Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32342d3234203d3e20333937363330.roa
File:                     33312e362e35342e302f32342d3234203d3e20333937363330.roa (raw, json)
Hash identifier:          hkaOhkoQMySkSjTCmt0iqEoHnz1JhuP2Um1DA9WZa+c=
Subject key identifier:   D6:5D:7F:CD:C8:2E:1B:E8:4C:F0:3F:9C:F2:D5:2C:7F:FF:D2:BF:41
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       5FBB931FC5F470866D59DAAC02CF2C73909F34B3
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32342d3234203d3e20333937363330.roa
Signing time:             Tue 14 Nov 2023 15:02:29 +0000
ROA not before:           Tue 14 Nov 2023 14:57:29 +0000
ROA not after:            Tue 12 Nov 2024 15:02:29 +0000
asID:                     397630
IP address blocks:        31.6.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:bb:93:1f:c5:f4:70:86:6d:59:da:ac:02:cf:2c:73:90:9f:34:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov 14 14:57:29 2023 GMT
            Not After : Nov 12 15:02:29 2024 GMT
        Subject: CN=D65D7FCDC82E1BE84CF03F9CF2D52C7FFFD2BF41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:53:6a:97:37:29:74:af:d0:e4:4f:47:b1:ec:
                    1b:93:a1:7e:66:20:8c:fe:7c:a1:0f:d4:f0:87:68:
                    bc:f3:0e:ef:99:46:ed:bb:fd:ff:8b:b5:b3:f1:3b:
                    89:9e:f2:cc:d3:b0:ce:42:2d:24:c2:00:09:3f:92:
                    c5:7c:e4:0f:70:da:8d:63:3a:a0:d1:65:e8:ef:e7:
                    84:c4:a1:89:cb:38:5e:5f:68:03:c3:3a:3d:4d:d7:
                    2e:24:b1:c0:08:46:39:e0:68:2e:17:c5:f9:41:6f:
                    07:3c:88:96:5d:f8:2a:b7:97:07:85:16:f7:ec:0c:
                    0d:e8:67:76:64:18:b2:17:ad:f8:7f:34:ed:85:60:
                    c7:3c:06:3a:11:e3:71:30:24:2c:cd:e7:72:8a:8b:
                    63:68:d8:91:51:17:25:20:13:69:36:d5:98:b1:95:
                    9f:d1:08:af:09:30:e1:9b:7a:4c:01:df:07:d3:39:
                    6e:06:0b:d1:78:86:76:fd:d9:1f:09:69:85:d9:da:
                    7a:08:37:6a:d1:d7:e8:0d:c2:c6:84:20:8a:f8:41:
                    c0:0b:22:27:d3:23:10:92:b1:1d:b6:17:b1:dd:57:
                    8f:2e:4c:b8:ee:bc:22:79:01:4a:6f:09:d9:b0:33:
                    6c:b5:86:9f:37:28:74:23:6c:fe:a7:10:df:09:fa:
                    5f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5D:7F:CD:C8:2E:1B:E8:4C:F0:3F:9C:F2:D5:2C:7F:FF:D2:BF:41
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32342d3234203d3e20333937363330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:a0:86:fd:c4:1b:52:e7:91:f8:f7:7f:df:e0:a8:95:9d:37:
         41:62:29:93:d4:d8:8e:7f:35:c2:30:b2:ce:fa:b7:94:03:c2:
         ce:ab:23:64:b7:29:4e:75:b0:05:38:66:32:b9:2e:f2:f2:c6:
         50:5c:c1:a6:76:77:07:06:79:7f:cf:bd:5a:d2:0c:a4:a7:fb:
         a9:a2:71:10:5a:9b:93:6b:dd:29:ea:58:74:42:f5:24:83:df:
         6a:6f:bd:cb:dc:aa:b4:a7:06:8e:7b:5f:58:dd:5f:7f:0b:fa:
         24:81:a2:02:d6:39:38:8f:16:23:44:fe:91:00:73:fe:4b:19:
         ef:a4:ea:f3:11:82:4a:d4:4c:2f:81:f0:97:89:e4:cc:70:86:
         e3:92:25:63:ed:79:70:4c:d0:e9:da:5c:7f:33:3a:3a:fa:9d:
         fe:72:e4:b2:40:ee:c2:d0:98:d2:b2:57:fa:5a:38:1c:45:b5:
         8b:51:95:4e:31:ad:f3:6c:0e:bb:7a:46:59:51:aa:de:fd:a3:
         d5:dc:ce:f3:ab:c6:58:de:0c:63:29:55:38:fd:f4:8e:8a:c6:
         fb:66:77:b9:98:9e:a0:c9:4d:6d:db:cc:a0:fa:fa:bf:f8:83:
         dd:03:bc:9c:e0:d7:0b:c6:24:a3:6f:b7:70:f9:72:b9:38:fe:
         4d:43:95:18
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUX7uTH8X0cIZtWdqsAs8sc5CfNLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzExMTQxNDU3MjlaFw0yNDExMTIxNTAyMjlaMDMxMTAvBgNV
BAMTKEQ2NUQ3RkNEQzgyRTFCRTg0Q0YwM0Y5Q0YyRDUyQzdGRkZEMkJGNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXU2qXNyl0r9DkT0ex7BuToX5m
IIz+fKEP1PCHaLzzDu+ZRu27/f+LtbPxO4me8szTsM5CLSTCAAk/ksV85A9w2o1j
OqDRZejv54TEoYnLOF5faAPDOj1N1y4kscAIRjngaC4XxflBbwc8iJZd+Cq3lweF
FvfsDA3oZ3ZkGLIXrfh/NO2FYMc8BjoR43EwJCzN53KKi2No2JFRFyUgE2k21Zix
lZ/RCK8JMOGbekwB3wfTOW4GC9F4hnb92R8JaYXZ2noIN2rR1+gNwsaEIIr4QcAL
IifTIxCSsR22F7HdV48uTLjuvCJ5AUpvCdmwM2y1hp83KHQjbP6nEN8J+l8rAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1l1/zcguG+hM8D+c8tUsf//Sv0EwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzczNjMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjYw
DQYJKoZIhvcNAQELBQADggEBAIyghv3EG1Lnkfj3f9/gqJWdN0FiKZPU2I5/NcIw
ss76t5QDws6rI2S3KU51sAU4ZjK5LvLyxlBcwaZ2dwcGeX/PvVrSDKSn+6micRBa
m5Nr3SnqWHRC9SSD32pvvcvcqrSnBo57X1jdX38L+iSBogLWOTiPFiNE/pEAc/5L
Ge+k6vMRgkrUTC+B8JeJ5MxwhuOSJWPteXBM0OnaXH8zOjr6nf5y5LJA7sLQmNKy
V/paOBxFtYtRlU4xrfNsDrt6RllRqt79o9XczvOrxljeDGMpVTj99I6Kxvtmd7mY
nqDJTW3bzKD6+r/4g90DvJzg1wvGJKNvt3D5crk4/k1DlRg=
-----END CERTIFICATE-----