Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e203339333833.roa
File:                     33312e362e312e302f32342d3234203d3e203339333833.roa (raw, json)
Hash identifier:          R2RsrR3JtepZV4O7kd+ER7Djh72OzHX9L3wtBHHbO6Y=
Subject key identifier:   51:94:F5:6C:A2:E6:FC:19:C2:D9:77:7D:09:2D:D2:21:14:EB:99:79
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       33635E56965AB9B15B187D80683594216C63B20D
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e203339333833.roa
Signing time:             Thu 14 Dec 2023 06:43:03 +0000
ROA not before:           Thu 14 Dec 2023 06:38:03 +0000
ROA not after:            Thu 12 Dec 2024 06:43:03 +0000
asID:                     39383
IP address blocks:        31.6.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:63:5e:56:96:5a:b9:b1:5b:18:7d:80:68:35:94:21:6c:63:b2:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Dec 14 06:38:03 2023 GMT
            Not After : Dec 12 06:43:03 2024 GMT
        Subject: CN=5194F56CA2E6FC19C2D9777D092DD22114EB9979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9e:6b:c6:b8:9b:1a:55:8f:1e:eb:86:2a:e0:
                    b2:f2:64:89:d9:68:3a:73:be:d4:a5:f1:0e:53:82:
                    b2:15:09:37:36:f2:c9:87:3d:33:63:79:be:cc:2e:
                    25:65:f2:f7:82:3c:34:d6:19:61:f2:bf:61:e6:86:
                    8e:87:d5:29:bb:27:88:1a:8d:80:8e:18:44:aa:e1:
                    33:7a:89:d8:2f:3e:7b:8b:b0:44:c7:65:05:da:f9:
                    44:8b:0a:af:a3:2a:75:34:a9:b6:d0:34:45:7d:e2:
                    a1:9c:5d:ed:06:b9:fd:6f:f2:3c:4d:1e:5f:ec:a1:
                    46:8a:21:73:4f:61:a3:80:57:d0:30:c4:ae:13:32:
                    cb:42:9c:5f:17:b5:69:e4:96:1e:4b:6e:fc:58:c1:
                    95:0b:53:e1:4d:6c:df:20:96:0d:8f:a8:20:0a:df:
                    f3:38:6b:ef:37:09:32:8e:23:86:c3:46:f9:dd:b7:
                    7d:38:69:4e:db:8c:b7:b9:00:98:da:35:1a:2f:49:
                    39:c0:a2:4c:55:40:3f:3d:92:06:79:0b:85:d1:ff:
                    f4:0f:a7:7b:f5:ab:2f:63:df:6d:79:82:c5:33:a5:
                    0b:1e:e0:e6:c8:88:ab:33:97:11:d1:af:28:cf:ec:
                    7e:34:4d:df:80:99:53:14:46:c6:2c:49:4b:5b:86:
                    1d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:94:F5:6C:A2:E6:FC:19:C2:D9:77:7D:09:2D:D2:21:14:EB:99:79
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e203339333833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:8c:6e:fb:ce:a5:ee:24:00:bb:bc:f0:4d:8e:f0:7b:c7:3f:
         a6:37:f7:04:06:ee:e7:ee:b3:e4:f4:3d:e5:91:22:5b:af:d7:
         25:ad:f5:73:50:e4:62:65:df:54:45:44:b8:1f:56:ae:ab:5c:
         3c:e0:a0:46:4b:2a:25:9c:91:53:7a:37:70:02:f0:d7:d3:0c:
         14:77:87:94:81:e4:4b:1b:43:87:6c:dc:0c:fb:ef:9d:a0:12:
         3e:7d:25:3f:41:2f:45:79:0e:fe:7d:4d:df:cc:14:9a:2e:20:
         d3:c8:f8:ac:75:dc:6a:7a:e2:bd:fd:0b:d2:2f:b0:c4:f9:96:
         b0:a5:bd:e6:0d:4e:73:ea:d1:8d:f4:c6:a3:9f:fa:3b:95:90:
         ff:62:2b:8a:10:71:c7:fb:cd:59:d0:0c:98:a0:43:7f:ac:ea:
         8b:92:ca:05:ae:d2:18:e5:56:5b:07:74:b8:19:26:0c:fa:3d:
         10:37:91:3c:0f:af:42:2e:be:22:1a:7d:d1:e8:0e:29:43:03:
         ad:c4:4d:00:ae:38:80:21:80:79:59:0d:e0:f4:b6:d1:f9:5f:
         75:ef:12:19:d7:94:e5:d7:e5:39:fc:a6:96:85:bd:05:14:7b:
         06:fd:5d:c8:e0:af:8b:af:53:0b:bb:45:04:45:2e:9f:c9:65:
         ef:b3:48:9b
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUM2NeVpZaubFbGH2AaDWUIWxjsg0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEyMTQwNjM4MDNaFw0yNDEyMTIwNjQzMDNaMDMxMTAvBgNV
BAMTKDUxOTRGNTZDQTJFNkZDMTlDMkQ5Nzc3RDA5MkREMjIxMTRFQjk5NzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYnmvGuJsaVY8e64Yq4LLyZInZ
aDpzvtSl8Q5TgrIVCTc28smHPTNjeb7MLiVl8veCPDTWGWHyv2Hmho6H1Sm7J4ga
jYCOGESq4TN6idgvPnuLsETHZQXa+USLCq+jKnU0qbbQNEV94qGcXe0Guf1v8jxN
Hl/soUaKIXNPYaOAV9AwxK4TMstCnF8XtWnklh5LbvxYwZULU+FNbN8glg2PqCAK
3/M4a+83CTKOI4bDRvndt304aU7bjLe5AJjaNRovSTnAokxVQD89kgZ5C4XR//QP
p3v1qy9j3215gsUzpQse4ObIiKszlxHRryjP7H40Td+AmVMURsYsSUtbhh33AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUUZT1bKLm/BnC2Xd9CS3SIRTrmXkwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzMzOTMzMzgzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GATANBgkq
hkiG9w0BAQsFAAOCAQEAGoxu+86l7iQAu7zwTY7we8c/pjf3BAbu5+6z5PQ95ZEi
W6/XJa31c1DkYmXfVEVEuB9WrqtcPOCgRksqJZyRU3o3cALw19MMFHeHlIHkSxtD
h2zcDPvvnaASPn0lP0EvRXkO/n1N38wUmi4g08j4rHXcanrivf0L0i+wxPmWsKW9
5g1Oc+rRjfTGo5/6O5WQ/2IrihBxx/vNWdAMmKBDf6zqi5LKBa7SGOVWWwd0uBkm
DPo9EDeRPA+vQi6+Ihp90egOKUMDrcRNAK44gCGAeVkN4PS20flfde8SGdeU5dfl
OfymloW9BRR7Bv1dyOCvi69TC7tFBEUun8ll77NImw==
-----END CERTIFICATE-----