Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e332e302f32342d3234203d3e203232333633.roa
File:                     33312e362e332e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          jjgFB85H4lJSiZ4gDO1qMj4VJaVyIFgSLmy+uQc2jMg=
Subject key identifier:   4D:8D:33:EE:BC:30:CE:79:52:48:D8:28:9D:7C:11:C5:40:80:89:9D
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       782F51D70BE29B988826D914DAA06F00060D4CDB
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e332e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:19:37 +0000
ROA not before:           Mon 02 Oct 2023 05:14:37 +0000
ROA not after:            Mon 30 Sep 2024 05:19:37 +0000
asID:                     22363
IP address blocks:        31.6.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:2f:51:d7:0b:e2:9b:98:88:26:d9:14:da:a0:6f:00:06:0d:4c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:14:37 2023 GMT
            Not After : Sep 30 05:19:37 2024 GMT
        Subject: CN=4D8D33EEBC30CE795248D8289D7C11C54080899D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f7:42:a8:a0:8a:a7:b5:89:f5:d9:28:a3:11:
                    e4:dc:b6:01:6d:bb:3d:07:10:57:a2:29:c4:9c:4c:
                    81:48:0b:f0:e6:81:6c:ba:bb:09:6d:78:16:d9:9c:
                    c9:9b:77:99:c3:36:9f:41:0d:2f:7a:70:2c:cb:f5:
                    08:c1:52:f2:d9:51:7b:8f:f6:bf:2d:df:53:28:be:
                    31:6a:ce:7d:4b:b5:6d:7b:21:fb:62:b0:a1:5e:41:
                    95:7c:9d:67:47:be:b5:27:3e:d8:06:c7:13:81:9b:
                    58:55:f1:f0:ca:ca:4b:cc:ec:e1:d4:6a:69:6d:43:
                    36:2b:94:0c:3e:77:3a:52:d7:9d:16:6c:a3:8a:a2:
                    be:bd:08:e2:31:43:9e:49:8a:74:f3:7f:02:86:6e:
                    11:34:e9:54:13:b4:da:d9:79:31:b2:cb:2e:53:b6:
                    90:a8:58:3e:7e:7f:8c:99:bc:94:8b:ab:96:40:d7:
                    da:52:75:de:56:d6:be:73:78:d2:be:b1:be:92:a2:
                    ca:b1:a6:4c:f8:9b:a0:78:7b:a7:53:b3:ce:56:1a:
                    06:6f:b6:6c:5a:e4:8f:7d:50:69:b3:7d:69:e6:8e:
                    29:bb:d7:70:0e:27:9e:9c:ce:f0:de:7a:1f:66:e9:
                    b1:2c:e0:b3:b9:87:72:bb:9e:c0:fb:ff:b4:ff:96:
                    e7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:8D:33:EE:BC:30:CE:79:52:48:D8:28:9D:7C:11:C5:40:80:89:9D
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e332e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:39:49:bb:69:d9:9e:4a:34:07:66:9e:4b:cc:d2:90:d3:59:
         1c:b9:9e:6f:27:11:c9:eb:c6:25:61:83:63:ca:7c:26:cb:72:
         91:68:92:c8:2c:3e:e1:e6:59:9b:e7:78:65:2f:57:11:5f:f6:
         7f:17:74:c3:b6:23:b3:ed:5f:ca:73:6d:72:0c:f3:d6:eb:89:
         ae:8d:75:c8:fd:16:b1:99:3f:6e:c4:8c:8a:bc:f1:c0:68:a5:
         23:68:19:ed:78:32:03:2b:a6:7e:36:a7:04:cd:f8:a9:05:d6:
         73:8e:3f:34:8c:98:93:a7:aa:ca:2f:86:4e:8d:76:f4:4a:11:
         57:b2:7a:9b:d0:62:74:9a:8e:83:66:aa:53:71:b2:95:99:c7:
         9c:82:1d:a8:97:7b:6b:da:43:82:45:cc:e8:47:29:9b:9c:cf:
         a8:06:01:1b:64:e7:9d:a1:1c:96:76:cf:cf:bf:42:f9:da:b6:
         0c:d4:ba:4d:da:47:d3:f5:4b:8f:fc:6f:41:e1:d3:2c:12:01:
         41:e0:71:c2:c6:f6:16:32:7c:20:14:90:f4:56:01:3c:03:b1:
         31:46:93:86:fd:f7:dd:4b:e0:d0:49:fb:d7:bc:76:2d:54:9b:
         fa:98:aa:f7:31:85:4d:2b:85:52:17:d4:ab:cd:2b:e3:52:e9:
         59:56:57:20
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUeC9R1wvim5iIJtkU2qBvAAYNTNswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE0MzdaFw0yNDA5MzAwNTE5MzdaMDMxMTAvBgNV
BAMTKDREOEQzM0VFQkMzMENFNzk1MjQ4RDgyODlEN0MxMUM1NDA4MDg5OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP90KooIqntYn12SijEeTctgFt
uz0HEFeiKcScTIFIC/DmgWy6uwlteBbZnMmbd5nDNp9BDS96cCzL9QjBUvLZUXuP
9r8t31MovjFqzn1LtW17IftisKFeQZV8nWdHvrUnPtgGxxOBm1hV8fDKykvM7OHU
amltQzYrlAw+dzpS150WbKOKor69COIxQ55JinTzfwKGbhE06VQTtNrZeTGyyy5T
tpCoWD5+f4yZvJSLq5ZA19pSdd5W1r5zeNK+sb6Sosqxpkz4m6B4e6dTs85WGgZv
tmxa5I99UGmzfWnmjim713AOJ56czvDeeh9m6bEs4LO5h3K7nsD7/7T/lueDAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUTY0z7rwwznlSSNgonXwRxUCAiZ0wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GAzANBgkq
hkiG9w0BAQsFAAOCAQEAWzlJu2nZnko0B2aeS8zSkNNZHLmebycRyevGJWGDY8p8
JstykWiSyCw+4eZZm+d4ZS9XEV/2fxd0w7Yjs+1fynNtcgzz1uuJro11yP0WsZk/
bsSMirzxwGilI2gZ7XgyAyumfjanBM34qQXWc44/NIyYk6eqyi+GTo129EoRV7J6
m9BidJqOg2aqU3GylZnHnIIdqJd7a9pDgkXM6Ecpm5zPqAYBG2TnnaEclnbPz79C
+dq2DNS6TdpH0/VLj/xvQeHTLBIBQeBxwsb2FjJ8IBSQ9FYBPAOxMUaThv333Uvg
0En717x2LVSb+piq9zGFTSuFUhfUq80r41LpWVZXIA==
-----END CERTIFICATE-----