Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e203631333137.roa
File:                     33312e362e32352e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          9A1KxoqvPNuf+T+wycO/jXOGJP+FxX66Lguhgyflw4k=
Subject key identifier:   1F:E1:81:B0:57:3B:63:53:37:58:0D:BB:0D:93:DA:DA:E4:E3:CF:CD
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       460725EB2B0659BF30F83B36DEA4C09EE49F7BFC
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e203631333137.roa
Signing time:             Sun 17 Dec 2023 10:39:44 +0000
ROA not before:           Sun 17 Dec 2023 10:34:44 +0000
ROA not after:            Sun 15 Dec 2024 10:39:44 +0000
asID:                     61317
IP address blocks:        31.6.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:07:25:eb:2b:06:59:bf:30:f8:3b:36:de:a4:c0:9e:e4:9f:7b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Dec 17 10:34:44 2023 GMT
            Not After : Dec 15 10:39:44 2024 GMT
        Subject: CN=1FE181B0573B635337580DBB0D93DADAE4E3CFCD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c7:c7:99:bc:33:6c:1f:c7:ee:29:3c:38:7f:
                    95:33:ab:fa:84:1b:ec:ef:2d:90:ed:1b:b4:03:6b:
                    3e:2c:44:3f:68:14:4f:82:cb:d5:d8:28:89:6a:5f:
                    f6:ef:9c:ec:74:f3:eb:8b:ee:4d:5e:f4:89:2f:10:
                    65:77:f7:38:db:04:c8:2b:4c:a7:31:7b:bd:49:a7:
                    f0:cc:09:9a:02:fe:58:19:f8:e7:a9:60:69:2f:f5:
                    c8:04:7a:ba:1d:cc:7b:17:e3:08:52:61:ee:4d:08:
                    89:25:ff:f7:5d:ec:02:04:eb:8b:af:96:b3:71:af:
                    78:da:1c:22:a4:32:cc:1f:61:d7:53:e9:13:22:9c:
                    e6:b6:c2:02:e0:bb:a1:42:be:b3:d2:ea:f1:ed:85:
                    f5:13:52:5b:d1:27:fb:3b:a6:c8:92:24:31:a6:98:
                    ce:8d:8a:63:19:3f:df:cc:98:a5:d2:f8:93:f7:f4:
                    34:aa:3c:61:29:dd:c6:60:22:54:a2:39:ab:f6:26:
                    3f:af:06:b9:9b:e3:1e:bf:ed:d5:a2:93:25:73:8a:
                    6d:56:15:39:c6:e7:9c:02:e4:c2:9b:e0:49:91:60:
                    69:c2:10:be:f1:7b:a5:c0:b6:34:4b:f8:a2:22:4c:
                    bd:cc:00:97:da:34:5f:09:bc:8a:f5:2e:df:21:0c:
                    69:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E1:81:B0:57:3B:63:53:37:58:0D:BB:0D:93:DA:DA:E4:E3:CF:CD
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:f9:6f:a1:f2:41:ad:3e:44:54:9e:a4:63:0e:4b:9f:6c:57:
         f6:2a:e3:95:cf:81:a5:f3:b2:a0:6c:1a:fa:51:aa:24:d2:98:
         10:84:c7:d7:ee:52:78:8a:b4:65:c2:f5:4b:e4:a4:7b:4d:ee:
         7c:90:0f:d7:32:c0:71:90:04:c5:ae:ab:ba:bf:47:99:29:9d:
         c4:21:07:ad:3f:53:ca:19:f3:0e:4d:b9:65:d4:29:ec:9b:69:
         20:ae:a7:bb:3e:83:dc:07:ff:05:ac:5b:58:29:98:92:06:e5:
         a5:3e:34:0b:78:f5:26:d3:d1:3f:a5:57:52:e1:1d:33:4e:57:
         13:00:f9:56:3d:21:27:c4:da:d3:0b:37:94:20:b2:1b:8b:7c:
         87:45:e2:f0:f2:26:e4:18:ca:4c:ee:fd:d7:86:be:2f:f2:ad:
         03:11:4f:62:4d:b5:8c:ed:4b:40:84:af:c8:46:c4:b9:ab:c1:
         30:69:25:ac:6d:83:ed:37:01:6f:16:67:8a:17:fd:35:53:5b:
         44:fb:ed:75:02:2c:1d:03:a9:f0:0c:9c:a1:35:cc:5a:17:ff:
         8d:e5:78:98:eb:9a:0c:fe:b0:08:36:36:06:70:52:aa:17:13:
         0b:91:22:24:a0:b1:5d:42:fd:8a:9e:3f:ed:14:8b:5b:8d:f4:
         93:c1:b4:d2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURgcl6ysGWb8w+Ds23qTAnuSfe/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEyMTcxMDM0NDRaFw0yNDEyMTUxMDM5NDRaMDMxMTAvBgNV
BAMTKDFGRTE4MUIwNTczQjYzNTMzNzU4MERCQjBEOTNEQURBRTRFM0NGQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1x8eZvDNsH8fuKTw4f5Uzq/qE
G+zvLZDtG7QDaz4sRD9oFE+Cy9XYKIlqX/bvnOx08+uL7k1e9IkvEGV39zjbBMgr
TKcxe71Jp/DMCZoC/lgZ+OepYGkv9cgEerodzHsX4whSYe5NCIkl//dd7AIE64uv
lrNxr3jaHCKkMswfYddT6RMinOa2wgLgu6FCvrPS6vHthfUTUlvRJ/s7psiSJDGm
mM6NimMZP9/MmKXS+JP39DSqPGEp3cZgIlSiOav2Jj+vBrmb4x6/7dWikyVzim1W
FTnG55wC5MKb4EmRYGnCEL7xe6XAtjRL+KIiTL3MAJfaNF8JvIr1Lt8hDGndAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUH+GBsFc7Y1M3WA27DZPa2uTjz80wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYZMA0G
CSqGSIb3DQEBCwUAA4IBAQCG+W+h8kGtPkRUnqRjDkufbFf2KuOVz4Gl87KgbBr6
Uaok0pgQhMfX7lJ4irRlwvVL5KR7Te58kA/XMsBxkATFrqu6v0eZKZ3EIQetP1PK
GfMOTbll1Cnsm2kgrqe7PoPcB/8FrFtYKZiSBuWlPjQLePUm09E/pVdS4R0zTlcT
APlWPSEnxNrTCzeUILIbi3yHReLw8ibkGMpM7v3Xhr4v8q0DEU9iTbWM7UtAhK/I
RsS5q8EwaSWsbYPtNwFvFmeKF/01U1tE++11AiwdA6nwDJyhNcxaF/+N5XiY65oM
/rAINjYGcFKqFxMLkSIkoLFdQv2Knj/tFItbjfSTwbTS
-----END CERTIFICATE-----