Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa
File:                     33312e362e34352e302f32342d3234203d3e20323039303433.roa (raw, json)
Hash identifier:          GQSqF3bHLd9HPOQ8mDYhWD7Pm3dulAK08s3ddTUflGY=
Subject key identifier:   86:8F:49:24:F9:33:C6:83:A3:5A:0E:CF:65:F3:61:E7:C6:86:8F:58
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0D405FFF023623657643704C32F1E840A579FDBD
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa
Signing time:             Thu 17 Apr 2025 09:54:01 +0000
ROA not before:           Thu 17 Apr 2025 09:49:01 +0000
ROA not after:            Thu 16 Apr 2026 09:54:01 +0000
asID:                     209043
IP address blocks:        31.6.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:40:5f:ff:02:36:23:65:76:43:70:4c:32:f1:e8:40:a5:79:fd:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Apr 17 09:49:01 2025 GMT
            Not After : Apr 16 09:54:01 2026 GMT
        Subject: CN=868F4924F933C683A35A0ECF65F361E7C6868F58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ae:a7:67:e3:29:f9:d3:9f:b8:fe:e9:d1:01:
                    5d:00:22:eb:0e:80:89:74:32:cf:f3:9f:2a:70:20:
                    50:a4:e5:c2:4f:36:98:f3:ad:f0:71:d3:97:97:a9:
                    49:ce:e7:ba:88:83:6e:e8:8c:f0:99:38:cf:be:37:
                    54:8c:bd:b7:00:a4:78:34:9d:11:5e:ce:c7:f8:91:
                    39:64:58:0b:47:69:1b:3f:23:5e:3e:1e:8a:06:13:
                    09:04:3a:69:e0:c7:da:79:a2:e4:33:5b:5a:8a:ed:
                    0b:e8:69:fd:73:e4:ba:c0:d9:ee:e5:aa:ca:15:98:
                    ad:0b:a7:86:f4:2e:28:79:da:ee:68:18:ba:f5:7b:
                    46:94:34:a3:29:18:30:02:09:e1:d9:6d:37:94:db:
                    cf:9d:a1:49:c3:4f:ad:4c:11:55:a5:f1:8c:b4:10:
                    83:05:b1:2a:b7:a0:a0:71:23:7d:b5:d5:6e:59:db:
                    f9:d8:70:6d:34:81:d3:fb:6d:55:9e:a3:cf:31:8c:
                    13:3a:a3:ff:9b:4d:8f:c8:32:fd:02:5e:25:66:99:
                    8c:de:64:43:00:16:e8:07:8b:10:77:db:1d:a7:aa:
                    d9:0a:03:15:55:cc:bb:ee:2f:13:2e:50:a0:ad:8b:
                    42:b0:ff:68:4d:12:d5:9d:50:82:a0:3d:50:f5:4c:
                    7e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:8F:49:24:F9:33:C6:83:A3:5A:0E:CF:65:F3:61:E7:C6:86:8F:58
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:d2:58:7a:3e:49:f7:3a:a1:ed:74:f7:7a:4e:b0:d8:a3:1e:
         91:20:45:4c:e2:8d:3a:d8:f7:f5:64:d3:31:51:e2:29:51:23:
         78:b4:ea:cd:99:c7:24:79:4c:85:bd:9f:7f:31:e0:df:af:83:
         cd:99:34:21:44:ca:74:ee:8a:02:ba:d9:47:7b:c8:47:3d:f7:
         1e:d2:08:f1:b3:e1:08:af:4f:b7:3d:9d:41:2f:82:0e:8e:1d:
         65:86:31:b5:bd:fd:4f:38:d1:9e:5a:47:75:1b:c0:72:cc:a9:
         d0:c4:71:55:37:78:4a:9b:51:eb:a4:83:8c:9f:43:05:dc:7c:
         fe:c7:77:aa:d1:a0:f3:51:ec:a0:09:0c:1b:bb:e7:dd:e7:7f:
         08:93:14:10:00:37:a1:60:ab:a3:6d:d7:09:eb:8d:aa:07:1f:
         a5:fe:26:14:b7:0d:46:28:53:c3:93:0f:12:f9:ee:3f:24:b2:
         cb:b9:f2:7d:02:d9:68:66:6d:4f:63:bb:64:b7:0d:b6:db:57:
         4a:4e:19:97:76:58:47:16:06:d5:4d:46:ae:08:c2:96:c5:bd:
         27:5a:69:4e:3a:1e:01:e2:ea:6d:3a:2c:30:f0:c4:90:99:5f:
         d4:d4:38:85:4b:1e:2e:ae:04:d2:e2:2b:a6:6a:49:ed:c3:19:
         80:47:62:9b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDUBf/wI2I2V2Q3BMMvHoQKV5/b0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA0MTcwOTQ5MDFaFw0yNjA0MTYwOTU0MDFaMDMxMTAvBgNV
BAMTKDg2OEY0OTI0RjkzM0M2ODNBMzVBMEVDRjY1RjM2MUU3QzY4NjhGNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChrqdn4yn505+4/unRAV0AIusO
gIl0Ms/znypwIFCk5cJPNpjzrfBx05eXqUnO57qIg27ojPCZOM++N1SMvbcApHg0
nRFezsf4kTlkWAtHaRs/I14+HooGEwkEOmngx9p5ouQzW1qK7Qvoaf1z5LrA2e7l
qsoVmK0Lp4b0Lih52u5oGLr1e0aUNKMpGDACCeHZbTeU28+doUnDT61MEVWl8Yy0
EIMFsSq3oKBxI3211W5Z2/nYcG00gdP7bVWeo88xjBM6o/+bTY/IMv0CXiVmmYze
ZEMAFugHixB32x2nqtkKAxVVzLvuLxMuUKCti0Kw/2hNEtWdUIKgPVD1TH6fAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUho9JJPkzxoOjWg7PZfNh58aGj1gwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzkzMDM0MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi0w
DQYJKoZIhvcNAQELBQADggEBAATSWHo+Sfc6oe1093pOsNijHpEgRUzijTrY9/Vk
0zFR4ilRI3i06s2ZxyR5TIW9n38x4N+vg82ZNCFEynTuigK62Ud7yEc99x7SCPGz
4QivT7c9nUEvgg6OHWWGMbW9/U840Z5aR3UbwHLMqdDEcVU3eEqbUeukg4yfQwXc
fP7Hd6rRoPNR7KAJDBu7593nfwiTFBAAN6Fgq6Nt1wnrjaoHH6X+JhS3DUYoU8OT
DxL57j8kssu58n0C2WhmbU9ju2S3DbbbV0pOGZd2WEcWBtVNRq4IwpbFvSdaaU46
HgHi6m06LDDwxJCZX9TUOIVLHi6uBNLiK6ZqSe3DGYBHYps=
-----END CERTIFICATE-----