Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35382e302f32342d3234203d3e203232333633.roa
File:                     33312e362e35382e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          QvXQtSbcf0pyN3Shk8ewJE9ED4cioWl6cf74uTap+FM=
Subject key identifier:   CC:C5:05:37:E9:1B:C5:F8:36:6A:F2:EE:75:13:B9:25:3C:94:4F:50
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       45D77EB667B4041ED402B8A8D99D8FD7C9544CDE
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35382e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:11 +0000
ROA not before:           Mon 02 Oct 2023 05:17:11 +0000
ROA not after:            Mon 30 Sep 2024 05:22:11 +0000
asID:                     22363
IP address blocks:        31.6.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:d7:7e:b6:67:b4:04:1e:d4:02:b8:a8:d9:9d:8f:d7:c9:54:4c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:11 2023 GMT
            Not After : Sep 30 05:22:11 2024 GMT
        Subject: CN=CCC50537E91BC5F8366AF2EE7513B9253C944F50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:36:fe:af:94:f4:da:eb:fc:ba:04:db:e0:ed:
                    0e:7c:3c:a9:93:57:58:fc:ed:09:9a:bb:a5:49:27:
                    cf:69:b9:f6:1c:b8:68:bb:f3:36:fe:5a:da:59:36:
                    8d:6c:7b:3a:ea:fe:8f:ce:e0:6e:91:17:6f:0f:46:
                    97:ae:5a:46:a7:f8:4c:66:63:5c:55:b5:84:62:81:
                    14:2d:2b:53:14:a8:83:88:19:10:8a:74:63:df:90:
                    4d:e3:40:1e:ae:a8:b0:f6:55:c9:39:57:03:e9:ac:
                    a4:3c:fa:b1:61:c5:c1:46:af:fa:9a:3e:c7:cf:23:
                    4e:9b:b0:7b:e9:b6:67:14:82:16:4e:53:09:28:7d:
                    dd:15:6a:61:8e:83:4d:5e:9f:bd:cf:7a:80:78:bb:
                    ff:1c:5c:2a:27:01:da:13:0b:24:2a:66:ee:c8:e1:
                    ad:b8:3b:ca:bc:c4:48:a3:ae:7f:08:b1:8d:9c:3d:
                    1a:73:0a:91:a9:dd:6c:b8:d4:43:49:49:f7:b8:19:
                    a9:00:4a:64:9b:7e:4e:a3:6d:95:06:01:44:7f:c1:
                    de:57:45:e2:8f:bf:9d:5d:ce:4d:66:b0:87:bd:2f:
                    72:01:0f:d9:fc:20:28:3a:47:02:06:76:f4:c1:0e:
                    59:b2:b2:19:e0:00:29:04:b4:fc:24:cc:58:57:d1:
                    2e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C5:05:37:E9:1B:C5:F8:36:6A:F2:EE:75:13:B9:25:3C:94:4F:50
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35382e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c3:66:78:e0:e7:fa:54:8e:f9:00:e3:49:9d:c1:22:9c:b4:
         9e:06:4a:69:6c:29:11:3d:59:dc:16:fa:ee:0e:16:90:99:3d:
         36:f1:58:3a:b8:ab:c6:7e:8f:69:94:8b:83:27:71:eb:f4:0a:
         0d:d9:d7:a7:5c:46:5a:65:f9:1c:3f:b0:ab:c2:2b:73:7f:b1:
         2d:75:94:f0:26:4f:4f:7f:38:56:0e:b7:9a:16:10:81:11:9a:
         62:a2:d9:42:fe:1c:6a:6c:ca:3f:7b:f4:75:3e:49:7d:99:e3:
         0a:2a:69:96:c1:b9:2b:ba:15:ef:7f:64:31:74:56:97:39:4e:
         0c:da:69:ec:5b:d1:5c:bd:25:04:bd:ea:31:39:6b:22:7c:90:
         26:0c:4a:d8:30:80:1b:66:d0:12:a3:18:90:81:fc:c9:6c:ca:
         d9:e1:75:3a:0c:2a:31:95:c3:e3:82:26:e2:e4:b3:ca:0b:2a:
         13:ac:bb:f5:22:83:24:bf:90:9f:b1:44:e7:d4:45:a5:ea:66:
         05:2d:ee:d4:66:38:54:44:e6:c9:04:8a:07:90:e2:e5:49:d8:
         5c:74:55:38:f8:3f:1e:8b:90:a1:b8:58:3b:47:e3:0f:a7:4f:
         ce:c2:43:c7:95:0b:55:98:d5:1d:02:73:13:7a:72:33:1d:f2:
         20:b2:04:61
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURdd+tme0BB7UArio2Z2P18lUTN4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3MTFaFw0yNDA5MzAwNTIyMTFaMDMxMTAvBgNV
BAMTKENDQzUwNTM3RTkxQkM1RjgzNjZBRjJFRTc1MTNCOTI1M0M5NDRGNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Nv6vlPTa6/y6BNvg7Q58PKmT
V1j87Qmau6VJJ89pufYcuGi78zb+WtpZNo1sezrq/o/O4G6RF28PRpeuWkan+Exm
Y1xVtYRigRQtK1MUqIOIGRCKdGPfkE3jQB6uqLD2Vck5VwPprKQ8+rFhxcFGr/qa
PsfPI06bsHvptmcUghZOUwkofd0VamGOg01en73PeoB4u/8cXConAdoTCyQqZu7I
4a24O8q8xEijrn8IsY2cPRpzCpGp3Wy41ENJSfe4GakASmSbfk6jbZUGAUR/wd5X
ReKPv51dzk1msIe9L3IBD9n8ICg6RwIGdvTBDlmyshngACkEtPwkzFhX0S4hAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUzMUFN+kbxfg2avLudRO5JTyUT1AwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwY6MA0G
CSqGSIb3DQEBCwUAA4IBAQB+w2Z44Of6VI75AONJncEinLSeBkppbCkRPVncFvru
DhaQmT028Vg6uKvGfo9plIuDJ3Hr9AoN2denXEZaZfkcP7Crwitzf7EtdZTwJk9P
fzhWDreaFhCBEZpiotlC/hxqbMo/e/R1Pkl9meMKKmmWwbkruhXvf2QxdFaXOU4M
2mnsW9FcvSUEveoxOWsifJAmDErYMIAbZtASoxiQgfzJbMrZ4XU6DCoxlcPjgibi
5LPKCyoTrLv1IoMkv5CfsUTn1EWl6mYFLe7UZjhURObJBIoHkOLlSdhcdFU4+D8e
i5ChuFg7R+MPp0/OwkPHlQtVmNUdAnMTenIzHfIgsgRh
-----END CERTIFICATE-----