Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e203232333633.roa
File:                     33312e362e372e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          EBc39u4yol5ian0+eEx5lwy/YeKwG6aK4Wj8CPu7qWA=
Subject key identifier:   08:27:F7:AF:D4:90:3C:79:0F:2D:04:28:C7:63:0D:CA:AF:A6:5C:FC
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4C985B575CF3763941921B932C460ADC1CB59760
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Sep 2024 06:05:20 +0000
ROA not before:           Mon 02 Sep 2024 06:00:20 +0000
ROA not after:            Mon 01 Sep 2025 06:05:20 +0000
asID:                     22363
IP address blocks:        31.6.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:98:5b:57:5c:f3:76:39:41:92:1b:93:2c:46:0a:dc:1c:b5:97:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Sep  2 06:00:20 2024 GMT
            Not After : Sep  1 06:05:20 2025 GMT
        Subject: CN=0827F7AFD4903C790F2D0428C7630DCAAFA65CFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7c:71:de:1c:28:17:29:4c:41:54:5c:f3:0b:
                    eb:f2:6d:47:f4:6e:89:37:52:38:ef:9a:eb:12:69:
                    3c:c5:f7:48:de:16:27:c6:c6:8f:45:e3:fb:af:da:
                    92:40:ad:e3:29:7b:9c:af:6f:a4:37:37:b6:0c:b0:
                    ef:2d:de:21:ba:9b:4b:9d:c2:92:17:1e:7c:db:7a:
                    1f:a8:c7:17:78:92:be:5d:56:0c:96:37:90:99:fd:
                    e7:c6:89:1a:da:1b:22:81:5b:48:b2:45:bf:c5:21:
                    10:05:4f:dd:4b:c3:fc:c0:4f:a8:dc:da:fa:2c:3a:
                    42:77:ae:d0:bf:e0:6d:68:2c:cb:87:ba:f5:8f:c9:
                    21:f3:f6:55:7b:96:56:65:87:7b:ee:33:dd:a3:3b:
                    7c:bc:ea:84:b9:f7:ec:53:df:00:cf:b2:13:d4:78:
                    c7:f3:da:33:26:d1:c7:db:9b:25:0a:73:00:6c:6e:
                    d8:31:bc:a1:6d:26:b8:a4:7a:20:86:fa:24:77:ef:
                    c9:86:b6:d5:66:4d:0b:ea:d3:a8:9a:66:de:89:49:
                    c5:90:93:96:40:23:17:5e:03:b1:52:5b:09:c6:ee:
                    36:d2:67:7c:dc:0f:44:a4:d8:02:fb:a2:93:7b:ae:
                    ee:4b:42:26:c2:69:c2:ae:9b:e9:4c:6d:13:6a:c2:
                    e9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:27:F7:AF:D4:90:3C:79:0F:2D:04:28:C7:63:0D:CA:AF:A6:5C:FC
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f1:7d:26:bf:47:57:5b:5c:d4:7a:4d:74:2f:cf:75:a6:46:
         21:43:44:92:4e:c6:59:f4:50:a1:c7:4b:e4:69:a4:7b:a2:97:
         ae:fd:98:14:d0:ee:63:21:45:b3:84:8a:55:60:3a:47:7e:d2:
         5e:14:28:d8:1c:b5:38:2e:ee:6e:e1:82:b5:f4:20:f7:e1:59:
         e5:55:fa:c8:7c:66:f8:69:ed:7e:86:9b:87:a2:11:53:1d:c8:
         97:16:24:d1:c6:34:ed:5a:7c:e6:82:c1:cc:b2:a6:23:02:5c:
         40:f7:1e:7b:61:ff:9b:a2:88:93:64:51:b5:8a:3c:88:40:bf:
         40:05:2c:9c:3d:92:cd:80:b9:83:d6:0c:56:bb:83:ef:5d:be:
         5b:12:8b:62:18:f7:58:05:57:26:41:74:f8:72:2f:a1:ec:43:
         7c:6f:2b:f4:9b:ac:a3:6b:ed:ca:17:e4:5f:77:7d:fc:f4:be:
         81:45:42:35:f7:95:b9:97:c6:98:4b:4e:7b:af:bc:94:94:15:
         a0:fc:0d:07:40:6c:a5:7b:5c:36:9d:3b:c8:1c:36:98:b2:53:
         a3:35:98:35:3b:9d:85:c6:28:9a:8d:84:dd:ab:9a:0f:86:39:
         17:11:a3:9c:06:23:8b:49:6d:ba:78:1d:1a:64:03:50:7f:a2:
         a8:d1:3a:c7
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUTJhbV1zzdjlBkhuTLEYK3By1l2AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA5MDIwNjAwMjBaFw0yNTA5MDEwNjA1MjBaMDMxMTAvBgNV
BAMTKDA4MjdGN0FGRDQ5MDNDNzkwRjJEMDQyOEM3NjMwRENBQUZBNjVDRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFfHHeHCgXKUxBVFzzC+vybUf0
bok3UjjvmusSaTzF90jeFifGxo9F4/uv2pJAreMpe5yvb6Q3N7YMsO8t3iG6m0ud
wpIXHnzbeh+oxxd4kr5dVgyWN5CZ/efGiRraGyKBW0iyRb/FIRAFT91Lw/zAT6jc
2vosOkJ3rtC/4G1oLMuHuvWPySHz9lV7llZlh3vuM92jO3y86oS59+xT3wDPshPU
eMfz2jMm0cfbmyUKcwBsbtgxvKFtJrikeiCG+iR378mGttVmTQvq06iaZt6JScWQ
k5ZAIxdeA7FSWwnG7jbSZ3zcD0Sk2AL7opN7ru5LQibCacKum+lMbRNqwulTAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUCCf3r9SQPHkPLQQox2MNyq+mXPwwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM3MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GBzANBgkq
hkiG9w0BAQsFAAOCAQEAkPF9Jr9HV1tc1HpNdC/PdaZGIUNEkk7GWfRQocdL5Gmk
e6KXrv2YFNDuYyFFs4SKVWA6R37SXhQo2By1OC7ubuGCtfQg9+FZ5VX6yHxm+Gnt
foabh6IRUx3IlxYk0cY07Vp85oLBzLKmIwJcQPcee2H/m6KIk2RRtYo8iEC/QAUs
nD2SzYC5g9YMVruD712+WxKLYhj3WAVXJkF0+HIvoexDfG8r9Juso2vtyhfkX3d9
/PS+gUVCNfeVuZfGmEtOe6+8lJQVoPwNB0BspXtcNp07yBw2mLJTozWYNTudhcYo
mo2E3auaD4Y5FxGjnAYji0ltungdGmQDUH+iqNE6xw==
-----END CERTIFICATE-----