Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e352e302f32342d3234203d3e203232333633.roa
File:                     33312e362e352e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          sBnK4/mOo3YQjbI+Fho4Lj/6w2MDBD0VSKoJL66OToQ=
Subject key identifier:   A9:1C:88:CF:E1:5D:4A:04:4D:BC:F4:84:8B:72:19:52:60:78:BA:DA
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       44172E9333828BE940D787B1128BEDDCA37E6229
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e352e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:19:33 +0000
ROA not before:           Mon 02 Oct 2023 05:14:33 +0000
ROA not after:            Mon 30 Sep 2024 05:19:33 +0000
asID:                     22363
IP address blocks:        31.6.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:17:2e:93:33:82:8b:e9:40:d7:87:b1:12:8b:ed:dc:a3:7e:62:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:14:33 2023 GMT
            Not After : Sep 30 05:19:33 2024 GMT
        Subject: CN=A91C88CFE15D4A044DBCF4848B7219526078BADA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:01:7f:17:1d:4f:e4:88:0c:f0:b7:79:67:45:
                    3f:41:d8:40:6d:b4:6c:2c:97:7f:67:08:8c:a3:7b:
                    10:55:4e:21:31:9a:40:4e:a7:ae:19:9d:d4:18:09:
                    db:fa:b2:de:22:0b:35:77:23:bb:53:ee:1f:40:d4:
                    e2:a2:94:ea:19:2e:b2:4b:8b:ac:01:5e:b5:78:58:
                    36:ed:e6:09:d3:d9:b6:94:54:4b:20:b0:02:82:29:
                    2f:95:db:24:f8:e9:1f:03:6a:5f:1f:84:a6:0f:58:
                    2a:f1:ef:5d:34:62:e2:46:ef:a7:1a:ac:41:24:e4:
                    d8:aa:a1:c0:22:c1:0b:e3:39:d0:be:88:8e:46:be:
                    0d:36:48:c9:ea:ba:43:df:e0:8a:99:58:ee:2a:a2:
                    2a:4f:10:20:34:8c:75:32:c1:60:ed:b2:dc:79:6f:
                    8d:8c:0c:bb:2f:b2:fc:63:54:9b:8c:f6:97:39:26:
                    ed:bf:76:e9:3a:ec:55:4d:07:cb:14:6d:90:3d:c2:
                    3c:fa:c5:05:63:9f:5f:d4:9a:6d:c4:a0:2b:1e:31:
                    b4:89:32:52:38:88:82:03:8f:9a:5d:0e:9d:22:bf:
                    3b:9d:65:38:3a:16:a7:36:a7:71:02:30:ad:3c:ab:
                    b1:d6:77:f4:70:57:59:ce:f6:7a:12:bc:a9:74:71:
                    86:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:1C:88:CF:E1:5D:4A:04:4D:BC:F4:84:8B:72:19:52:60:78:BA:DA
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e352e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:cf:af:a0:a0:08:4f:37:ae:c3:2b:fc:28:6d:b9:13:00:32:
         1d:9f:4f:f1:95:7f:76:e0:29:48:7f:69:ba:67:27:6a:52:ed:
         87:ae:19:ba:08:a8:d0:33:10:25:91:04:c5:d6:27:33:4e:72:
         a3:74:3a:7f:d2:9a:79:6c:fe:e8:43:3d:8e:35:89:9d:af:20:
         14:2a:77:33:6e:45:7f:fd:ec:d1:f0:59:81:42:c7:20:a8:75:
         a9:f6:2d:34:ed:2d:39:9b:08:aa:15:97:ac:51:51:d0:27:90:
         fc:bd:38:ea:09:9b:ee:ab:db:40:3f:a0:04:56:82:5f:65:fa:
         d1:d4:d5:b0:09:c0:ce:ed:33:51:ce:b3:8e:c0:49:1f:81:f6:
         11:f2:2e:89:f0:bd:f4:6c:56:a5:3b:55:d7:16:d6:7e:6f:d5:
         19:86:56:e8:64:53:6a:9e:d9:86:63:5f:c5:da:8e:95:b1:f7:
         34:75:2d:20:22:e2:4a:01:f5:90:5f:8b:49:1e:3a:77:b1:93:
         76:35:b3:fe:ab:89:42:83:4c:bc:7c:13:fa:f6:2b:f7:ed:27:
         d5:ac:82:cf:f3:a8:0e:3e:ed:13:51:4f:2c:65:f4:b8:d6:da:
         75:b2:7a:a1:34:52:c9:d8:b5:47:5b:e6:4d:08:9e:88:04:ae:
         d6:9f:76:1c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIURBcukzOCi+lA14exEovt3KN+YikwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE0MzNaFw0yNDA5MzAwNTE5MzNaMDMxMTAvBgNV
BAMTKEE5MUM4OENGRTE1RDRBMDQ0REJDRjQ4NDhCNzIxOTUyNjA3OEJBREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvAX8XHU/kiAzwt3lnRT9B2EBt
tGwsl39nCIyjexBVTiExmkBOp64ZndQYCdv6st4iCzV3I7tT7h9A1OKilOoZLrJL
i6wBXrV4WDbt5gnT2baUVEsgsAKCKS+V2yT46R8Dal8fhKYPWCrx7100YuJG76ca
rEEk5NiqocAiwQvjOdC+iI5Gvg02SMnqukPf4IqZWO4qoipPECA0jHUywWDtstx5
b42MDLsvsvxjVJuM9pc5Ju2/duk67FVNB8sUbZA9wjz6xQVjn1/Umm3EoCseMbSJ
MlI4iIIDj5pdDp0ivzudZTg6Fqc2p3ECMK08q7HWd/RwV1nO9noSvKl0cYbRAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUqRyIz+FdSgRNvPSEi3IZUmB4utowHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GBTANBgkq
hkiG9w0BAQsFAAOCAQEAAs+voKAITzeuwyv8KG25EwAyHZ9P8ZV/duApSH9pumcn
alLth64Zugio0DMQJZEExdYnM05yo3Q6f9KaeWz+6EM9jjWJna8gFCp3M25Ff/3s
0fBZgULHIKh1qfYtNO0tOZsIqhWXrFFR0CeQ/L046gmb7qvbQD+gBFaCX2X60dTV
sAnAzu0zUc6zjsBJH4H2EfIuifC99GxWpTtV1xbWfm/VGYZW6GRTap7ZhmNfxdqO
lbH3NHUtICLiSgH1kF+LSR46d7GTdjWz/quJQoNMvHwT+vYr9+0n1ayCz/OoDj7t
E1FPLGX0uNbadbJ6oTRSydi1R1vmTQieiASu1p92HA==
-----END CERTIFICATE-----