Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35302e302f32342d3234203d3e203439353831.roa
File:                     33312e362e35302e302f32342d3234203d3e203439353831.roa (raw, json)
Hash identifier:          oNquauCEI/p87q35PLCZzRVpQLMbQNs+VJfYqjySay4=
Subject key identifier:   E1:BC:1F:A1:59:E6:BD:97:53:C5:D8:4E:67:3A:C8:C1:7F:54:10:AD
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       59AEC42C575DA70ECF0EEDE735904AD1A99209CA
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35302e302f32342d3234203d3e203439353831.roa
Signing time:             Fri 26 Jan 2024 13:39:18 +0000
ROA not before:           Fri 26 Jan 2024 13:34:18 +0000
ROA not after:            Fri 24 Jan 2025 13:39:18 +0000
asID:                     49581
IP address blocks:        31.6.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:ae:c4:2c:57:5d:a7:0e:cf:0e:ed:e7:35:90:4a:d1:a9:92:09:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jan 26 13:34:18 2024 GMT
            Not After : Jan 24 13:39:18 2025 GMT
        Subject: CN=E1BC1FA159E6BD9753C5D84E673AC8C17F5410AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:40:3b:dc:35:fc:42:38:f2:7b:59:ae:38:6c:
                    21:f7:77:6c:51:5e:ba:1c:e6:83:18:25:5d:ac:c7:
                    81:ef:d2:78:e4:23:a9:a5:cd:eb:82:86:89:9e:d4:
                    21:0b:d8:b7:a0:ad:9d:03:7a:d8:6f:34:3c:18:31:
                    ac:a3:5d:37:d9:88:6b:97:b3:f3:c8:97:df:f8:e3:
                    43:2d:16:22:b4:62:60:e8:da:97:c2:ef:54:4b:40:
                    d2:3f:1b:c7:23:e8:65:86:0b:75:64:c2:1d:84:2a:
                    8a:fb:b8:ab:c5:cd:40:b9:ba:61:d8:6d:6a:2c:25:
                    65:05:78:02:74:52:67:9e:53:ca:b8:ba:b0:65:59:
                    76:7a:a0:65:63:6d:40:5c:2f:34:38:a4:d2:70:eb:
                    2a:cc:41:1d:07:72:40:f7:06:48:0b:65:51:e6:73:
                    5e:82:57:11:6e:21:64:86:0e:2a:90:90:8b:0d:3e:
                    ea:9a:21:a4:47:6c:60:dd:6f:25:10:39:04:43:f1:
                    e8:bb:1e:fe:fc:3d:5b:49:ab:14:54:56:34:09:b5:
                    f3:30:33:12:3d:5a:c6:d3:2c:9a:ae:11:18:14:0f:
                    77:ed:fd:e4:4b:60:d9:6f:6b:66:10:f9:a9:9e:c5:
                    bd:15:b0:17:1e:a4:65:0f:e0:0d:c8:eb:76:8f:2c:
                    68:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:BC:1F:A1:59:E6:BD:97:53:C5:D8:4E:67:3A:C8:C1:7F:54:10:AD
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35302e302f32342d3234203d3e203439353831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:43:ca:52:23:f7:17:25:a1:1b:f7:1e:55:74:3b:64:e6:d6:
         bd:de:56:43:f6:c4:24:13:b6:6d:2f:37:e4:66:0a:d4:49:ea:
         e2:48:14:51:d4:ac:e4:b1:cf:cd:e3:5b:1a:00:27:32:75:c7:
         62:15:e4:e5:c7:ac:1b:d5:67:43:6f:df:b4:e4:e2:91:89:cf:
         77:c4:4a:03:9e:12:e8:8c:52:e2:b1:e7:70:cf:03:ea:64:57:
         c7:17:b7:47:3f:fa:e5:69:16:50:64:5a:ba:27:f5:2b:e6:2b:
         87:5f:31:4a:2e:a2:25:58:8a:f3:9b:7d:bc:d1:ae:03:ae:c2:
         37:6a:a3:6f:89:97:4f:42:61:21:01:46:ba:2e:fa:f0:bc:55:
         23:07:0b:9a:3d:63:32:14:8f:b0:38:53:41:6e:89:5a:3a:b2:
         a8:15:dc:76:42:f3:1f:a5:fe:8f:fc:da:a7:fb:6f:75:ba:50:
         55:05:10:0a:9d:93:e1:f4:27:3b:c7:24:42:a7:85:71:f4:2b:
         82:a6:7c:d7:b1:09:f9:8d:9e:e5:78:39:1e:87:7b:2f:a4:f2:
         71:fe:89:22:b3:2a:67:ca:9a:ff:0e:0f:14:f9:78:71:71:48:
         15:1d:bc:84:a1:43:99:84:8f:a2:c1:3c:6a:72:26:a2:01:93:
         8e:7c:2b:6a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUWa7ELFddpw7PDu3nNZBK0amSCcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDAxMjYxMzM0MThaFw0yNTAxMjQxMzM5MThaMDMxMTAvBgNV
BAMTKEUxQkMxRkExNTlFNkJEOTc1M0M1RDg0RTY3M0FDOEMxN0Y1NDEwQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmQDvcNfxCOPJ7Wa44bCH3d2xR
Xroc5oMYJV2sx4Hv0njkI6mlzeuChome1CEL2LegrZ0DethvNDwYMayjXTfZiGuX
s/PIl9/440MtFiK0YmDo2pfC71RLQNI/G8cj6GWGC3Vkwh2EKor7uKvFzUC5umHY
bWosJWUFeAJ0UmeeU8q4urBlWXZ6oGVjbUBcLzQ4pNJw6yrMQR0HckD3BkgLZVHm
c16CVxFuIWSGDiqQkIsNPuqaIaRHbGDdbyUQOQRD8ei7Hv78PVtJqxRUVjQJtfMw
MxI9WsbTLJquERgUD3ft/eRLYNlva2YQ+amexb0VsBcepGUP4A3I63aPLGgxAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU4bwfoVnmvZdTxdhOZzrIwX9UEK0wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM5MzUzODMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYyMA0G
CSqGSIb3DQEBCwUAA4IBAQALQ8pSI/cXJaEb9x5VdDtk5ta93lZD9sQkE7ZtLzfk
ZgrUSeriSBRR1Kzksc/N41saACcydcdiFeTlx6wb1WdDb9+05OKRic93xEoDnhLo
jFLisedwzwPqZFfHF7dHP/rlaRZQZFq6J/Ur5iuHXzFKLqIlWIrzm3280a4DrsI3
aqNviZdPQmEhAUa6LvrwvFUjBwuaPWMyFI+wOFNBbolaOrKoFdx2QvMfpf6P/Nqn
+291ulBVBRAKnZPh9Cc7xyRCp4Vx9CuCpnzXsQn5jZ7leDkeh3svpPJx/okisypn
ypr/Dg8U+XhxcUgVHbyEoUOZhI+iwTxqciaiAZOOfCtq
-----END CERTIFICATE-----