Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa
File:                     33312e362e36312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          FNwhw6ei2FYpuPYSw/W1woQLt+X8rqG6DWhNG0JCDxI=
Subject key identifier:   5B:BD:09:A8:AD:ED:83:AC:5A:51:50:28:2C:B0:FE:F6:79:41:B8:C5
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7BED374D23D11E4B33E0D63CDE2833DE7E9DB123
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 30 Nov 2023 08:40:12 +0000
ROA not before:           Thu 30 Nov 2023 08:35:12 +0000
ROA not after:            Thu 28 Nov 2024 08:40:12 +0000
asID:                     61317
IP address blocks:        31.6.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:ed:37:4d:23:d1:1e:4b:33:e0:d6:3c:de:28:33:de:7e:9d:b1:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 30 08:35:12 2023 GMT
            Not After : Nov 28 08:40:12 2024 GMT
        Subject: CN=5BBD09A8ADED83AC5A5150282CB0FEF67941B8C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:31:8f:16:43:8f:21:de:03:46:7b:c2:fe:47:
                    8f:18:bf:62:cb:4a:43:a5:a7:96:81:4c:4c:f2:6f:
                    8e:da:d5:88:d4:31:7e:93:0a:c3:bc:05:ca:53:6d:
                    83:91:bd:f2:6c:d1:65:31:30:a0:72:3e:a0:5d:8f:
                    88:65:23:39:a5:ac:9b:31:8f:fe:b9:9e:2f:19:61:
                    08:c0:56:86:d1:07:61:5d:3e:7d:a1:d0:53:79:32:
                    b6:f3:1d:86:fc:01:25:a2:b1:24:c6:bc:0c:15:ae:
                    ab:e2:0e:9f:ec:9d:eb:04:eb:af:1f:63:a5:7b:31:
                    05:18:dc:ad:1d:f6:03:33:03:cf:52:06:77:44:3e:
                    f9:cc:4d:98:e6:0a:c8:d5:cd:25:f5:2e:33:d8:48:
                    5e:11:91:c6:25:3f:ab:76:92:5e:56:6a:dd:b2:df:
                    fc:9f:26:ba:e4:10:79:ab:aa:ec:78:1d:43:80:76:
                    65:48:9b:31:ca:af:05:df:ce:69:2b:d7:24:15:bb:
                    18:26:1f:a9:f4:80:6e:90:1c:43:a7:eb:4e:b8:dd:
                    80:d7:ef:47:46:a7:2d:c3:fe:a8:80:40:ab:aa:57:
                    2a:e6:1a:97:69:99:f8:f5:52:b6:43:61:61:b1:b4:
                    39:43:26:8c:c6:fb:33:16:e3:d5:99:a0:65:a8:f6:
                    6c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BD:09:A8:AD:ED:83:AC:5A:51:50:28:2C:B0:FE:F6:79:41:B8:C5
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:49:3f:c4:1c:b0:a9:f3:83:63:f5:b8:d4:62:9b:70:b3:c3:
         86:54:86:f2:52:13:ed:64:51:00:21:bb:2c:99:98:00:13:13:
         6d:b8:de:1d:a8:d3:87:63:36:4f:8b:5b:72:56:0f:44:35:a9:
         3a:bc:58:b1:ec:ac:5d:c7:31:f5:29:f6:68:dd:1d:8f:f7:54:
         a6:8a:8e:c2:f5:42:d6:4b:cb:7b:bc:99:f8:69:f9:5c:40:9a:
         64:3f:43:21:06:ec:92:ce:bf:39:4c:5a:ef:05:09:3a:73:f2:
         a1:5d:46:eb:16:9e:16:26:7f:c5:f0:d8:a9:7a:be:a9:94:d2:
         5b:c0:10:e6:00:e4:d6:9f:d7:50:1e:bf:e0:bf:96:97:3c:ae:
         9a:20:a3:17:2e:fd:3a:e1:df:8a:a7:48:52:a2:6d:c9:93:b0:
         83:b4:f5:24:a1:79:d7:09:8f:a0:14:2a:6c:ee:6c:7e:b3:f0:
         28:a4:fe:03:5a:f4:b7:ba:31:1b:82:34:3a:5a:d9:35:e6:ef:
         ea:32:92:65:d3:bc:25:f2:72:04:b8:55:ca:12:ba:ac:a0:06:
         83:71:81:34:c2:1e:f9:08:49:9c:b9:d5:65:73:8c:3f:75:ae:
         1f:d7:29:9f:cf:75:62:2b:7d:3c:da:01:92:f0:37:ed:ad:3f:
         77:5f:cf:00
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUe+03TSPRHksz4NY83igz3n6dsSMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzExMzAwODM1MTJaFw0yNDExMjgwODQwMTJaMDMxMTAvBgNV
BAMTKDVCQkQwOUE4QURFRDgzQUM1QTUxNTAyODJDQjBGRUY2Nzk0MUI4QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MY8WQ48h3gNGe8L+R48Yv2LL
SkOlp5aBTEzyb47a1YjUMX6TCsO8BcpTbYORvfJs0WUxMKByPqBdj4hlIzmlrJsx
j/65ni8ZYQjAVobRB2FdPn2h0FN5MrbzHYb8ASWisSTGvAwVrqviDp/snesE668f
Y6V7MQUY3K0d9gMzA89SBndEPvnMTZjmCsjVzSX1LjPYSF4RkcYlP6t2kl5Wat2y
3/yfJrrkEHmrqux4HUOAdmVImzHKrwXfzmkr1yQVuxgmH6n0gG6QHEOn60643YDX
70dGpy3D/qiAQKuqVyrmGpdpmfj1UrZDYWGxtDlDJozG+zMW49WZoGWo9mzJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUW70JqK3tg6xaUVAoLLD+9nlBuMUwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwY9MA0G
CSqGSIb3DQEBCwUAA4IBAQB+ST/EHLCp84Nj9bjUYptws8OGVIbyUhPtZFEAIbss
mZgAExNtuN4dqNOHYzZPi1tyVg9ENak6vFix7KxdxzH1KfZo3R2P91Smio7C9ULW
S8t7vJn4aflcQJpkP0MhBuySzr85TFrvBQk6c/KhXUbrFp4WJn/F8Niper6plNJb
wBDmAOTWn9dQHr/gv5aXPK6aIKMXLv064d+Kp0hSom3Jk7CDtPUkoXnXCY+gFCps
7mx+s/AopP4DWvS3ujEbgjQ6Wtk15u/qMpJl07wl8nIEuFXKErqsoAaDcYE0wh75
CEmcudVlc4w/da4f1ymfz3ViK3082gGS8DftrT93X88A
-----END CERTIFICATE-----