Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35332e302f32342d3234203d3e20333937363330.roa
File:                     33312e362e35332e302f32342d3234203d3e20333937363330.roa (raw, json)
Hash identifier:          z85pHLGWYASRXeu4nyVd/kj2kK9MjB7QZ9BIptnAA6Q=
Subject key identifier:   49:7A:14:50:12:EA:1F:FD:F0:62:D1:C0:3B:34:43:04:04:52:4D:6B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       649B842471E5E8A5769D8149F2D8AE8A90D6575E
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35332e302f32342d3234203d3e20333937363330.roa
Signing time:             Tue 14 Nov 2023 15:02:29 +0000
ROA not before:           Tue 14 Nov 2023 14:57:29 +0000
ROA not after:            Tue 12 Nov 2024 15:02:29 +0000
asID:                     397630
IP address blocks:        31.6.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:9b:84:24:71:e5:e8:a5:76:9d:81:49:f2:d8:ae:8a:90:d6:57:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 14 14:57:29 2023 GMT
            Not After : Nov 12 15:02:29 2024 GMT
        Subject: CN=497A145012EA1FFDF062D1C03B34430404524D6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a1:aa:f5:0f:99:f6:5c:e6:3d:38:a8:bd:0e:
                    90:4a:32:96:8f:ce:64:4d:f9:2f:7b:53:d6:55:75:
                    16:83:b6:b2:08:ef:f2:b2:08:d1:a5:80:bc:fd:1d:
                    87:82:31:07:37:6c:9c:0f:91:dc:69:0b:88:a5:a5:
                    99:9a:35:65:c6:0c:63:24:78:2a:fa:67:f0:b5:f5:
                    e8:2c:e8:3f:f3:e3:98:52:dd:f1:2b:a0:c3:35:48:
                    ba:ec:bb:2c:53:05:2a:0d:1c:04:43:1c:3c:e5:83:
                    d8:de:e3:d7:40:23:e1:c2:05:c4:a9:46:0f:83:48:
                    60:38:e2:2d:52:f1:e8:0a:96:17:d6:2e:0f:3f:d2:
                    2c:ec:49:1f:3e:31:c8:a4:b9:b2:b1:76:b6:85:53:
                    31:41:bb:7c:b0:de:c7:c5:f5:5d:c8:3e:d2:1c:20:
                    06:41:ba:d9:86:d4:a3:56:f4:19:c9:a6:b3:10:ba:
                    55:fd:ea:01:be:65:ac:17:06:f1:f1:ea:8c:3c:60:
                    94:56:2b:6b:fa:63:77:68:7d:64:93:35:fd:0b:a8:
                    6e:a3:f1:c4:68:30:39:d2:9a:78:3e:46:86:aa:5c:
                    05:e5:03:7f:b1:80:b3:78:28:f8:2e:6a:61:eb:23:
                    6b:a8:af:d3:44:ea:c2:88:78:e4:6a:20:84:27:93:
                    01:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:7A:14:50:12:EA:1F:FD:F0:62:D1:C0:3B:34:43:04:04:52:4D:6B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35332e302f32342d3234203d3e20333937363330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:ef:36:91:04:d6:e1:42:c8:1c:7f:8b:55:7b:39:53:49:e1:
         4a:72:3e:7d:e9:1a:9f:e6:01:ce:bf:bb:71:55:84:53:f2:13:
         85:72:31:6a:97:4d:8e:77:6f:fa:aa:f2:53:41:14:73:50:2c:
         5d:b0:6c:cd:ee:c9:13:31:93:6a:de:37:22:a7:aa:1d:57:99:
         c8:ba:64:1c:9c:30:e5:43:9a:66:42:fc:1f:9b:21:de:9c:42:
         b3:6a:82:6f:fb:20:57:71:7e:dd:8f:95:bd:fc:01:ac:3d:ea:
         77:55:33:3a:05:ef:55:91:b3:dc:10:8c:6f:8d:9f:49:3b:bd:
         fd:f7:b3:73:2f:2a:39:6e:3f:8d:be:9f:8b:c4:5f:78:27:f8:
         09:cf:f8:59:f9:8c:0b:0c:2c:df:c7:61:6b:bd:64:6b:af:fe:
         62:5a:78:17:8b:31:33:13:ef:3e:4f:fd:e9:21:39:20:c1:f5:
         1f:75:72:24:16:fa:74:f1:c3:39:16:8b:8c:79:dd:f7:87:ae:
         4d:37:c3:28:cc:0f:a9:7a:91:d2:b5:13:03:3e:77:89:97:a2:
         21:70:60:85:d8:ed:93:9d:7e:b6:73:f3:c2:fc:4e:60:14:cd:
         59:72:b5:5a:66:89:70:31:96:ce:99:3d:45:43:6e:43:69:ee:
         f9:be:ff:fd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZJuEJHHl6KV2nYFJ8tiuipDWV14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzExMTQxNDU3MjlaFw0yNDExMTIxNTAyMjlaMDMxMTAvBgNV
BAMTKDQ5N0ExNDUwMTJFQTFGRkRGMDYyRDFDMDNCMzQ0MzA0MDQ1MjRENkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjoar1D5n2XOY9OKi9DpBKMpaP
zmRN+S97U9ZVdRaDtrII7/KyCNGlgLz9HYeCMQc3bJwPkdxpC4ilpZmaNWXGDGMk
eCr6Z/C19egs6D/z45hS3fEroMM1SLrsuyxTBSoNHARDHDzlg9je49dAI+HCBcSp
Rg+DSGA44i1S8egKlhfWLg8/0izsSR8+McikubKxdraFUzFBu3yw3sfF9V3IPtIc
IAZButmG1KNW9BnJprMQulX96gG+ZawXBvHx6ow8YJRWK2v6Y3dofWSTNf0LqG6j
8cRoMDnSmng+RoaqXAXlA3+xgLN4KPguamHrI2uor9NE6sKIeORqIIQnkwEjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUSXoUUBLqH/3wYtHAOzRDBARSTWswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzczNjMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjUw
DQYJKoZIhvcNAQELBQADggEBAGDvNpEE1uFCyBx/i1V7OVNJ4UpyPn3pGp/mAc6/
u3FVhFPyE4VyMWqXTY53b/qq8lNBFHNQLF2wbM3uyRMxk2reNyKnqh1Xmci6ZByc
MOVDmmZC/B+bId6cQrNqgm/7IFdxft2Plb38Aaw96ndVMzoF71WRs9wQjG+Nn0k7
vf33s3MvKjluP42+n4vEX3gn+AnP+Fn5jAsMLN/HYWu9ZGuv/mJaeBeLMTMT7z5P
/ekhOSDB9R91ciQW+nTxwzkWi4x53feHrk03wyjMD6l6kdK1EwM+d4mXoiFwYIXY
7ZOdfrZz88L8TmAUzVlytVpmiXAxls6ZPUVDbkNp7vm+//0=
-----END CERTIFICATE-----