Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e203232333633.roa
File:                     33312e362e372e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          rUeY9G9GqTL2ysuKNoSvSe6AUTJDxK2oMeHsVmsvXxw=
Subject key identifier:   2F:67:88:EA:D6:20:B5:F2:90:C7:B2:09:7F:4A:04:1D:38:27:C7:1F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       25AA7417A47F44979EEF646FD82C7BD7D92451C0
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:21:59 +0000
ROA not before:           Mon 02 Oct 2023 05:16:59 +0000
ROA not after:            Mon 30 Sep 2024 05:21:59 +0000
asID:                     22363
IP address blocks:        31.6.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:aa:74:17:a4:7f:44:97:9e:ef:64:6f:d8:2c:7b:d7:d9:24:51:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:16:59 2023 GMT
            Not After : Sep 30 05:21:59 2024 GMT
        Subject: CN=2F6788EAD620B5F290C7B2097F4A041D3827C71F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4b:c2:0c:e0:a1:ae:28:75:d4:b8:dd:c4:7f:
                    70:7e:68:c5:45:c6:1a:67:90:f4:ac:43:a4:28:f2:
                    f9:ca:bb:7f:55:ba:2e:68:cf:69:c8:07:9d:ac:15:
                    5a:b4:90:8f:34:df:3d:7f:f1:8d:c0:e0:9e:b2:a8:
                    77:8f:9a:cb:77:aa:4c:d0:02:35:f9:bd:9e:85:77:
                    36:0e:24:ad:71:e3:a3:af:a1:50:37:71:b7:a2:08:
                    be:02:d1:4c:bd:54:b7:f3:8c:e0:d9:90:68:ee:bd:
                    6f:cd:a7:2c:59:3e:1e:7b:34:19:52:99:c2:6c:9d:
                    8d:ea:f9:24:b0:34:65:7f:26:eb:ad:3e:60:ca:00:
                    ec:1a:33:c6:8f:f6:7b:ff:6a:d3:b9:2e:7e:f5:39:
                    8c:ab:b1:99:57:95:72:c2:ad:0f:f7:1d:ae:3a:13:
                    a4:f0:43:de:90:31:2f:67:a8:be:7f:9c:ab:cf:4b:
                    68:ea:44:72:72:7e:45:49:09:79:66:67:ef:c5:0a:
                    49:27:ba:8c:13:6c:97:cd:d9:8a:9f:ab:34:1a:86:
                    aa:cb:c3:e9:d3:67:94:ff:fa:ff:b7:81:b0:57:f4:
                    ca:4f:44:5e:38:10:d4:32:8b:d4:4a:7a:8f:c2:c3:
                    6d:5b:72:e3:47:1e:3a:b8:31:d0:c5:76:9e:6d:36:
                    32:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:67:88:EA:D6:20:B5:F2:90:C7:B2:09:7F:4A:04:1D:38:27:C7:1F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:84:ce:6f:73:58:a7:64:e8:25:61:1a:a3:7d:07:ef:bd:d4:
         55:6e:69:ed:98:35:46:45:95:9e:19:e9:8c:e6:53:a4:26:c6:
         a9:23:ab:5c:84:27:f7:12:2b:f0:6c:f4:04:5b:65:74:d3:2f:
         6f:81:29:19:f8:a2:58:07:26:35:1b:ec:f2:eb:b8:37:6f:41:
         fa:e8:3e:6c:fb:c5:09:4b:c3:eb:03:13:70:44:33:ba:96:ad:
         c8:27:fb:6b:86:dc:74:16:1f:17:97:07:e4:ed:30:4f:2b:9d:
         ae:8c:02:08:ef:70:b6:b9:38:87:6f:ff:ab:2d:df:1e:a5:3b:
         b3:37:d0:dd:b6:1e:1c:9c:e8:c2:ad:58:5a:3c:c5:ba:0a:37:
         85:e4:52:22:8a:be:85:4d:c2:17:c5:85:4e:06:e4:4b:81:66:
         5a:f4:b7:76:23:be:4f:97:29:3f:52:20:78:2e:7c:e0:f4:a3:
         62:c5:d3:a4:3b:ec:01:51:30:10:3e:b7:bc:e6:a3:ae:6b:4d:
         78:ca:5c:2c:39:e0:c5:ec:67:be:d8:b7:82:c7:aa:70:9f:1b:
         02:2c:53:8e:f0:ee:4b:21:77:e1:9e:4c:fa:8f:b2:40:e8:e3:
         ca:4c:9f:a5:69:db:cf:31:23:2d:5c:5f:c4:2a:c7:aa:35:97:
         b7:4f:99:83
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUJap0F6R/RJee72Rv2Cx719kkUcAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE2NTlaFw0yNDA5MzAwNTIxNTlaMDMxMTAvBgNV
BAMTKDJGNjc4OEVBRDYyMEI1RjI5MEM3QjIwOTdGNEEwNDFEMzgyN0M3MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnS8IM4KGuKHXUuN3Ef3B+aMVF
xhpnkPSsQ6Qo8vnKu39Vui5oz2nIB52sFVq0kI803z1/8Y3A4J6yqHePmst3qkzQ
AjX5vZ6FdzYOJK1x46OvoVA3cbeiCL4C0Uy9VLfzjODZkGjuvW/NpyxZPh57NBlS
mcJsnY3q+SSwNGV/JuutPmDKAOwaM8aP9nv/atO5Ln71OYyrsZlXlXLCrQ/3Ha46
E6TwQ96QMS9nqL5/nKvPS2jqRHJyfkVJCXlmZ+/FCkknuowTbJfN2YqfqzQahqrL
w+nTZ5T/+v+3gbBX9MpPRF44ENQyi9RKeo/Cw21bcuNHHjq4MdDFdp5tNjLnAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUL2eI6tYgtfKQx7IJf0oEHTgnxx8wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM3MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GBzANBgkq
hkiG9w0BAQsFAAOCAQEAFYTOb3NYp2ToJWEao30H773UVW5p7Zg1RkWVnhnpjOZT
pCbGqSOrXIQn9xIr8Gz0BFtldNMvb4EpGfiiWAcmNRvs8uu4N29B+ug+bPvFCUvD
6wMTcEQzupatyCf7a4bcdBYfF5cH5O0wTyudrowCCO9wtrk4h2//qy3fHqU7szfQ
3bYeHJzowq1YWjzFugo3heRSIoq+hU3CF8WFTgbkS4FmWvS3diO+T5cpP1IgeC58
4PSjYsXTpDvsAVEwED63vOajrmtNeMpcLDngxexnvti3gseqcJ8bAixTjvDuSyF3
4Z5M+o+yQOjjykyfpWnbzzEjLVxfxCrHqjWXt0+Zgw==
-----END CERTIFICATE-----