Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20383334.roa
File:                     33312e362e34362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Ccw9V+gAw/nPi6CMNtjmaPVH5kuQB/zgHqvEb5aaiwo=
Subject key identifier:   DE:59:6C:12:F3:C6:D3:2F:BE:B3:6D:F2:98:F3:1D:61:75:7B:CD:44
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       5465AF1708BAB9F101873C28BE4E54C9CA44763B
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20383334.roa
Signing time:             Tue 06 May 2025 00:02:38 +0000
ROA not before:           Mon 05 May 2025 23:57:38 +0000
ROA not after:            Tue 05 May 2026 00:02:38 +0000
asID:                     834
IP address blocks:        31.6.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 05:13:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:65:af:17:08:ba:b9:f1:01:87:3c:28:be:4e:54:c9:ca:44:76:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May  5 23:57:38 2025 GMT
            Not After : May  5 00:02:38 2026 GMT
        Subject: CN=DE596C12F3C6D32FBEB36DF298F31D61757BCD44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:31:9f:b9:c3:45:c9:2a:04:87:2e:35:7c:16:
                    10:ea:35:ac:bc:b4:2c:13:60:e2:39:51:0a:0c:6a:
                    d3:2c:16:de:30:72:45:5e:78:1e:16:a0:9e:2d:88:
                    4b:5e:a2:b4:cb:cc:5a:8c:44:d3:2a:ef:69:bf:95:
                    1a:6a:64:72:a0:49:46:5a:9c:4b:d3:26:63:8a:bf:
                    39:50:1f:ea:8c:a1:ea:9b:0b:f4:03:34:5a:63:27:
                    2b:2c:5c:9e:18:09:f1:29:fd:e1:e2:a3:79:f1:9d:
                    b1:2e:98:ae:10:97:16:ca:15:89:24:cb:9e:4d:b6:
                    ca:3d:72:fe:48:eb:9d:63:a4:41:1b:95:86:80:0f:
                    02:08:5b:9d:09:72:f7:aa:fb:52:76:29:21:43:b7:
                    3d:b6:03:e0:f8:d1:94:d0:a0:e2:32:95:18:c5:3f:
                    61:74:54:dd:9e:81:d4:56:23:ac:1a:20:7d:fb:f7:
                    b2:f2:63:76:27:da:fe:9e:0d:2f:5f:db:99:9d:76:
                    8d:04:57:2b:af:1e:6c:5f:1f:00:24:c1:26:55:d6:
                    1b:15:ed:fa:59:b1:c5:44:7f:ad:33:d0:90:c3:24:
                    e9:77:bf:82:fe:84:d2:99:e1:a8:43:73:00:e2:13:
                    83:11:c4:c8:bb:44:ce:55:a7:fe:a7:d0:34:36:cb:
                    ba:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:59:6C:12:F3:C6:D3:2F:BE:B3:6D:F2:98:F3:1D:61:75:7B:CD:44
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:6d:44:2e:38:77:84:97:c6:d2:99:44:0d:08:40:e3:ab:e0:
         23:74:95:6a:df:dd:da:eb:ab:11:3c:a8:39:6f:c4:9e:8e:c8:
         87:49:bf:29:5b:0c:07:56:e3:86:07:04:fc:d4:c1:57:66:5c:
         ef:74:60:1f:c8:0c:7a:fd:3a:c9:80:5f:04:d8:20:75:f5:78:
         c8:bd:ca:dc:a8:ed:8d:5c:5f:8b:c9:c9:78:ea:4d:48:c6:15:
         7b:42:f0:e9:a6:fa:6e:b5:8d:76:83:c0:dc:d5:bc:97:d5:8f:
         1d:ed:28:1f:b7:fe:39:fc:15:2f:3e:74:71:1f:28:dd:f6:0c:
         6e:be:78:e3:60:8d:21:08:72:c1:91:24:4e:61:ab:bf:96:f0:
         28:1b:f7:9e:0f:5c:ec:3f:f0:1d:03:81:42:b6:0c:c3:d3:b3:
         49:b2:e4:d3:aa:d2:d7:c4:2d:de:96:e2:ba:3f:16:86:ce:14:
         df:c7:01:0c:13:0d:4f:68:58:b8:e3:de:87:25:15:c0:1b:65:
         96:4b:55:32:1d:84:27:0b:cb:f8:18:32:35:cb:42:d8:4d:8f:
         a2:3d:45:c2:58:83:ce:0b:fd:05:e3:1c:0d:c6:56:a0:4a:cf:
         ac:c1:69:e5:00:e4:c7:a0:33:b2:7c:ae:ff:55:25:62:8b:92:
         39:77:c7:0b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUVGWvFwi6ufEBhzwovk5UycpEdjswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA1MDUyMzU3MzhaFw0yNjA1MDUwMDAyMzhaMDMxMTAvBgNV
BAMTKERFNTk2QzEyRjNDNkQzMkZCRUIzNkRGMjk4RjMxRDYxNzU3QkNENDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRMZ+5w0XJKgSHLjV8FhDqNay8
tCwTYOI5UQoMatMsFt4wckVeeB4WoJ4tiEteorTLzFqMRNMq72m/lRpqZHKgSUZa
nEvTJmOKvzlQH+qMoeqbC/QDNFpjJyssXJ4YCfEp/eHio3nxnbEumK4QlxbKFYkk
y55Ntso9cv5I651jpEEblYaADwIIW50Jcveq+1J2KSFDtz22A+D40ZTQoOIylRjF
P2F0VN2egdRWI6waIH3797LyY3Yn2v6eDS9f25mddo0EVyuvHmxfHwAkwSZV1hsV
7fpZscVEf60z0JDDJOl3v4L+hNKZ4ahDcwDiE4MRxMi7RM5Vp/6n0DQ2y7rNAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQU3llsEvPG0y++s23ymPMdYXV7zUQwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi4wDQYJKoZI
hvcNAQELBQADggEBAGxtRC44d4SXxtKZRA0IQOOr4CN0lWrf3drrqxE8qDlvxJ6O
yIdJvylbDAdW44YHBPzUwVdmXO90YB/IDHr9OsmAXwTYIHX1eMi9ytyo7Y1cX4vJ
yXjqTUjGFXtC8Omm+m61jXaDwNzVvJfVjx3tKB+3/jn8FS8+dHEfKN32DG6+eONg
jSEIcsGRJE5hq7+W8Cgb954PXOw/8B0DgUK2DMPTs0my5NOq0tfELd6W4ro/FobO
FN/HAQwTDU9oWLjj3oclFcAbZZZLVTIdhCcLy/gYMjXLQthNj6I9RcJYg84L/QXj
HA3GVqBKz6zBaeUA5MegM7J8rv9VJWKLkjl3xws=
-----END CERTIFICATE-----