Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32342e302f32342d3234203d3e203534323532.roa
File:                     33312e362e32342e302f32342d3234203d3e203534323532.roa (raw, json)
Hash identifier:          fHEHAYD/uJtebcwoj+fpyOE+jWZdlfH4G69SruyvxpA=
Subject key identifier:   98:A9:B4:D0:04:2A:19:78:28:7C:5E:88:2E:04:F0:FC:E5:E9:5E:BE
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       252FD9FB3ED506C58BB725328E62B520A2591E78
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32342e302f32342d3234203d3e203534323532.roa
Signing time:             Tue 28 Nov 2023 18:34:40 +0000
ROA not before:           Tue 28 Nov 2023 18:29:40 +0000
ROA not after:            Tue 26 Nov 2024 18:34:40 +0000
asID:                     54252
IP address blocks:        31.6.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:2f:d9:fb:3e:d5:06:c5:8b:b7:25:32:8e:62:b5:20:a2:59:1e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 28 18:29:40 2023 GMT
            Not After : Nov 26 18:34:40 2024 GMT
        Subject: CN=98A9B4D0042A1978287C5E882E04F0FCE5E95EBE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4a:42:9c:02:f9:c4:65:63:59:91:8e:fb:f7:
                    34:69:eb:2e:94:ca:8b:97:9c:a1:17:91:0b:a2:72:
                    22:e4:96:06:ae:3b:9c:f1:d7:f0:0f:08:e7:5c:51:
                    fe:3f:1d:be:fb:dd:03:cb:22:ad:7f:df:6b:a9:85:
                    23:fc:09:48:96:54:3d:4e:b2:a8:0a:d2:51:5f:15:
                    59:14:a6:48:ff:60:66:6b:97:6c:22:12:03:da:5a:
                    bd:27:da:dc:1f:88:97:c8:d9:51:4e:b6:5a:3d:f3:
                    f3:9f:87:0c:37:95:04:88:a3:00:a6:ec:f1:fe:41:
                    a6:14:ef:e9:e4:c3:6f:29:b8:ed:6a:26:62:ac:a8:
                    9c:5a:1b:1b:1c:8e:be:e1:67:20:1c:7a:77:13:8c:
                    99:e0:99:cc:31:21:80:60:6a:8e:76:09:3a:be:9e:
                    8d:b0:cd:0a:94:df:7d:86:ca:6d:48:e5:2f:67:32:
                    72:17:6a:8e:5f:82:7c:97:c9:e8:49:41:cf:9b:ef:
                    33:b2:8e:20:ce:86:3e:73:23:f3:cd:7c:02:3e:89:
                    33:0d:a9:b6:4b:80:04:0a:6d:57:8d:30:44:ce:78:
                    4f:7a:e4:f2:1e:37:45:5f:f6:01:7f:71:85:8d:f6:
                    c3:11:ea:8b:09:0c:c0:23:5c:fb:95:cd:e9:81:30:
                    a4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A9:B4:D0:04:2A:19:78:28:7C:5E:88:2E:04:F0:FC:E5:E9:5E:BE
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32342e302f32342d3234203d3e203534323532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:88:e3:fc:30:e9:36:9a:d3:84:27:ed:0f:ab:a0:2f:01:21:
         77:af:55:96:1c:e7:aa:4b:41:85:af:00:e5:b8:d2:dc:a4:4c:
         eb:ca:66:3a:cf:f1:43:39:52:36:72:2a:a1:36:85:ff:7e:40:
         20:0d:25:65:b2:f3:3d:8d:4e:ed:39:6f:bf:3b:cd:00:0c:48:
         ac:a2:74:d7:fe:32:ab:0e:88:7f:d3:1f:85:cd:9a:32:39:be:
         41:52:8d:b6:4f:73:55:0b:31:28:f0:2b:91:47:1b:52:1d:3f:
         d7:02:64:28:b2:01:db:21:9c:ea:11:7f:7a:69:19:ca:5d:44:
         2b:56:31:d8:e9:76:cf:6f:f7:d5:b1:95:2e:be:6a:32:b9:92:
         40:f8:fd:a8:26:4e:e8:39:5e:ae:38:42:69:25:4c:56:02:f1:
         d4:2a:12:c6:0c:06:6e:e3:74:ae:6d:eb:53:09:0e:47:94:55:
         33:4c:83:12:ab:cd:76:c5:05:81:39:6d:46:f4:b0:8b:2b:cd:
         e9:5e:d5:76:22:56:8f:b1:15:f7:1a:25:33:54:ee:e2:d9:14:
         2d:2c:4d:86:ad:35:7d:56:7d:90:f0:62:e3:5b:9a:b1:17:dd:
         ad:46:02:85:4b:80:44:a4:52:54:89:24:29:fb:5b:98:d8:0d:
         f5:6f:37:b8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUJS/Z+z7VBsWLtyUyjmK1IKJZHngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzExMjgxODI5NDBaFw0yNDExMjYxODM0NDBaMDMxMTAvBgNV
BAMTKDk4QTlCNEQwMDQyQTE5NzgyODdDNUU4ODJFMDRGMEZDRTVFOTVFQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwSkKcAvnEZWNZkY779zRp6y6U
youXnKEXkQuiciLklgauO5zx1/APCOdcUf4/Hb773QPLIq1/32uphSP8CUiWVD1O
sqgK0lFfFVkUpkj/YGZrl2wiEgPaWr0n2twfiJfI2VFOtlo98/Ofhww3lQSIowCm
7PH+QaYU7+nkw28puO1qJmKsqJxaGxscjr7hZyAcencTjJngmcwxIYBgao52CTq+
no2wzQqU332Gym1I5S9nMnIXao5fgnyXyehJQc+b7zOyjiDOhj5zI/PNfAI+iTMN
qbZLgAQKbVeNMETOeE965PIeN0Vf9gF/cYWN9sMR6osJDMAjXPuVzemBMKQVAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUmKm00AQqGXgofF6ILgTw/OXpXr4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM0MzIzNTMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYYMA0G
CSqGSIb3DQEBCwUAA4IBAQAmiOP8MOk2mtOEJ+0Pq6AvASF3r1WWHOeqS0GFrwDl
uNLcpEzrymY6z/FDOVI2ciqhNoX/fkAgDSVlsvM9jU7tOW+/O80ADEisonTX/jKr
Doh/0x+FzZoyOb5BUo22T3NVCzEo8CuRRxtSHT/XAmQosgHbIZzqEX96aRnKXUQr
VjHY6XbPb/fVsZUuvmoyuZJA+P2oJk7oOV6uOEJpJUxWAvHUKhLGDAZu43SubetT
CQ5HlFUzTIMSq812xQWBOW1G9LCLK83pXtV2IlaPsRX3GiUzVO7i2RQtLE2GrTV9
Vn2Q8GLjW5qxF92tRgKFS4BEpFJUiSQp+1uY2A31bze4
-----END CERTIFICATE-----