Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36332e302f32342d3234203d3e20313430363431.roa
File:                     33312e362e36332e302f32342d3234203d3e20313430363431.roa (raw, json)
Hash identifier:          2Z6mN8+WQndrcHmFtoVFqGqgKGMBPkzoNuFympDS0sU=
Subject key identifier:   5E:56:A4:79:7A:DF:CD:3C:E8:20:C5:6A:5D:85:EF:25:B7:97:D5:7B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       2302B2E65C23B9F1FC8EB1F242B53BE14CB2B848
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36332e302f32342d3234203d3e20313430363431.roa
Signing time:             Tue 07 Jan 2025 13:28:41 +0000
ROA not before:           Tue 07 Jan 2025 13:23:41 +0000
ROA not after:            Tue 06 Jan 2026 13:28:41 +0000
asID:                     140641
IP address blocks:        31.6.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:02:b2:e6:5c:23:b9:f1:fc:8e:b1:f2:42:b5:3b:e1:4c:b2:b8:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jan  7 13:23:41 2025 GMT
            Not After : Jan  6 13:28:41 2026 GMT
        Subject: CN=5E56A4797ADFCD3CE820C56A5D85EF25B797D57B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4a:ee:9b:ad:d6:c4:92:e7:91:c5:9d:5f:cf:
                    97:29:ca:dc:8c:8b:21:d9:56:29:b7:58:86:b3:16:
                    06:48:bd:14:98:ff:50:29:4a:f3:83:f0:54:3a:73:
                    dd:ce:ff:a2:4d:ba:bc:18:dc:75:48:79:f4:ef:13:
                    9c:f9:a0:90:c3:2e:ac:c0:a0:fc:22:7a:0c:73:72:
                    7b:f8:18:77:6a:11:de:07:ed:59:5d:cb:de:80:27:
                    ee:c2:6b:6d:b1:84:6d:e1:80:0c:02:95:3a:75:0a:
                    8d:92:d0:08:8d:58:18:e6:5d:6a:b0:1f:a4:23:78:
                    7d:92:67:40:13:95:b2:38:59:a1:00:1c:f7:ce:02:
                    6d:d0:e8:b8:ec:05:07:9d:fe:38:e6:4e:1a:1b:7a:
                    59:7e:b4:42:79:92:4d:7f:be:a2:9e:d6:8c:74:bf:
                    07:0a:43:c9:a8:12:25:64:7e:14:cc:60:d1:66:f1:
                    35:e9:8c:f4:6a:90:ca:14:b0:35:3b:88:34:9b:81:
                    75:75:ff:2a:79:bf:66:99:17:99:88:d1:9c:1f:e2:
                    7a:ea:04:c9:f2:fd:c7:a3:17:b6:a2:a1:3e:ff:8c:
                    98:8a:f1:d4:62:42:31:75:7f:af:15:9a:60:f6:d7:
                    58:1c:0d:5a:c9:f3:4a:7d:12:6a:b5:b7:24:73:21:
                    36:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:56:A4:79:7A:DF:CD:3C:E8:20:C5:6A:5D:85:EF:25:B7:97:D5:7B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36332e302f32342d3234203d3e20313430363431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:fb:4f:ed:2a:7a:10:e6:1d:1d:cf:1d:9e:28:d1:6d:4c:b3:
         36:59:7b:58:fb:45:7d:70:0d:87:a7:08:a9:a2:15:b1:97:4e:
         13:8a:bc:18:ee:7a:b7:30:2f:9e:b9:58:09:b6:85:b0:3e:36:
         7b:80:ec:db:1d:ed:ea:a8:bd:99:df:93:c9:71:8d:4b:6a:95:
         e1:42:ee:f6:d5:ca:93:13:06:2b:67:e9:77:b8:8a:c4:fe:7a:
         63:d8:91:d4:f9:44:7d:ef:64:60:a6:46:dd:61:21:1f:2c:59:
         4e:d9:38:fc:23:89:dc:3f:c5:3b:3c:0f:28:5e:40:8b:0e:ba:
         1d:47:81:e3:27:6c:7a:4d:07:3a:26:fe:f6:82:6d:bb:99:69:
         23:0e:ca:0b:08:f7:46:ba:ee:01:60:a5:15:85:cd:8f:6a:3c:
         ec:c0:97:f1:2d:6d:ed:29:08:c0:fd:54:5c:a7:d3:67:b5:db:
         45:59:cd:c5:b1:c2:d5:e0:fc:63:af:aa:48:a5:67:79:f4:4e:
         3e:ee:28:04:cb:d3:c9:9b:e3:f6:e5:c0:82:f5:06:54:c5:f7:
         97:3a:b9:54:e0:cd:98:43:8f:1a:dc:03:fb:04:6a:73:05:30:
         98:bf:93:bd:77:21:b6:85:42:6e:16:af:f4:86:ca:72:95:3d:
         84:02:a4:d3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIwKy5lwjufH8jrHyQrU74UyyuEgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTAxMDcxMzIzNDFaFw0yNjAxMDYxMzI4NDFaMDMxMTAvBgNV
BAMTKDVFNTZBNDc5N0FERkNEM0NFODIwQzU2QTVEODVFRjI1Qjc5N0Q1N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMSu6brdbEkueRxZ1fz5cpytyM
iyHZVim3WIazFgZIvRSY/1ApSvOD8FQ6c93O/6JNurwY3HVIefTvE5z5oJDDLqzA
oPwiegxzcnv4GHdqEd4H7Vldy96AJ+7Ca22xhG3hgAwClTp1Co2S0AiNWBjmXWqw
H6QjeH2SZ0ATlbI4WaEAHPfOAm3Q6LjsBQed/jjmThobell+tEJ5kk1/vqKe1ox0
vwcKQ8moEiVkfhTMYNFm8TXpjPRqkMoUsDU7iDSbgXV1/yp5v2aZF5mI0Zwf4nrq
BMny/cejF7aioT7/jJiK8dRiQjF1f68VmmD211gcDVrJ80p9Emq1tyRzITYlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUXlakeXrfzTzoIMVqXYXvJbeX1XswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzAzNjM0MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBj8w
DQYJKoZIhvcNAQELBQADggEBACv7T+0qehDmHR3PHZ4o0W1MszZZe1j7RX1wDYen
CKmiFbGXThOKvBjuercwL565WAm2hbA+NnuA7Nsd7eqovZnfk8lxjUtqleFC7vbV
ypMTBitn6Xe4isT+emPYkdT5RH3vZGCmRt1hIR8sWU7ZOPwjidw/xTs8DyheQIsO
uh1HgeMnbHpNBzom/vaCbbuZaSMOygsI90a67gFgpRWFzY9qPOzAl/Etbe0pCMD9
VFyn02e120VZzcWxwtXg/GOvqkilZ3n0Tj7uKATL08mb4/blwIL1BlTF95c6uVTg
zZhDjxrcA/sEanMFMJi/k713IbaFQm4Wr/SGynKVPYQCpNM=
-----END CERTIFICATE-----