Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36332e302f32342d3234203d3e20383334.roa
File:                     33312e362e36332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          QvjMZpUvjBpjSoXWj9GPRqEoZjEKTga6UWI59SRncS0=
Subject key identifier:   1C:0C:05:18:CB:D5:1F:E7:CD:5D:1F:04:A8:FA:DF:79:C5:5D:72:D3
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       3A26A8970A46C5835D1E1C37842606FC677ACB2F
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36332e302f32342d3234203d3e20383334.roa
Signing time:             Mon 18 Nov 2024 09:40:50 +0000
ROA not before:           Mon 18 Nov 2024 09:35:50 +0000
ROA not after:            Mon 17 Nov 2025 09:40:50 +0000
asID:                     834
IP address blocks:        31.6.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:26:a8:97:0a:46:c5:83:5d:1e:1c:37:84:26:06:fc:67:7a:cb:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 18 09:35:50 2024 GMT
            Not After : Nov 17 09:40:50 2025 GMT
        Subject: CN=1C0C0518CBD51FE7CD5D1F04A8FADF79C55D72D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:49:4f:f7:8e:58:d1:21:b7:f0:85:b8:30:42:
                    8e:76:9d:f4:39:e4:81:4b:dc:35:e3:22:d8:e9:6a:
                    7e:24:03:b3:56:72:31:c8:8d:92:d4:e6:f9:53:33:
                    6a:a1:ee:1c:61:e0:9e:4f:fe:c4:50:c0:fc:b7:b4:
                    a6:56:14:78:34:51:4a:b4:3d:03:16:96:cc:de:82:
                    ca:f3:79:5b:8b:cc:bf:89:2c:51:4b:c9:22:97:dc:
                    47:5d:6d:55:96:c6:97:6a:88:51:31:76:db:d2:b5:
                    3d:be:be:d0:39:12:92:96:e3:e5:b9:08:de:bc:a4:
                    e4:53:bf:96:00:70:9f:1a:d1:fd:62:b2:73:cc:af:
                    73:00:92:48:41:4b:a7:89:e1:70:47:d7:ca:07:fb:
                    72:36:7a:e1:38:4f:88:a2:d1:3f:6e:cc:5d:3f:04:
                    a3:e6:bd:42:c7:27:9d:4a:dd:3d:3d:09:00:dc:40:
                    98:20:c7:13:41:c0:53:82:ff:85:a6:41:4c:af:71:
                    1c:f6:93:0a:69:ab:d6:f4:4e:c4:ee:ba:55:7c:a1:
                    67:d4:b4:6e:fd:55:01:6c:fa:70:06:5a:1a:b7:5c:
                    66:c6:49:42:d7:f9:59:a4:9a:5b:0b:ba:66:b1:b2:
                    60:ed:60:69:09:10:df:4a:81:33:a4:a3:e0:90:d2:
                    cc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:0C:05:18:CB:D5:1F:E7:CD:5D:1F:04:A8:FA:DF:79:C5:5D:72:D3
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:06:65:a8:a3:2f:9a:39:10:48:5f:69:1b:1c:c7:37:eb:de:
         62:0b:dc:d9:9c:09:df:16:72:22:73:3b:f8:ef:6a:20:80:79:
         ae:97:55:d4:2c:d2:63:bf:6a:e9:d0:84:56:1c:ac:8e:97:d5:
         36:14:7a:17:ec:00:6f:52:00:81:ab:4e:b1:7e:4c:0e:d7:3e:
         1d:e3:9d:11:dd:c1:8c:49:6f:0c:cb:fb:ee:05:75:4e:8b:3c:
         b9:07:a1:d2:4b:01:59:81:91:0e:cb:3a:d0:0c:a2:c8:1c:c3:
         c7:d4:0a:4a:46:79:60:c8:e3:ef:34:f9:58:0b:2f:2b:0b:7c:
         38:24:b9:fa:2d:71:36:5b:82:00:a6:78:f8:ea:c6:25:f2:94:
         c3:5c:7c:1c:68:2d:d2:81:42:07:a7:0d:f3:1d:61:f4:f6:9d:
         9a:f6:f9:24:37:96:32:f9:7d:e3:6f:18:12:47:bb:62:78:4e:
         31:f4:20:de:75:b8:7f:e3:21:34:34:29:3b:6b:90:d7:c9:ff:
         fc:60:ba:b9:87:d9:de:83:14:61:00:8f:d6:63:9d:18:b9:00:
         0a:8f:7c:a2:8a:0d:3e:9f:e7:2d:a7:90:04:74:98:64:c4:4e:
         e3:47:a9:47:f0:fc:7b:46:25:c2:01:1a:54:3b:ad:23:2f:6e:
         a1:60:29:3c
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUOiaolwpGxYNdHhw3hCYG/Gd6yy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDExMTgwOTM1NTBaFw0yNTExMTcwOTQwNTBaMDMxMTAvBgNV
BAMTKDFDMEMwNTE4Q0JENTFGRTdDRDVEMUYwNEE4RkFERjc5QzU1RDcyRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSSU/3jljRIbfwhbgwQo52nfQ5
5IFL3DXjItjpan4kA7NWcjHIjZLU5vlTM2qh7hxh4J5P/sRQwPy3tKZWFHg0UUq0
PQMWlszegsrzeVuLzL+JLFFLySKX3EddbVWWxpdqiFExdtvStT2+vtA5EpKW4+W5
CN68pORTv5YAcJ8a0f1isnPMr3MAkkhBS6eJ4XBH18oH+3I2euE4T4ii0T9uzF0/
BKPmvULHJ51K3T09CQDcQJggxxNBwFOC/4WmQUyvcRz2kwppq9b0TsTuulV8oWfU
tG79VQFs+nAGWhq3XGbGSULX+VmkmlsLumaxsmDtYGkJEN9KgTOko+CQ0szRAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUHAwFGMvVH+fNXR8EqPrfecVdctMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBj8wDQYJKoZI
hvcNAQELBQADggEBAJcGZaijL5o5EEhfaRscxzfr3mIL3NmcCd8WciJzO/jvaiCA
ea6XVdQs0mO/aunQhFYcrI6X1TYUehfsAG9SAIGrTrF+TA7XPh3jnRHdwYxJbwzL
++4FdU6LPLkHodJLAVmBkQ7LOtAMosgcw8fUCkpGeWDI4+80+VgLLysLfDgkufot
cTZbggCmePjqxiXylMNcfBxoLdKBQgenDfMdYfT2nZr2+SQ3ljL5feNvGBJHu2J4
TjH0IN51uH/jITQ0KTtrkNfJ//xgurmH2d6DFGEAj9ZjnRi5AAqPfKKKDT6f5y2n
kAR0mGTETuNHqUfw/HtGJcIBGlQ7rSMvbqFgKTw=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:13 2024 by rpki-client on console-fra.rpki-client.org