Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e20313938313730.roa
File:                     33312e362e322e302f32342d3234203d3e20313938313730.roa (raw, json)
Hash identifier:          jnPMvA48z3MAk9mIU0zbELAqL2kgJZSlEtHaWHZsz+I=
Subject key identifier:   76:2F:63:76:88:D5:C6:ED:75:F2:42:DA:25:67:F8:51:41:36:1D:76
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       32398AB49C95C6DFF4DBE27486048063C99E8DAA
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e20313938313730.roa
Signing time:             Sun 17 Dec 2023 15:58:49 +0000
ROA not before:           Sun 17 Dec 2023 15:53:49 +0000
ROA not after:            Sun 15 Dec 2024 15:58:49 +0000
asID:                     198170
IP address blocks:        31.6.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:39:8a:b4:9c:95:c6:df:f4:db:e2:74:86:04:80:63:c9:9e:8d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Dec 17 15:53:49 2023 GMT
            Not After : Dec 15 15:58:49 2024 GMT
        Subject: CN=762F637688D5C6ED75F242DA2567F85141361D76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2c:2f:fd:00:9d:41:17:eb:26:d0:7f:85:74:
                    cf:c9:a4:00:e1:cb:1b:44:94:a9:6d:a4:9c:0f:1f:
                    26:6a:f0:41:9d:db:f4:32:96:b2:74:2d:20:e3:60:
                    cc:31:f1:ed:c5:5a:06:13:58:3e:ce:cc:71:9f:78:
                    db:1a:a9:47:3b:69:8b:04:c6:bc:51:13:90:fe:d6:
                    43:36:39:bb:20:81:78:c5:66:f8:29:fe:b6:20:32:
                    93:0e:34:15:37:46:2d:1f:ae:ba:fb:da:38:34:a4:
                    6c:9b:3f:85:57:69:de:36:54:b4:bb:98:53:b2:b4:
                    19:29:35:bb:e2:8b:71:c8:42:07:03:6a:ce:4b:a3:
                    5f:52:49:a7:5b:65:fd:c2:25:b8:31:03:03:87:0e:
                    9f:06:b6:ab:8a:0c:57:82:6e:9c:5e:f6:3c:04:70:
                    4b:3e:d6:1f:78:24:23:66:70:3e:b2:24:bf:f0:d8:
                    2f:a9:27:fd:2b:3c:c4:15:d6:38:69:20:15:17:18:
                    2f:e8:38:7a:f2:f4:21:0b:e2:3b:7f:1d:89:c4:75:
                    0d:47:d9:e5:c5:a7:37:2d:79:b6:dc:75:1d:f6:80:
                    49:c9:c0:ab:b3:3e:68:de:51:86:54:ca:24:56:67:
                    9c:21:02:f9:03:f2:b1:fc:64:49:eb:a2:11:55:f3:
                    92:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:2F:63:76:88:D5:C6:ED:75:F2:42:DA:25:67:F8:51:41:36:1D:76
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e20313938313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:55:f3:76:b7:48:37:29:19:a2:78:5c:d6:92:2a:2b:5b:79:
         e6:01:c7:f7:ad:af:83:30:09:f0:ed:3d:bd:ab:26:2e:fb:73:
         e3:7a:37:af:59:86:07:2f:7c:17:4d:6f:3f:27:6a:ca:72:8b:
         a0:e7:b7:33:8b:b5:8f:6c:d7:be:c0:30:40:66:a4:66:aa:21:
         ae:84:85:7e:f5:3c:5d:e3:41:c5:9d:5c:0e:70:61:6f:68:bb:
         fa:d5:43:e1:64:01:3c:e9:9d:89:bd:3b:0b:cf:63:ac:05:d3:
         20:76:d4:ad:c1:6f:a0:54:fb:6e:11:0e:92:e4:28:3c:d7:3f:
         a0:95:09:1e:94:a9:fb:c4:e8:9b:50:4b:a3:7c:65:0a:8e:9e:
         59:1c:37:44:ed:90:8a:9f:cd:f3:2d:2a:90:dd:db:b1:07:89:
         dc:cd:58:52:eb:ac:58:a3:94:52:6c:52:5f:39:12:3c:8a:66:
         57:34:67:88:81:67:53:e8:b4:88:07:0a:84:d4:de:3e:e1:ea:
         68:d3:e3:2e:39:10:08:58:f2:a7:54:30:f5:75:26:95:2e:0c:
         f2:6e:46:46:6e:9b:ae:f1:5c:8d:2a:8d:b0:96:4b:af:d9:4c:
         82:c7:35:2c:1f:ce:90:9f:d8:84:dd:e6:84:e0:a7:91:3b:0f:
         e7:85:f5:d4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMjmKtJyVxt/02+J0hgSAY8mejaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEyMTcxNTUzNDlaFw0yNDEyMTUxNTU4NDlaMDMxMTAvBgNV
BAMTKDc2MkY2Mzc2ODhENUM2RUQ3NUYyNDJEQTI1NjdGODUxNDEzNjFENzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFLC/9AJ1BF+sm0H+FdM/JpADh
yxtElKltpJwPHyZq8EGd2/QylrJ0LSDjYMwx8e3FWgYTWD7OzHGfeNsaqUc7aYsE
xrxRE5D+1kM2ObsggXjFZvgp/rYgMpMONBU3Ri0frrr72jg0pGybP4VXad42VLS7
mFOytBkpNbvii3HIQgcDas5Lo19SSadbZf3CJbgxAwOHDp8GtquKDFeCbpxe9jwE
cEs+1h94JCNmcD6yJL/w2C+pJ/0rPMQV1jhpIBUXGC/oOHry9CEL4jt/HYnEdQ1H
2eXFpzctebbcdR32gEnJwKuzPmjeUYZUyiRWZ5whAvkD8rH8ZEnrohFV85L5AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUdi9jdojVxu118kLaJWf4UUE2HXYwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzEzOTM4MzEzNzMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYCMA0G
CSqGSIb3DQEBCwUAA4IBAQB8VfN2t0g3KRmieFzWkiorW3nmAcf3ra+DMAnw7T29
qyYu+3PjejevWYYHL3wXTW8/J2rKcoug57czi7WPbNe+wDBAZqRmqiGuhIV+9Txd
40HFnVwOcGFvaLv61UPhZAE86Z2JvTsLz2OsBdMgdtStwW+gVPtuEQ6S5Cg81z+g
lQkelKn7xOibUEujfGUKjp5ZHDdE7ZCKn83zLSqQ3duxB4nczVhS66xYo5RSbFJf
ORI8imZXNGeIgWdT6LSIBwqE1N4+4epo0+MuORAIWPKnVDD1dSaVLgzybkZGbpuu
8VyNKo2wlkuv2UyCxzUsH86Qn9iE3eaE4KeROw/nhfXU
-----END CERTIFICATE-----