Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203430383631.roa
File:                     33312e362e34322e302f32342d3234203d3e203430383631.roa (raw, json)
Hash identifier:          tHxpaRi1psqZEBaIeSJP+H4/QFHqW5wVzouLVcmJQpM=
Subject key identifier:   17:65:E5:A2:1F:34:60:A0:E7:2F:75:54:99:2D:DF:8D:6D:F1:E2:F1
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       135D42FC12362BCA4FDF079060B4E1C958ECB539
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203430383631.roa
Signing time:             Fri 27 Oct 2023 15:37:30 +0000
ROA not before:           Fri 27 Oct 2023 15:32:30 +0000
ROA not after:            Fri 25 Oct 2024 15:37:30 +0000
asID:                     40861
IP address blocks:        31.6.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 14:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:5d:42:fc:12:36:2b:ca:4f:df:07:90:60:b4:e1:c9:58:ec:b5:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct 27 15:32:30 2023 GMT
            Not After : Oct 25 15:37:30 2024 GMT
        Subject: CN=1765E5A21F3460A0E72F7554992DDF8D6DF1E2F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ae:d0:65:22:5e:38:63:e8:fa:9d:7b:7f:91:
                    bc:a2:da:de:ba:a8:da:e1:04:2f:60:9d:fd:d5:9b:
                    48:95:e1:c4:14:ff:7d:dc:2a:b3:fb:62:9f:94:4c:
                    38:02:50:d3:16:53:a1:3e:f0:19:45:17:6d:96:3c:
                    db:d1:34:85:dc:76:47:ad:1f:50:ea:bc:c8:91:b1:
                    82:59:ee:b9:0f:21:ea:2f:0b:e0:74:38:c7:a6:87:
                    69:e1:22:08:e5:8a:4a:69:8e:f2:a3:80:d0:93:dd:
                    14:3f:9b:9f:da:31:3c:fe:e3:94:2d:c2:6c:08:71:
                    3a:97:5f:d0:8e:63:7e:b8:3e:58:97:bd:ab:46:d7:
                    3c:b8:ca:b2:f3:40:6a:1d:94:e8:95:8b:69:ea:3a:
                    7f:2f:63:ad:5b:5d:7e:6d:92:6e:96:df:ae:20:64:
                    50:ff:0e:fa:81:e9:80:b9:7e:1a:23:8a:12:05:0f:
                    76:59:3e:81:09:28:70:18:d7:47:57:bb:d8:27:9e:
                    11:e6:72:ab:7c:db:fe:78:16:1e:df:59:ca:17:f9:
                    01:6a:82:9f:91:f9:7e:9c:84:b9:ce:de:05:1b:dc:
                    fd:8b:73:ce:ea:41:44:0c:f5:0d:58:4d:f3:af:af:
                    92:fb:5d:83:c6:d7:cd:6a:e2:60:51:51:65:ec:2d:
                    0e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:65:E5:A2:1F:34:60:A0:E7:2F:75:54:99:2D:DF:8D:6D:F1:E2:F1
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203430383631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:58:e9:81:61:93:69:93:b9:8e:f0:5d:f3:84:92:92:fc:7b:
         a5:ab:d9:26:e2:1b:00:d0:f9:ac:8f:8a:8f:55:43:10:cc:56:
         1d:6e:1b:46:5d:71:7f:70:20:19:c9:eb:34:4e:f1:84:69:5e:
         47:4a:81:77:7c:74:64:68:26:ee:7e:f2:e2:4a:10:e7:23:39:
         58:18:6c:34:e6:95:4f:74:32:a2:87:24:d4:3f:cc:c1:b4:ec:
         95:70:f8:6a:be:0b:43:8a:cf:ee:af:48:7e:7b:e6:06:ae:40:
         32:69:b6:37:5b:76:e4:f6:a2:0a:99:76:c0:85:54:f1:11:c3:
         90:07:bb:56:86:13:14:eb:5b:1c:06:69:38:a2:ce:ec:c5:e3:
         68:b4:49:3f:49:1e:f6:da:44:03:2e:8b:0c:2d:76:8f:f6:f1:
         9c:b9:96:26:1c:4e:6b:f8:7b:18:0e:da:d2:c3:c1:b6:04:5e:
         50:e3:00:db:ba:b0:16:c3:d6:90:91:35:d6:71:42:fd:1e:20:
         d8:2b:30:d4:6e:47:69:da:10:8f:28:63:cc:32:f7:b6:a3:0a:
         e9:e9:27:ad:4e:6d:76:d1:1f:9f:f2:10:78:14:4f:20:ed:cd:
         4b:81:95:aa:84:eb:53:5c:81:fb:4a:36:17:37:16:26:95:ef:
         0a:c9:4f:13
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUE11C/BI2K8pP3weQYLThyVjstTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMjcxNTMyMzBaFw0yNDEwMjUxNTM3MzBaMDMxMTAvBgNV
BAMTKDE3NjVFNUEyMUYzNDYwQTBFNzJGNzU1NDk5MkRERjhENkRGMUUyRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCprtBlIl44Y+j6nXt/kbyi2t66
qNrhBC9gnf3Vm0iV4cQU/33cKrP7Yp+UTDgCUNMWU6E+8BlFF22WPNvRNIXcdket
H1DqvMiRsYJZ7rkPIeovC+B0OMemh2nhIgjlikppjvKjgNCT3RQ/m5/aMTz+45Qt
wmwIcTqXX9COY364PliXvatG1zy4yrLzQGodlOiVi2nqOn8vY61bXX5tkm6W364g
ZFD/DvqB6YC5fhojihIFD3ZZPoEJKHAY10dXu9gnnhHmcqt82/54Fh7fWcoX+QFq
gp+R+X6chLnO3gUb3P2Lc87qQUQM9Q1YTfOvr5L7XYPG181q4mBRUWXsLQ7lAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUF2Xloh80YKDnL3VUmS3fjW3x4vEwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzgzNjMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYqMA0G
CSqGSIb3DQEBCwUAA4IBAQB6WOmBYZNpk7mO8F3zhJKS/Hulq9km4hsA0Pmsj4qP
VUMQzFYdbhtGXXF/cCAZyes0TvGEaV5HSoF3fHRkaCbufvLiShDnIzlYGGw05pVP
dDKihyTUP8zBtOyVcPhqvgtDis/ur0h+e+YGrkAyabY3W3bk9qIKmXbAhVTxEcOQ
B7tWhhMU61scBmk4os7sxeNotEk/SR722kQDLosMLXaP9vGcuZYmHE5r+HsYDtrS
w8G2BF5Q4wDburAWw9aQkTXWcUL9HiDYKzDUbkdp2hCPKGPMMve2owrp6SetTm12
0R+f8hB4FE8g7c1LgZWqhOtTXIH7SjYXNxYmle8KyU8T
-----END CERTIFICATE-----