Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31392e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31392e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          wOFTwrtEcrFLD6ZxAjrBegk8j5w0alTvbOeYg5DzCA8=
Subject key identifier:   1F:0A:72:A1:C9:84:5A:48:38:1D:5F:F6:1A:A9:76:4E:5D:60:C8:BA
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       53CEBC9CCECF0D54FA62CBB8B5A3C92C665F1B75
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31392e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:35 +0000
ROA not before:           Mon 02 Oct 2023 05:17:35 +0000
ROA not after:            Mon 30 Sep 2024 05:22:35 +0000
asID:                     22363
IP address blocks:        31.6.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ce:bc:9c:ce:cf:0d:54:fa:62:cb:b8:b5:a3:c9:2c:66:5f:1b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:35 2023 GMT
            Not After : Sep 30 05:22:35 2024 GMT
        Subject: CN=1F0A72A1C9845A48381D5FF61AA9764E5D60C8BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:cb:5a:3c:b6:c9:df:34:53:29:79:78:4a:13:
                    89:71:6e:27:7b:87:69:62:76:62:17:71:70:32:7f:
                    02:8e:ca:24:a7:20:0e:56:f1:e0:48:5c:1d:28:42:
                    58:6b:25:d7:81:7f:2a:c9:6b:80:b1:e2:ab:66:4f:
                    4d:e3:2b:bb:8a:9d:47:08:27:70:66:46:6c:58:58:
                    c1:56:f1:c8:b7:a8:02:21:6a:18:06:ae:7e:95:3c:
                    20:d2:9a:f3:c9:95:33:bc:5c:36:02:1b:e3:cd:3e:
                    cd:4e:c8:94:39:1d:a9:f2:0a:20:14:da:af:3d:7c:
                    0e:70:91:45:94:80:8e:6c:af:95:05:12:8d:1c:88:
                    cc:34:5a:0a:5c:13:eb:36:3b:df:75:ee:05:9c:8c:
                    27:27:c4:ad:98:5b:2c:cb:65:6d:c8:50:89:c9:cb:
                    a0:42:6a:fb:ac:a0:44:ad:47:39:f1:aa:9a:75:35:
                    bf:5e:bb:0d:0e:ce:eb:44:d1:a5:d5:63:23:a4:b2:
                    bf:a6:37:89:aa:6c:c5:45:51:f5:d6:b6:96:53:e7:
                    e9:7b:03:47:ae:8c:71:24:7a:a4:2c:75:98:21:ed:
                    cb:d8:0f:b6:b5:89:c8:73:a8:f1:64:17:ae:bc:03:
                    17:be:95:1b:e8:d2:a1:ea:32:0a:7b:30:ae:81:b2:
                    e8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:0A:72:A1:C9:84:5A:48:38:1D:5F:F6:1A:A9:76:4E:5D:60:C8:BA
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31392e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:de:fd:0c:20:d4:5f:ee:1a:66:67:e7:81:c8:ae:41:ce:b0:
         ee:a1:a3:1d:de:fe:59:94:3f:8d:89:a9:4d:c5:89:04:3f:7d:
         28:6e:18:91:77:e4:db:f4:00:9b:30:30:18:4c:eb:a7:1c:39:
         cd:2c:a1:95:6a:e3:01:86:d1:1b:6f:fe:a3:c7:9f:c6:9e:e3:
         11:47:00:d5:cb:6d:f6:ac:f7:52:2f:4e:a0:d7:3a:28:69:9a:
         4b:a5:07:28:9d:39:c8:73:27:a0:2c:89:17:36:1d:e5:71:f6:
         67:2c:7a:23:9e:e8:15:e1:df:c9:3b:8c:2b:29:26:1b:67:56:
         c7:8f:88:56:27:8d:ef:69:6c:94:e9:82:5f:2e:f0:90:f3:37:
         4d:05:5c:d9:38:13:ea:31:d4:fd:72:1e:a6:0c:d8:42:5e:14:
         2c:a1:9f:3a:5a:97:d5:55:00:8f:a4:fc:75:57:8a:99:2e:9b:
         90:79:ed:1a:3f:45:85:d8:7d:48:49:9e:b7:61:dc:4c:45:eb:
         09:ab:5b:5b:cd:af:ad:de:c9:55:11:c8:f3:42:3f:f7:be:d5:
         ee:48:99:87:cf:f6:9e:62:f9:4a:26:18:b1:c7:80:00:91:cf:
         4f:fa:9f:06:85:c4:3c:64:00:49:37:fc:b3:51:42:d5:45:bd:
         0f:58:3e:0c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUU868nM7PDVT6Ysu4taPJLGZfG3UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3MzVaFw0yNDA5MzAwNTIyMzVaMDMxMTAvBgNV
BAMTKDFGMEE3MkExQzk4NDVBNDgzODFENUZGNjFBQTk3NjRFNUQ2MEM4QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqy1o8tsnfNFMpeXhKE4lxbid7
h2lidmIXcXAyfwKOyiSnIA5W8eBIXB0oQlhrJdeBfyrJa4Cx4qtmT03jK7uKnUcI
J3BmRmxYWMFW8ci3qAIhahgGrn6VPCDSmvPJlTO8XDYCG+PNPs1OyJQ5HanyCiAU
2q89fA5wkUWUgI5sr5UFEo0ciMw0WgpcE+s2O9917gWcjCcnxK2YWyzLZW3IUInJ
y6BCavusoEStRznxqpp1Nb9euw0OzutE0aXVYyOksr+mN4mqbMVFUfXWtpZT5+l7
A0eujHEkeqQsdZgh7cvYD7a1ichzqPFkF668Axe+lRvo0qHqMgp7MK6Bsui/AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUHwpyocmEWkg4HV/2Gql2Tl1gyLowHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYTMA0G
CSqGSIb3DQEBCwUAA4IBAQAh3v0MINRf7hpmZ+eByK5BzrDuoaMd3v5ZlD+NialN
xYkEP30obhiRd+Tb9ACbMDAYTOunHDnNLKGVauMBhtEbb/6jx5/GnuMRRwDVy232
rPdSL06g1zooaZpLpQconTnIcyegLIkXNh3lcfZnLHojnugV4d/JO4wrKSYbZ1bH
j4hWJ43vaWyU6YJfLvCQ8zdNBVzZOBPqMdT9ch6mDNhCXhQsoZ86WpfVVQCPpPx1
V4qZLpuQee0aP0WF2H1ISZ63YdxMResJq1tbza+t3slVEcjzQj/3vtXuSJmHz/ae
YvlKJhixx4AAkc9P+p8GhcQ8ZABJN/yzUULVRb0PWD4M
-----END CERTIFICATE-----