Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa
File:                     33312e362e36312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          IBtvqtzkoXLvJKn0An1IOr7OxAa9Ap3UxJEbqon60yU=
Subject key identifier:   3D:21:2F:D5:35:17:58:5B:71:0F:17:96:96:C6:E8:CE:40:84:07:D8
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       2DE912F6B88C428A466DA8F3BD0A9048EE5C460A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 31 Oct 2024 08:43:26 +0000
ROA not before:           Thu 31 Oct 2024 08:38:26 +0000
ROA not after:            Thu 30 Oct 2025 08:43:26 +0000
asID:                     61317
IP address blocks:        31.6.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:e9:12:f6:b8:8c:42:8a:46:6d:a8:f3:bd:0a:90:48:ee:5c:46:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct 31 08:38:26 2024 GMT
            Not After : Oct 30 08:43:26 2025 GMT
        Subject: CN=3D212FD53517585B710F179696C6E8CE408407D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:80:9d:7a:b2:17:9b:3e:60:4f:18:d9:d7:df:
                    c5:fd:ea:f9:06:bf:f4:ab:11:3f:5d:34:70:dd:26:
                    09:2b:a6:83:54:03:68:bc:de:e9:b8:e0:cc:a4:3e:
                    bf:b0:9c:8a:cf:73:fe:2e:8a:9e:56:a4:21:e3:4f:
                    5c:4c:50:57:76:ac:d6:08:df:be:0e:37:f7:64:80:
                    82:df:15:74:8f:e1:1e:dc:5e:32:6c:8b:10:9a:c5:
                    35:b1:36:35:3c:9c:11:41:20:7c:72:a1:b6:6e:61:
                    7b:d0:3f:18:6d:fa:23:7a:8f:d0:c7:ed:a8:00:1e:
                    1d:d3:a8:83:2a:1a:7e:bf:d5:1e:e5:e6:22:fd:59:
                    70:0d:5e:9b:97:88:2a:e6:25:82:55:2a:87:e0:d8:
                    3c:e5:84:ea:c3:e0:83:43:e1:47:54:25:c3:58:7c:
                    58:5a:90:87:d8:54:1b:00:a5:4e:7d:f6:03:18:e9:
                    2d:8f:d8:60:df:db:3a:ff:66:55:ea:e6:0e:67:2c:
                    eb:a5:9d:7d:99:5c:da:c7:91:4f:0c:e8:0d:20:39:
                    69:cf:4c:8a:27:31:16:d9:55:d8:91:0b:15:90:71:
                    5c:8f:6c:53:b9:af:8b:f6:8e:e8:d1:11:37:18:5a:
                    75:88:73:8a:80:58:dd:87:92:9a:9a:eb:27:95:cb:
                    3f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:21:2F:D5:35:17:58:5B:71:0F:17:96:96:C6:E8:CE:40:84:07:D8
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:a6:fc:e1:21:33:b3:8b:7a:c9:e1:ce:55:fc:85:36:1f:33:
         32:73:a7:ee:d4:47:a0:52:9f:56:b9:94:c2:cb:3a:da:a8:5e:
         93:ac:48:fe:ac:88:a7:d3:b7:8a:5e:e5:a1:d6:c4:8e:09:bd:
         1e:39:8c:1f:e6:7c:12:29:8f:95:6f:f6:5b:4d:34:6a:e2:8c:
         ad:d7:f1:9b:36:c6:56:47:b6:f4:0c:ba:50:b6:6e:77:e7:c7:
         30:31:74:82:99:6b:a1:f4:c7:06:93:31:37:53:be:0d:14:8a:
         8b:3c:8b:50:4a:c7:ce:79:6b:e4:a7:ba:52:48:eb:48:35:50:
         d2:e8:dd:65:dc:37:75:ec:39:d5:69:57:67:3e:bb:b6:a6:a9:
         fe:d0:b7:7c:7d:da:7c:cb:9b:f8:fd:f6:2e:22:dd:92:54:e2:
         b8:04:54:3f:6f:e8:9e:0b:35:a3:b8:58:9b:3f:14:da:ba:5a:
         52:01:b5:da:6d:b3:c7:f9:a3:64:8f:20:50:13:73:a2:6d:f3:
         7e:1a:b9:a6:26:84:27:e9:f2:22:c2:d7:5d:8f:cc:ad:27:75:
         a2:b5:d2:bf:e0:53:7f:41:9a:aa:cc:82:8f:e5:d3:5b:5e:fb:
         5e:39:cb:a2:f5:f9:47:5f:20:48:ce:1c:d5:9e:d8:9a:cc:73:
         65:8a:b2:0a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULekS9riMQopGbajzvQqQSO5cRgowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDEwMzEwODM4MjZaFw0yNTEwMzAwODQzMjZaMDMxMTAvBgNV
BAMTKDNEMjEyRkQ1MzUxNzU4NUI3MTBGMTc5Njk2QzZFOENFNDA4NDA3RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPgJ16shebPmBPGNnX38X96vkG
v/SrET9dNHDdJgkrpoNUA2i83um44MykPr+wnIrPc/4uip5WpCHjT1xMUFd2rNYI
374ON/dkgILfFXSP4R7cXjJsixCaxTWxNjU8nBFBIHxyobZuYXvQPxht+iN6j9DH
7agAHh3TqIMqGn6/1R7l5iL9WXANXpuXiCrmJYJVKofg2DzlhOrD4IND4UdUJcNY
fFhakIfYVBsApU599gMY6S2P2GDf2zr/ZlXq5g5nLOulnX2ZXNrHkU8M6A0gOWnP
TIonMRbZVdiRCxWQcVyPbFO5r4v2jujRETcYWnWIc4qAWN2Hkpqa6yeVyz9TAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUPSEv1TUXWFtxDxeWlsbozkCEB9gwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwY9MA0G
CSqGSIb3DQEBCwUAA4IBAQClpvzhITOzi3rJ4c5V/IU2HzMyc6fu1EegUp9WuZTC
yzraqF6TrEj+rIin07eKXuWh1sSOCb0eOYwf5nwSKY+Vb/ZbTTRq4oyt1/GbNsZW
R7b0DLpQtm5358cwMXSCmWuh9McGkzE3U74NFIqLPItQSsfOeWvkp7pSSOtINVDS
6N1l3Dd17DnVaVdnPru2pqn+0Ld8fdp8y5v4/fYuIt2SVOK4BFQ/b+ieCzWjuFib
PxTaulpSAbXabbPH+aNkjyBQE3OibfN+GrmmJoQn6fIiwtddj8ytJ3WitdK/4FN/
QZqqzIKP5dNbXvteOcui9flHXyBIzhzVntiazHNlirIK
-----END CERTIFICATE-----