Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36302e302f32342d3234203d3e203232333633.roa
File:                     33312e362e36302e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          a4vxUTEAmlD/sdU835c5cNya9kU5u6a2MgZqy1NLgTE=
Subject key identifier:   D4:AE:9E:24:1D:BB:22:AB:BD:E9:11:1F:26:24:7E:B3:40:37:3B:7F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       3A2958C26227450179A8AB4A178C0B16EE24D33C
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36302e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:19 +0000
ROA not before:           Mon 02 Sep 2024 06:00:19 +0000
ROA not after:            Mon 01 Sep 2025 06:05:19 +0000
asID:                     22363
IP address blocks:        31.6.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:29:58:c2:62:27:45:01:79:a8:ab:4a:17:8c:0b:16:ee:24:d3:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:19 2024 GMT
            Not After : Sep  1 06:05:19 2025 GMT
        Subject: CN=D4AE9E241DBB22ABBDE9111F26247EB340373B7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e5:a7:a3:e4:d6:7e:85:52:bb:03:f7:72:5c:
                    9e:54:e0:6e:a4:58:ea:60:04:e1:84:b9:d1:92:4a:
                    73:82:ab:f5:bb:3d:1e:38:69:b2:cb:58:47:06:6d:
                    be:ce:4f:e8:95:ea:fe:83:af:da:67:c6:bc:85:9a:
                    16:37:da:48:d7:0e:5b:21:d7:ee:4b:f0:6b:d4:a5:
                    93:a4:9e:5f:af:3b:ff:ff:0e:30:6b:c0:0d:e1:a2:
                    22:f2:1e:d3:b5:48:72:c5:88:e2:f8:9e:51:e1:d9:
                    ea:48:1d:53:94:a6:c9:d3:5c:05:84:69:2a:06:28:
                    44:db:83:f3:90:e3:9e:57:da:e5:29:28:51:8d:24:
                    19:ea:f1:c4:14:94:df:0a:4e:bd:d2:df:98:c2:4d:
                    be:3d:d5:d2:8b:0b:45:6b:16:b6:78:22:c4:e4:5c:
                    df:8f:c3:b2:8c:2b:ec:a4:66:ad:55:7c:51:20:72:
                    bf:2f:54:6c:f2:75:d2:b4:2e:77:16:b6:9c:96:6f:
                    be:b4:70:69:c0:7c:82:2a:50:61:55:fc:da:e1:12:
                    71:b2:6c:4c:93:67:b7:d0:4b:3b:f2:3b:53:e2:8b:
                    7d:39:23:ab:5f:f0:4c:e8:16:81:cc:57:aa:67:00:
                    f1:ba:bf:b6:6e:8e:c7:ab:41:91:14:3d:34:7b:4c:
                    82:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AE:9E:24:1D:BB:22:AB:BD:E9:11:1F:26:24:7E:B3:40:37:3B:7F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36302e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:45:ac:2a:19:23:f9:7e:df:cf:b3:5a:1f:dd:6b:5f:e3:8c:
         fe:66:8b:35:be:7c:5a:df:ff:5b:ba:e2:4a:fb:41:7d:32:85:
         92:0b:2c:ac:02:a5:05:e2:0d:f9:c4:99:42:c2:4a:c7:e2:11:
         8e:d8:1c:f7:f4:98:f8:71:b9:64:bb:d6:fe:41:56:ef:6c:80:
         5a:31:75:14:0c:b7:f7:00:ed:db:23:f3:2f:92:64:72:ed:c7:
         cc:80:4f:85:09:a1:68:20:0e:28:ec:c7:b3:16:8d:18:af:58:
         22:43:cd:1f:d6:75:e4:e8:f9:91:9b:07:04:3b:a4:d0:0f:ee:
         f6:11:79:0e:bd:d8:82:92:e3:1c:b3:dc:10:2b:86:cd:b2:7f:
         b9:fb:58:12:05:e9:a4:a6:6a:0a:1e:f7:f4:99:4e:f3:e2:3a:
         4a:29:c7:57:55:dc:6f:54:95:e9:e5:13:61:07:13:8b:0e:c2:
         e4:27:af:9b:b9:5c:11:3b:05:ee:65:10:95:67:0e:7b:c8:ea:
         9e:da:89:ab:2f:f6:cf:f9:8b:5d:a7:33:8c:6e:cb:83:89:7a:
         20:b9:7b:64:5c:27:36:f2:bf:ca:80:2a:3a:6e:18:2e:a1:40:
         7a:16:46:04:89:61:7e:be:54:65:0b:49:04:16:f6:45:f0:f1:
         6e:5e:78:e7
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUOilYwmInRQF5qKtKF4wLFu4k0zwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMTlaFw0yNTA5MDEwNjA1MTlaMDMxMTAvBgNV
BAMTKEQ0QUU5RTI0MURCQjIyQUJCREU5MTExRjI2MjQ3RUIzNDAzNzNCN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj5aej5NZ+hVK7A/dyXJ5U4G6k
WOpgBOGEudGSSnOCq/W7PR44abLLWEcGbb7OT+iV6v6Dr9pnxryFmhY32kjXDlsh
1+5L8GvUpZOknl+vO///DjBrwA3hoiLyHtO1SHLFiOL4nlHh2epIHVOUpsnTXAWE
aSoGKETbg/OQ455X2uUpKFGNJBnq8cQUlN8KTr3S35jCTb491dKLC0VrFrZ4IsTk
XN+Pw7KMK+ykZq1VfFEgcr8vVGzyddK0LncWtpyWb760cGnAfIIqUGFV/NrhEnGy
bEyTZ7fQSzvyO1Pii305I6tf8EzoFoHMV6pnAPG6v7ZujserQZEUPTR7TIJBAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU1K6eJB27Iqu96REfJiR+s0A3O38wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwY8MA0G
CSqGSIb3DQEBCwUAA4IBAQBdRawqGSP5ft/Ps1of3Wtf44z+Zos1vnxa3/9buuJK
+0F9MoWSCyysAqUF4g35xJlCwkrH4hGO2Bz39Jj4cblku9b+QVbvbIBaMXUUDLf3
AO3bI/MvkmRy7cfMgE+FCaFoIA4o7MezFo0Yr1giQ80f1nXk6PmRmwcEO6TQD+72
EXkOvdiCkuMcs9wQK4bNsn+5+1gSBemkpmoKHvf0mU7z4jpKKcdXVdxvVJXp5RNh
BxOLDsLkJ6+buVwROwXuZRCVZw57yOqe2omrL/bP+YtdpzOMbsuDiXoguXtkXCc2
8r/KgCo6bhguoUB6FkYEiWF+vlRlC0kEFvZF8PFuXnjn
-----END CERTIFICATE-----