Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31312e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31312e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          3v2ObqZr6U5wSYi66v4KpyJErPfIeOsPXPx0g/s08uI=
Subject key identifier:   4D:6F:0E:E2:43:0B:20:9A:36:AC:18:A7:9C:9F:BB:E3:51:F7:5A:53
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       6FA854C3787A63D3CF6F9FE9E4BFEBFB16DF44BC
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31312e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:49 +0000
ROA not before:           Mon 02 Oct 2023 05:17:49 +0000
ROA not after:            Mon 30 Sep 2024 05:22:49 +0000
asID:                     22363
IP address blocks:        31.6.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:a8:54:c3:78:7a:63:d3:cf:6f:9f:e9:e4:bf:eb:fb:16:df:44:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:49 2023 GMT
            Not After : Sep 30 05:22:49 2024 GMT
        Subject: CN=4D6F0EE2430B209A36AC18A79C9FBBE351F75A53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:02:09:43:e5:99:84:6a:3d:47:8e:9b:bb:83:
                    e0:e5:07:73:24:71:bc:0e:59:fe:9b:e9:77:9c:57:
                    2c:d3:88:e5:c9:6f:e0:ea:6d:32:48:77:0e:b3:3d:
                    7b:ac:07:ca:35:57:2e:80:7a:84:7e:f0:c0:1a:b0:
                    33:c9:c9:b1:ab:f0:96:1e:b5:1e:ea:3b:46:a1:d5:
                    9b:35:3f:ca:ab:22:18:b6:5a:33:9a:8b:ab:8a:ff:
                    f3:88:7a:47:31:f6:98:be:46:42:3e:23:14:03:31:
                    b0:77:d0:b0:2c:86:b8:07:42:a9:9b:4a:e6:20:7c:
                    fe:8a:19:8a:f3:04:10:6b:70:83:67:2b:38:4e:36:
                    bc:ce:f4:ff:c7:02:df:5c:c2:b3:44:43:ff:71:bc:
                    33:6f:81:cf:22:d9:56:d0:db:56:39:e3:9d:68:84:
                    7e:6f:8c:45:f1:90:6b:de:54:a5:63:f3:b0:5e:24:
                    a3:18:aa:1a:a4:a4:1d:82:c6:fd:b7:14:a3:f4:f0:
                    be:40:b0:65:35:7d:5a:d0:8b:09:db:78:24:b4:ef:
                    c3:be:05:b6:58:90:b0:f7:c9:f8:ee:9e:98:d1:44:
                    4c:88:53:d6:c6:93:13:b8:1d:25:a9:d0:79:e6:16:
                    8b:79:b6:0a:13:ac:06:60:0d:cd:f1:ab:1c:69:5e:
                    1a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:6F:0E:E2:43:0B:20:9A:36:AC:18:A7:9C:9F:BB:E3:51:F7:5A:53
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31312e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:03:7e:fe:98:4d:52:d9:6a:38:88:8e:20:f5:b9:fc:b5:0f:
         1b:f0:77:71:68:a5:78:a4:22:91:80:00:c4:d4:a2:01:43:13:
         e4:71:31:ac:c5:02:0a:b9:a9:a2:e9:62:d8:40:6b:d6:93:f1:
         09:ab:f9:b3:cd:f6:a3:81:fc:cd:c7:c2:f4:74:28:18:7a:7e:
         f8:4f:5f:7f:68:35:c2:ea:ad:97:f7:b3:95:9e:3d:74:c6:02:
         bb:a5:ec:f2:5b:b2:8d:74:00:5d:fd:0a:2a:10:88:71:30:5c:
         3a:c4:f1:22:dc:be:7c:bc:33:62:4c:fa:b0:03:87:02:21:15:
         b7:23:b1:1b:43:50:88:34:77:11:4f:7b:09:a3:34:8e:48:a3:
         c5:09:80:ca:f2:7c:30:a0:2b:d7:10:af:f9:26:6f:6b:ce:91:
         18:b0:42:72:b2:b2:42:ef:b6:34:2c:be:3f:bd:c9:12:64:98:
         d5:23:25:5c:d3:ff:64:e2:fa:cb:6a:92:8b:be:bc:25:bc:ea:
         75:7b:78:af:f0:63:df:21:08:4e:ce:8e:e9:9f:c7:c5:6a:59:
         d0:15:3c:5c:79:1e:de:6a:49:ef:f7:33:ec:51:3b:23:52:ae:
         ca:a8:ce:59:0d:00:06:55:87:59:98:ac:0a:e5:90:69:66:c1:
         3c:34:f8:c7
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUb6hUw3h6Y9PPb5/p5L/r+xbfRLwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3NDlaFw0yNDA5MzAwNTIyNDlaMDMxMTAvBgNV
BAMTKDRENkYwRUUyNDMwQjIwOUEzNkFDMThBNzlDOUZCQkUzNTFGNzVBNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwAglD5ZmEaj1Hjpu7g+DlB3Mk
cbwOWf6b6XecVyzTiOXJb+DqbTJIdw6zPXusB8o1Vy6AeoR+8MAasDPJybGr8JYe
tR7qO0ah1Zs1P8qrIhi2WjOai6uK//OIekcx9pi+RkI+IxQDMbB30LAshrgHQqmb
SuYgfP6KGYrzBBBrcINnKzhONrzO9P/HAt9cwrNEQ/9xvDNvgc8i2VbQ21Y5451o
hH5vjEXxkGveVKVj87BeJKMYqhqkpB2Cxv23FKP08L5AsGU1fVrQiwnbeCS078O+
BbZYkLD3yfjunpjRREyIU9bGkxO4HSWp0HnmFot5tgoTrAZgDc3xqxxpXhpbAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUTW8O4kMLIJo2rBinnJ+741H3WlMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYLMA0G
CSqGSIb3DQEBCwUAA4IBAQCeA37+mE1S2Wo4iI4g9bn8tQ8b8HdxaKV4pCKRgADE
1KIBQxPkcTGsxQIKuami6WLYQGvWk/EJq/mzzfajgfzNx8L0dCgYen74T19/aDXC
6q2X97OVnj10xgK7pezyW7KNdABd/QoqEIhxMFw6xPEi3L58vDNiTPqwA4cCIRW3
I7EbQ1CINHcRT3sJozSOSKPFCYDK8nwwoCvXEK/5Jm9rzpEYsEJysrJC77Y0LL4/
vckSZJjVIyVc0/9k4vrLapKLvrwlvOp1e3iv8GPfIQhOzo7pn8fFalnQFTxceR7e
aknv9zPsUTsjUq7KqM5ZDQAGVYdZmKwK5ZBpZsE8NPjH
-----END CERTIFICATE-----