Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa
File:                     33312e362e362e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          L5QaqNikF1NrnuyhH2tSr/1SrmqrIGDc428FvrSWlao=
Subject key identifier:   0C:55:01:54:7D:87:08:FB:38:7A:02:CB:BE:D6:3E:D0:EE:29:90:7E
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       6244FD9267DDCB42B5087B6833A3E754908F7DEC
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:21:34 +0000
ROA not before:           Mon 02 Oct 2023 05:16:34 +0000
ROA not after:            Mon 30 Sep 2024 05:21:34 +0000
asID:                     22363
IP address blocks:        31.6.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:44:fd:92:67:dd:cb:42:b5:08:7b:68:33:a3:e7:54:90:8f:7d:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:16:34 2023 GMT
            Not After : Sep 30 05:21:34 2024 GMT
        Subject: CN=0C5501547D8708FB387A02CBBED63ED0EE29907E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c5:10:b0:8c:1a:22:42:cc:8c:5f:e0:17:e2:
                    8d:f8:ea:16:f9:8a:eb:37:92:71:c2:55:d1:29:8e:
                    a0:2a:4e:e2:92:35:9d:16:eb:8c:63:31:bd:fb:b3:
                    2b:ae:27:87:df:70:67:95:3a:50:cb:07:41:d0:ec:
                    0d:75:a0:66:8e:58:56:70:b0:46:e8:c5:57:b4:60:
                    d6:9f:98:a3:4c:6c:88:ab:80:89:ec:c1:0f:07:a8:
                    1f:2e:24:71:3b:50:30:68:1f:cb:5f:9a:f4:fc:ba:
                    a7:98:82:d3:63:ef:b3:80:1f:3b:28:81:0b:c8:2c:
                    d5:85:97:d2:85:ab:96:14:60:d2:f3:3e:a2:dd:f9:
                    be:95:c7:fb:47:34:55:e7:cc:52:b4:11:ec:5f:28:
                    ae:9f:53:85:5a:28:a9:ad:1a:74:47:88:01:64:b2:
                    7c:38:29:d4:59:f4:6c:82:3e:99:9e:d3:9a:28:40:
                    76:35:a8:e6:4b:ca:43:87:c4:c1:47:a7:88:12:22:
                    53:1e:3a:83:93:08:3c:43:98:2f:a9:90:76:65:df:
                    fc:22:6e:c2:49:a5:5d:06:51:37:3c:d6:96:a2:ef:
                    c4:91:83:15:af:77:ce:f7:bd:5f:05:01:ef:98:58:
                    23:26:2e:5d:83:fd:f4:34:1f:fa:b0:26:dc:e2:67:
                    5f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:55:01:54:7D:87:08:FB:38:7A:02:CB:BE:D6:3E:D0:EE:29:90:7E
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f6:6b:c5:f6:64:c2:ef:97:e7:a1:6d:ab:d9:8e:f1:09:12:
         c4:81:09:17:64:cd:9b:45:7f:0c:0d:7c:79:46:99:55:86:9f:
         d2:f3:5f:5d:94:85:de:2d:af:db:46:c9:00:43:a7:8f:3e:48:
         6f:13:25:06:a0:fc:52:c8:44:71:46:b1:2a:0c:db:04:0c:09:
         7d:88:92:12:32:0f:fa:9f:d6:06:c9:4e:63:23:27:b2:3f:23:
         bd:f9:a5:75:92:d5:56:71:97:87:d9:9d:18:6f:f4:1d:6e:4d:
         8a:77:4d:65:4e:30:83:70:01:c3:2e:53:18:8e:35:65:f1:a4:
         bd:90:9d:82:71:8f:2b:31:c5:8b:d1:ea:a8:fc:3c:86:7c:6c:
         9b:d0:f1:80:30:b0:df:53:61:eb:e7:57:30:4f:48:35:08:a1:
         8c:16:2c:d5:76:7c:b4:d2:72:85:61:26:53:a6:98:84:0b:6e:
         37:6c:d0:f7:d7:db:f9:32:38:44:28:f0:71:e5:f3:9b:b0:50:
         05:05:65:ac:70:81:31:66:4c:5c:58:d6:51:16:75:e0:1c:c5:
         ba:b3:c1:a8:93:d6:83:bb:16:86:89:98:42:b1:f7:78:63:4b:
         66:33:ef:f3:dd:e0:98:dc:87:bc:84:5a:ce:62:75:21:f7:62:
         23:84:53:db
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUYkT9kmfdy0K1CHtoM6PnVJCPfewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE2MzRaFw0yNDA5MzAwNTIxMzRaMDMxMTAvBgNV
BAMTKDBDNTUwMTU0N0Q4NzA4RkIzODdBMDJDQkJFRDYzRUQwRUUyOTkwN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjxRCwjBoiQsyMX+AX4o346hb5
ius3knHCVdEpjqAqTuKSNZ0W64xjMb37syuuJ4ffcGeVOlDLB0HQ7A11oGaOWFZw
sEboxVe0YNafmKNMbIirgInswQ8HqB8uJHE7UDBoH8tfmvT8uqeYgtNj77OAHzso
gQvILNWFl9KFq5YUYNLzPqLd+b6Vx/tHNFXnzFK0EexfKK6fU4VaKKmtGnRHiAFk
snw4KdRZ9GyCPpme05ooQHY1qOZLykOHxMFHp4gSIlMeOoOTCDxDmC+pkHZl3/wi
bsJJpV0GUTc81pai78SRgxWvd873vV8FAe+YWCMmLl2D/fQ0H/qwJtziZ1+lAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUDFUBVH2HCPs4egLLvtY+0O4pkH4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GBjANBgkq
hkiG9w0BAQsFAAOCAQEAN/ZrxfZkwu+X56Ftq9mO8QkSxIEJF2TNm0V/DA18eUaZ
VYaf0vNfXZSF3i2v20bJAEOnjz5IbxMlBqD8UshEcUaxKgzbBAwJfYiSEjIP+p/W
BslOYyMnsj8jvfmldZLVVnGXh9mdGG/0HW5NindNZU4wg3ABwy5TGI41ZfGkvZCd
gnGPKzHFi9HqqPw8hnxsm9DxgDCw31Nh6+dXME9INQihjBYs1XZ8tNJyhWEmU6aY
hAtuN2zQ99fb+TI4RCjwceXzm7BQBQVlrHCBMWZMXFjWURZ14BzFurPBqJPWg7sW
homYQrH3eGNLZjPv893gmNyHvIRazmJ1IfdiI4RT2w==
-----END CERTIFICATE-----