Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31372e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31372e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          edbyod6nI04Jujkyt5v8bu7s0uHc4/zkzS96KgprKFA=
Subject key identifier:   65:7C:D8:E6:41:71:8F:2A:5D:00:20:CF:85:F6:63:B1:A2:73:43:5E
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7F67A81AC9A889A87A9AD1745F1ADD2C96D55D9E
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31372e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:42 +0000
ROA not before:           Mon 02 Oct 2023 05:17:42 +0000
ROA not after:            Mon 30 Sep 2024 05:22:42 +0000
asID:                     22363
IP address blocks:        31.6.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:67:a8:1a:c9:a8:89:a8:7a:9a:d1:74:5f:1a:dd:2c:96:d5:5d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:42 2023 GMT
            Not After : Sep 30 05:22:42 2024 GMT
        Subject: CN=657CD8E641718F2A5D0020CF85F663B1A273435E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:dc:4a:df:c5:1e:8e:35:12:5c:48:a4:90:48:
                    57:02:7c:d2:da:df:63:db:ae:42:78:d6:b1:a8:97:
                    a7:77:05:14:8e:69:6d:75:a4:8b:8c:dc:d1:d9:17:
                    9d:f5:b6:e0:dc:fc:12:06:44:fe:11:ac:36:30:84:
                    df:e5:8c:bd:38:1f:1e:ba:e0:6c:d7:36:95:7b:96:
                    41:8f:71:ee:3d:ec:72:5c:2e:2c:55:42:28:58:d7:
                    46:58:fe:d9:cb:27:21:7f:6b:46:7d:47:19:06:0e:
                    60:a8:0b:11:25:ca:6e:8a:d1:6e:3f:c5:a8:4e:5c:
                    30:ed:46:d7:eb:4c:b2:40:59:90:c1:90:f4:40:e5:
                    5c:8a:fd:37:1d:c2:93:2f:da:57:68:b6:ba:da:23:
                    f1:83:4c:2a:59:93:d1:3c:dc:21:34:62:09:e9:1c:
                    97:cd:bd:cf:cd:94:f7:73:3c:30:41:c2:c0:6b:7b:
                    79:8c:3f:08:fd:2a:61:cf:7d:73:e6:09:d8:62:23:
                    66:eb:35:95:6a:60:fc:e3:02:eb:c2:4e:97:06:02:
                    01:56:7f:79:2c:ca:1f:2b:b9:22:a3:c1:57:90:54:
                    f8:d8:9c:8d:cd:75:0f:74:61:4e:fe:b3:bc:05:b0:
                    09:a1:f4:31:ab:50:f9:db:99:10:0f:bd:13:34:87:
                    83:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:7C:D8:E6:41:71:8F:2A:5D:00:20:CF:85:F6:63:B1:A2:73:43:5E
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31372e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:0c:e8:29:6d:f6:7e:d1:d4:c9:30:b9:aa:9c:43:91:e7:91:
         66:9f:65:0d:63:23:91:ba:80:14:65:1d:52:16:a1:3c:9a:21:
         c7:c7:34:fd:fd:69:86:4b:fa:20:32:bf:64:9e:0f:67:99:c5:
         98:cc:03:a6:f4:25:a2:f3:cb:6a:f9:6f:db:a1:ff:22:0e:44:
         79:4f:1a:cc:17:6f:68:be:2c:02:b0:c5:ae:73:8c:0f:bf:1f:
         fe:86:8a:c7:d1:cd:7f:68:bf:92:07:1f:de:81:01:74:05:fb:
         51:09:d8:1e:68:44:a4:f8:60:4c:75:88:e6:22:4f:53:be:7a:
         da:38:14:96:96:fc:28:15:04:65:f0:34:65:77:e9:ee:90:e8:
         7f:d0:64:67:5b:0b:f9:c4:8d:93:91:34:8d:87:1f:e3:d8:55:
         32:03:e8:7d:7f:7a:7e:96:b4:be:8c:72:79:2e:66:79:66:8b:
         a3:13:95:83:7a:07:12:b6:73:46:5e:ba:8c:66:13:d5:55:87:
         17:f5:49:96:7c:ea:37:eb:b0:74:4e:6a:94:d2:fe:45:93:63:
         b4:94:12:a5:83:f4:4a:e7:59:ad:a3:f5:70:11:4b:0b:3c:b1:
         79:4e:22:13:3e:37:2e:36:be:47:11:1b:13:12:04:f1:d2:83:
         0c:37:5b:29
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUf2eoGsmoiah6mtF0XxrdLJbVXZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3NDJaFw0yNDA5MzAwNTIyNDJaMDMxMTAvBgNV
BAMTKDY1N0NEOEU2NDE3MThGMkE1RDAwMjBDRjg1RjY2M0IxQTI3MzQzNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY3ErfxR6ONRJcSKSQSFcCfNLa
32PbrkJ41rGol6d3BRSOaW11pIuM3NHZF531tuDc/BIGRP4RrDYwhN/ljL04Hx66
4GzXNpV7lkGPce497HJcLixVQihY10ZY/tnLJyF/a0Z9RxkGDmCoCxElym6K0W4/
xahOXDDtRtfrTLJAWZDBkPRA5VyK/TcdwpMv2ldotrraI/GDTCpZk9E83CE0Ygnp
HJfNvc/NlPdzPDBBwsBre3mMPwj9KmHPfXPmCdhiI2brNZVqYPzjAuvCTpcGAgFW
f3ksyh8ruSKjwVeQVPjYnI3NdQ90YU7+s7wFsAmh9DGrUPnbmRAPvRM0h4MFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUZXzY5kFxjypdACDPhfZjsaJzQ14wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYRMA0G
CSqGSIb3DQEBCwUAA4IBAQBqDOgpbfZ+0dTJMLmqnEOR55Fmn2UNYyORuoAUZR1S
FqE8miHHxzT9/WmGS/ogMr9kng9nmcWYzAOm9CWi88tq+W/bof8iDkR5TxrMF29o
viwCsMWuc4wPvx/+horH0c1/aL+SBx/egQF0BftRCdgeaESk+GBMdYjmIk9Tvnra
OBSWlvwoFQRl8DRld+nukOh/0GRnWwv5xI2TkTSNhx/j2FUyA+h9f3p+lrS+jHJ5
LmZ5ZoujE5WDegcStnNGXrqMZhPVVYcX9UmWfOo367B0TmqU0v5Fk2O0lBKlg/RK
51mto/VwEUsLPLF5TiITPjcuNr5HERsTEgTx0oMMN1sp
-----END CERTIFICATE-----