:2c:50:cc:49:e7:0d:4e:1b:09:ea:
                    3e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:7C:10:12:7C:EB:22:1E:BC:BD:BF:F1:46:34:31:53:B7:C6:E1:88
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:c5:64:c1:aa:47:11:9f:6e:9c:20:bf:3a:db:44:a3:59:22:
         4a:d0:53:09:07:27:ec:c5:23:ea:21:57:cf:a9:eb:0b:3c:68:
         e0:26:6f:37:42:af:9b:3e:14:89:2e:5b:43:97:31:df:ac:e5:
         b3:12:b3:5e:66:77:aa:15:13:f3:cd:d3:a9:f2:6a:09:cb:55:
         e9:42:3a:a5:8d:1f:35:07:cb:b4:86:95:f5:29:32:58:a0:4e:
         b7:39:80:f5:1f:c2:fc:d6:3e:21:9b:dd:05:17:e5:e0:67:4f:
         7a:08:05:74:31:60:fc:dd:44:6f:86:ca:41:13:23:9e:1c:97:
         3d:df:22:1c:10:fa:fd:c8:1e:44:fa:73:28:e7:db:72:9e:81:
         3d:06:c9:cb:db:ee:9a:41:39:42:94:2d:18:27:97:e1:7d:a3:
         45:1c:18:fb:0b:43:79:b7:2e:90:7c:0c:54:1e:bf:b9:ba:79:
         3a:3f:63:51:6b:f9:c9:00:61:20:6d:7f:19:6e:7b:70:96:d0:
         7a:c6:57:07:bd:d6:d6:80:2b:75:44:65:80:8d:cc:43:04:62:
         2b:7d:5e:6c:50:ff:73:b6:78:a7:83:ae:8a:f4:ff:df:c5:db:
         52:ee:cf:fc:f0:cb:48:ce:bb:b6:01:59:73:c8:d7:71:61:62:
         58:a2:ee:90
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUf7cxRxEaB95+bwsak68j5rL1NfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKDUzN0MxMDEyN0NFQjIyMUVCQ0JEQkZGMTQ2MzQzMTUzQjdDNkUxODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOmeXLskaGHTU5/DZe3dqssYq+
iYVrTFcBRI5C0djnSADXr/RQAwOMEUEnq/fQ86pwPVuCTLT0ue4aeBz/IaCa9Jux
zMBCc2m9yHEtFd2xRApsIq3guIvib2Q70Cbj1O69/kkMau6IGlbY2UDYcfOYfs9F
AmEK3SafsLEpKXW8Mz7y1CKoF8Bsh6evVCk+XoSvUcZOSUKbnGWPWpipMGSbeoMd
po87/rEle3g1B5L32RAgH4v5Pw4T8KaVtO4WCEWFh4I9WyDT17xGZxSwx/5RYv1O
BhzeGo+5AWdizYUnBp2ANcd414pVk551OGqAmT0ZabSjLFDMSecNThsJ6j5JAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUU3wQEnzrIh68vb/xRjQxU7fG4YgwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GBjANBgkq
hkiG9w0BAQsFAAOCAQEAD8VkwapHEZ9unCC/OttEo1kiStBTCQcn7MUj6iFXz6nr
Czxo4CZvN0Kvmz4UiS5bQ5cx36zlsxKzXmZ3qhUT883TqfJqCctV6UI6pY0fNQfL
tIaV9SkyWKBOtzmA9R/C/NY+IZvdBRfl4GdPeggFdDFg/N1Eb4bKQRMjnhyXPd8i
HBD6/cgeRPpzKOfbcp6BPQbJy9vumkE5QpQtGCeX4X2jRRwY+wtDebcukHwMVB6/
ubp5Oj9jUWv5yQBhIG1/GW57cJbQesZXB73W1oArdURlgI3MQwRiK31ebFD/c7Z4
p4OuivT/38XbUu7P/PDLSM67tgFZc8jXcWFiWKLukA==
-----END CERTIFICATE-----