Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31352e302f32342d3234203d3e20313937363036.roa
File:                     33312e362e31352e302f32342d3234203d3e20313937363036.roa (raw, json)
Hash identifier:          N8/n3ruKFIALjYpVQlVqo6LGsn8BMac9juIUL9il6Yk=
Subject key identifier:   93:96:68:C5:34:9B:6E:AF:CF:E7:CB:8B:04:27:42:85:3F:17:FC:9C
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4B2AE7ABA617B4E433A2C13785396E6A5293C5F1
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31352e302f32342d3234203d3e20313937363036.roa
Signing time:             Fri 25 Apr 2025 20:24:25 +0000
ROA not before:           Fri 25 Apr 2025 20:19:25 +0000
ROA not after:            Fri 24 Apr 2026 20:24:25 +0000
asID:                     197606
IP address blocks:        31.6.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 15:42:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:2a:e7:ab:a6:17:b4:e4:33:a2:c1:37:85:39:6e:6a:52:93:c5:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Apr 25 20:19:25 2025 GMT
            Not After : Apr 24 20:24:25 2026 GMT
        Subject: CN=939668C5349B6EAFCFE7CB8B042742853F17FC9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:2c:37:b8:93:e8:81:00:d1:8d:00:7f:8b:58:
                    df:c7:eb:e1:59:a5:a0:dc:05:09:7d:9f:9a:f4:0c:
                    05:ff:57:4f:9b:78:6c:c2:e1:45:8d:33:ba:4a:09:
                    f7:9f:da:98:09:fd:02:0d:91:1a:d5:e2:50:f1:61:
                    06:e6:49:4d:3e:14:19:23:10:98:81:8a:3d:51:b9:
                    dd:1d:31:44:a5:28:f4:cf:b2:bf:32:5a:cc:32:42:
                    0b:09:2c:5f:9c:c5:f6:5d:49:63:39:63:fc:a5:10:
                    be:f7:3c:1e:ae:e6:01:28:a2:e7:f0:09:86:3f:ef:
                    45:81:cf:25:59:eb:87:9f:94:2f:91:f5:00:c9:c1:
                    ff:7f:cd:14:c0:68:56:8a:2e:53:d1:38:70:e5:62:
                    79:1a:bc:23:fc:03:0d:fc:e0:68:2c:19:cc:d7:58:
                    6f:30:3d:40:6e:20:92:75:de:27:1a:22:95:2e:4d:
                    c7:ed:3c:56:cc:70:56:ff:20:d4:f4:82:61:b9:00:
                    2e:49:40:c0:fa:46:ae:3e:bd:c4:6d:3d:36:78:2b:
                    23:92:f9:0c:c7:88:b4:4a:66:49:1f:78:ec:e0:8b:
                    5a:8f:3a:dc:90:04:07:7e:f8:00:0e:49:9f:ce:32:
                    73:b1:ae:ec:fb:ab:a6:07:e1:e2:cb:06:d0:dd:02:
                    22:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:96:68:C5:34:9B:6E:AF:CF:E7:CB:8B:04:27:42:85:3F:17:FC:9C
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31352e302f32342d3234203d3e20313937363036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:2c:bf:2b:5e:1e:28:19:7f:e5:58:02:63:48:aa:8e:42:85:
         24:83:4d:e3:ec:fc:81:1c:fa:0e:44:19:19:f5:68:c6:f3:4b:
         bb:23:00:b4:0e:22:fe:17:e2:7e:05:42:ae:5d:bc:44:e5:8c:
         84:b8:c3:5f:27:dc:b6:4c:69:6c:63:8b:0e:be:fa:ba:ba:19:
         b4:52:61:28:69:13:f5:98:1a:8e:67:94:f9:c8:0b:68:11:68:
         7a:5b:3f:eb:0f:bf:2c:13:9d:ca:19:46:f4:e9:a3:bf:b5:5c:
         ba:b8:0f:dd:38:01:8d:fb:fa:e1:55:7e:78:3c:5c:fb:97:81:
         ea:f1:02:92:72:84:80:35:2c:82:b3:55:96:59:59:40:95:a0:
         c8:20:49:bd:20:74:03:54:e8:f4:a8:97:01:98:86:74:35:44:
         bb:db:e9:65:a5:eb:b7:a0:0c:6c:03:f4:85:f8:50:d3:5a:8f:
         c4:e9:ef:43:00:2e:1a:43:ec:e4:55:bf:79:d7:fd:21:ad:32:
         ae:c1:ed:fc:43:2a:b0:6e:30:e3:c9:25:30:3a:43:4d:19:47:
         cb:84:d9:0a:b5:a3:3a:bf:46:38:c5:40:6a:fd:62:8b:d2:32:
         53:db:77:97:23:a6:da:73:a4:07:a8:09:a3:5d:08:83:52:65:
         2c:e6:d1:ef
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSyrnq6YXtOQzosE3hTlualKTxfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA0MjUyMDE5MjVaFw0yNjA0MjQyMDI0MjVaMDMxMTAvBgNV
BAMTKDkzOTY2OEM1MzQ5QjZFQUZDRkU3Q0I4QjA0Mjc0Mjg1M0YxN0ZDOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLDe4k+iBANGNAH+LWN/H6+FZ
paDcBQl9n5r0DAX/V0+beGzC4UWNM7pKCfef2pgJ/QINkRrV4lDxYQbmSU0+FBkj
EJiBij1Rud0dMUSlKPTPsr8yWswyQgsJLF+cxfZdSWM5Y/ylEL73PB6u5gEooufw
CYY/70WBzyVZ64eflC+R9QDJwf9/zRTAaFaKLlPROHDlYnkavCP8Aw384GgsGczX
WG8wPUBuIJJ13icaIpUuTcftPFbMcFb/INT0gmG5AC5JQMD6Rq4+vcRtPTZ4KyOS
+QzHiLRKZkkfeOzgi1qPOtyQBAd++AAOSZ/OMnOxruz7q6YH4eLLBtDdAiINAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUk5ZoxTSbbq/P58uLBCdChT8X/JwwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM5MzczNjMwMzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBg8w
DQYJKoZIhvcNAQELBQADggEBAF8svyteHigZf+VYAmNIqo5ChSSDTePs/IEc+g5E
GRn1aMbzS7sjALQOIv4X4n4FQq5dvETljIS4w18n3LZMaWxjiw6++rq6GbRSYShp
E/WYGo5nlPnIC2gRaHpbP+sPvywTncoZRvTpo7+1XLq4D904AY37+uFVfng8XPuX
gerxApJyhIA1LIKzVZZZWUCVoMggSb0gdANU6PSolwGYhnQ1RLvb6WWl67egDGwD
9IX4UNNaj8Tp70MALhpD7ORVv3nX/SGtMq7B7fxDKrBuMOPJJTA6Q00ZR8uE2Qq1
ozq/RjjFQGr9YovSMlPbd5cjptpzpAeoCaNdCINSZSzm0e8=
-----END CERTIFICATE-----