Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32362e302f32342d3234203d3e20333937363330.roa
File:                     33312e362e32362e302f32342d3234203d3e20333937363330.roa (raw, json)
Hash identifier:          grWidxwq0bB5fkUzB2OUpY9X8+3JaCYg813SiuXZwNM=
Subject key identifier:   E1:69:D0:22:73:C4:5D:2F:02:10:55:24:5C:A3:1C:EF:7E:6C:3A:9C
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       771989449DC7880EC87F317781EC932B341BC9D6
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32362e302f32342d3234203d3e20333937363330.roa
Signing time:             Tue 14 Nov 2023 15:02:30 +0000
ROA not before:           Tue 14 Nov 2023 14:57:30 +0000
ROA not after:            Tue 12 Nov 2024 15:02:30 +0000
asID:                     397630
IP address blocks:        31.6.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:19:89:44:9d:c7:88:0e:c8:7f:31:77:81:ec:93:2b:34:1b:c9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 14 14:57:30 2023 GMT
            Not After : Nov 12 15:02:30 2024 GMT
        Subject: CN=E169D02273C45D2F021055245CA31CEF7E6C3A9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6a:0d:b4:30:a9:d4:af:eb:f7:69:8a:86:ed:
                    98:16:b1:dd:f4:1a:2b:f4:5f:e1:4e:1d:c6:e1:71:
                    8a:98:ff:5c:41:e0:94:18:6a:ef:a7:31:f1:29:59:
                    4c:de:2f:a4:6a:82:5e:d6:9a:f2:65:99:10:6d:1a:
                    21:8e:c4:d8:34:8f:1e:3b:81:3b:8c:e7:d2:2e:57:
                    49:72:9e:34:e6:63:0c:b0:4a:3e:e4:c0:57:87:74:
                    4e:8f:a0:85:58:af:20:27:7a:c5:10:66:b0:08:91:
                    5f:dc:a7:00:33:85:24:c0:b0:a0:3b:16:f8:59:83:
                    91:2d:3c:df:d3:56:aa:86:bf:e9:b4:70:8d:b9:48:
                    6f:74:52:e5:19:47:7d:06:35:93:85:0e:66:d6:50:
                    83:c3:38:21:38:db:12:df:ed:e0:77:54:eb:2c:09:
                    5e:7a:59:bf:e4:bb:46:66:7a:e0:f3:76:19:52:db:
                    11:e9:d1:13:b0:bf:52:af:d2:c6:1a:b0:ee:b9:61:
                    db:aa:7b:97:2e:5b:8f:d5:25:2c:48:24:64:91:6d:
                    eb:2b:f1:8a:03:b8:21:95:60:d6:59:a3:8f:75:0f:
                    05:1e:44:54:20:fa:d2:9c:70:76:79:15:cd:1b:7f:
                    50:f9:12:bb:7a:6c:dd:09:d1:5f:85:dc:0e:bb:e6:
                    65:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:69:D0:22:73:C4:5D:2F:02:10:55:24:5C:A3:1C:EF:7E:6C:3A:9C
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32362e302f32342d3234203d3e20333937363330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:87:aa:f7:05:3c:5b:33:44:2f:f2:61:8c:c6:10:21:a7:5c:
         1e:bb:a6:f9:d8:26:aa:09:6d:ab:bc:89:03:7f:07:d1:68:5b:
         c6:55:b0:0b:a1:e7:0c:af:4a:88:87:0b:4e:38:0f:9c:7b:8c:
         e5:c0:5b:bb:06:12:5c:5c:6e:b7:ed:0c:be:0b:13:4e:e8:65:
         8b:fb:20:c7:53:36:18:9b:90:6a:f5:2d:24:f6:2f:c8:d1:c9:
         99:09:3a:a2:5c:68:ce:e8:19:bb:de:3e:11:16:fd:74:33:e3:
         c5:67:df:43:a3:f6:bc:0f:6a:89:aa:68:36:6f:f3:24:c0:47:
         45:a2:94:d0:39:9e:66:aa:6d:0a:60:db:d0:59:3f:5b:dc:9e:
         c5:e9:22:17:32:28:75:85:6a:fa:83:e6:37:ae:91:5b:63:50:
         fc:b0:28:02:67:d8:91:a7:0e:64:e7:de:e1:38:e0:4c:3a:b9:
         ba:2e:8d:af:da:df:c7:c0:30:fc:67:23:87:84:44:ca:13:0b:
         7a:51:2f:17:0c:79:8a:2a:2b:64:ed:91:7f:19:f1:d5:7e:e4:
         5b:09:6a:21:0e:85:33:06:35:4a:3a:9c:9b:52:6d:2e:74:ba:
         71:90:9f:ac:50:b0:41:fa:38:06:af:41:d0:ee:b3:9a:f2:19:
         10:8e:22:42
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdxmJRJ3HiA7IfzF3geyTKzQbydYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzExMTQxNDU3MzBaFw0yNDExMTIxNTAyMzBaMDMxMTAvBgNV
BAMTKEUxNjlEMDIyNzNDNDVEMkYwMjEwNTUyNDVDQTMxQ0VGN0U2QzNBOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9ag20MKnUr+v3aYqG7ZgWsd30
Giv0X+FOHcbhcYqY/1xB4JQYau+nMfEpWUzeL6Rqgl7WmvJlmRBtGiGOxNg0jx47
gTuM59IuV0lynjTmYwywSj7kwFeHdE6PoIVYryAnesUQZrAIkV/cpwAzhSTAsKA7
FvhZg5EtPN/TVqqGv+m0cI25SG90UuUZR30GNZOFDmbWUIPDOCE42xLf7eB3VOss
CV56Wb/ku0ZmeuDzdhlS2xHp0ROwv1Kv0sYasO65Yduqe5cuW4/VJSxIJGSRbesr
8YoDuCGVYNZZo491DwUeRFQg+tKccHZ5Fc0bf1D5Ert6bN0J0V+F3A675mVBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4WnQInPEXS8CEFUkXKMc735sOpwwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzczNjMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBhow
DQYJKoZIhvcNAQELBQADggEBADCHqvcFPFszRC/yYYzGECGnXB67pvnYJqoJbau8
iQN/B9FoW8ZVsAuh5wyvSoiHC044D5x7jOXAW7sGElxcbrftDL4LE07oZYv7IMdT
NhibkGr1LST2L8jRyZkJOqJcaM7oGbvePhEW/XQz48Vn30Oj9rwPaomqaDZv8yTA
R0WilNA5nmaqbQpg29BZP1vcnsXpIhcyKHWFavqD5jeukVtjUPywKAJn2JGnDmTn
3uE44Ew6ubouja/a38fAMPxnI4eERMoTC3pRLxcMeYoqK2TtkX8Z8dV+5FsJaiEO
hTMGNUo6nJtSbS50unGQn6xQsEH6OAavQdDus5ryGRCOIkI=
-----END CERTIFICATE-----