Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34312e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          PzzPfDAXqpJICDPw3sKqmTBk+6yTbn0OU/2PQFo+UkI=
Subject key identifier:   38:EF:3D:AA:3D:1A:84:16:8A:24:DC:2D:71:00:DC:B5:00:83:0A:C7
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0CBF5C60164AD6B4997C23587FC14EC2A0851EDB
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:15 +0000
ROA not before:           Mon 02 Oct 2023 05:17:15 +0000
ROA not after:            Mon 30 Sep 2024 05:22:15 +0000
asID:                     22363
IP address blocks:        31.6.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:bf:5c:60:16:4a:d6:b4:99:7c:23:58:7f:c1:4e:c2:a0:85:1e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:15 2023 GMT
            Not After : Sep 30 05:22:15 2024 GMT
        Subject: CN=38EF3DAA3D1A84168A24DC2D7100DCB500830AC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:96:72:3b:c2:b7:eb:b7:cb:71:5d:b9:81:9f:
                    51:7e:c6:fb:c3:c1:fc:e0:ef:20:36:6e:f3:99:29:
                    1f:fc:c8:5c:59:0c:50:50:7f:4d:3f:56:50:f6:ef:
                    22:0b:63:21:05:b3:2c:69:2a:64:66:87:22:40:66:
                    d1:bc:34:bf:a2:46:01:9b:00:0f:25:af:c1:76:c9:
                    44:23:23:30:b4:27:ea:34:00:67:07:87:72:05:58:
                    f3:82:00:ef:72:da:96:34:61:99:97:6f:79:fa:c9:
                    c9:90:3c:4d:98:b1:e8:d8:38:6e:a5:50:59:ca:a1:
                    f1:ce:fa:18:12:cc:20:ca:08:83:b3:1d:a6:a6:82:
                    03:ff:fa:ac:2c:ab:5d:61:b9:f7:ee:6c:1c:3c:a2:
                    d0:fe:0f:4d:ea:e0:23:a2:40:ca:e2:89:c1:65:9d:
                    e0:c3:90:a1:74:57:25:4c:7e:9b:41:20:12:63:3c:
                    9d:5a:de:ce:25:84:46:b9:dd:a3:b7:a5:52:6e:79:
                    b3:ca:a1:e3:1f:9a:36:03:48:4b:5b:c0:56:72:15:
                    1e:c5:34:01:f1:d1:e2:85:57:aa:76:cb:51:6f:0e:
                    59:86:8d:25:9c:f9:42:13:30:14:75:c5:ab:ad:cb:
                    cf:ce:08:54:77:96:ed:bd:e4:bc:de:2d:93:9c:a7:
                    b1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:EF:3D:AA:3D:1A:84:16:8A:24:DC:2D:71:00:DC:B5:00:83:0A:C7
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:4e:f8:80:2b:09:ce:72:35:14:25:1a:17:35:b6:1a:37:b2:
         8c:58:7d:c4:01:af:df:cd:60:5b:f4:1c:66:f0:62:4c:ce:5a:
         51:4f:8b:c4:4c:f5:42:84:67:4b:ca:fb:e1:de:56:6a:e6:62:
         60:16:4d:8c:d0:3f:c6:59:54:cf:ed:f4:85:b2:dc:93:37:e0:
         7a:34:d1:6c:19:3c:86:a0:fd:74:a9:f2:fa:58:a2:d2:17:15:
         0e:fa:55:77:d4:91:a1:52:46:cf:67:3f:e7:b9:e9:d9:6c:9e:
         97:60:a7:65:4f:1f:e2:91:b4:8d:24:c4:a0:87:7c:06:41:bb:
         e1:27:c6:42:48:f6:10:9e:bc:0b:bf:74:c5:26:61:cc:b8:f7:
         ac:ac:8b:89:9e:0c:7a:53:8a:30:7d:a7:ce:1f:47:b5:d4:74:
         51:bb:1b:b0:ea:83:ac:1e:2d:ea:79:20:9b:15:7d:89:ac:00:
         a3:cb:32:f1:6d:2a:f2:a6:36:82:1a:06:0e:c2:45:b0:ab:04:
         96:4f:71:5e:66:22:ca:29:9f:0d:04:7a:66:0d:da:57:4a:f9:
         b7:35:89:80:24:69:aa:f0:39:b5:f5:ea:24:14:2a:27:49:26:
         3e:4a:40:e8:bf:5f:35:7f:a3:64:6f:f8:1f:29:70:1c:e1:a3:
         cf:9d:df:8b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDL9cYBZK1rSZfCNYf8FOwqCFHtswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3MTVaFw0yNDA5MzAwNTIyMTVaMDMxMTAvBgNV
BAMTKDM4RUYzREFBM0QxQTg0MTY4QTI0REMyRDcxMDBEQ0I1MDA4MzBBQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDylnI7wrfrt8txXbmBn1F+xvvD
wfzg7yA2bvOZKR/8yFxZDFBQf00/VlD27yILYyEFsyxpKmRmhyJAZtG8NL+iRgGb
AA8lr8F2yUQjIzC0J+o0AGcHh3IFWPOCAO9y2pY0YZmXb3n6ycmQPE2YsejYOG6l
UFnKofHO+hgSzCDKCIOzHaamggP/+qwsq11huffubBw8otD+D03q4COiQMriicFl
neDDkKF0VyVMfptBIBJjPJ1a3s4lhEa53aO3pVJuebPKoeMfmjYDSEtbwFZyFR7F
NAHx0eKFV6p2y1FvDlmGjSWc+UITMBR1xauty8/OCFR3lu295LzeLZOcp7G7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUOO89qj0ahBaKJNwtcQDctQCDCscwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYpMA0G
CSqGSIb3DQEBCwUAA4IBAQCNTviAKwnOcjUUJRoXNbYaN7KMWH3EAa/fzWBb9Bxm
8GJMzlpRT4vETPVChGdLyvvh3lZq5mJgFk2M0D/GWVTP7fSFstyTN+B6NNFsGTyG
oP10qfL6WKLSFxUO+lV31JGhUkbPZz/nuenZbJ6XYKdlTx/ikbSNJMSgh3wGQbvh
J8ZCSPYQnrwLv3TFJmHMuPesrIuJngx6U4owfafOH0e11HRRuxuw6oOsHi3qeSCb
FX2JrACjyzLxbSrypjaCGgYOwkWwqwSWT3FeZiLKKZ8NBHpmDdpXSvm3NYmAJGmq
8Dm19eokFConSSY+SkDov181f6Nkb/gfKXAc4aPPnd+L
-----END CERTIFICATE-----