Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36302e302f32342d3234203d3e203232333633.roa
File:                     33312e362e36302e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          BSlAP4Y19anKqJyn7BW4UD/vnHSGxZeSBX1A6JF7RdU=
Subject key identifier:   B5:9E:D8:D2:5B:AF:F2:AE:C2:D4:87:79:9D:1A:90:44:D7:6F:AB:4B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       76D5E53C9B213F028102BF243BC851ADE94B81D0
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36302e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 02 Oct 2023 05:22:28 +0000
ROA not before:           Mon 02 Oct 2023 05:17:28 +0000
ROA not after:            Mon 30 Sep 2024 05:22:28 +0000
asID:                     22363
IP address blocks:        31.6.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d5:e5:3c:9b:21:3f:02:81:02:bf:24:3b:c8:51:ad:e9:4b:81:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 05:17:28 2023 GMT
            Not After : Sep 30 05:22:28 2024 GMT
        Subject: CN=B59ED8D25BAFF2AEC2D487799D1A9044D76FAB4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:00:a8:02:56:ea:70:74:76:60:b4:4b:0d:d4:
                    31:f7:9a:b9:c4:d1:1e:4f:28:4a:0d:ac:9e:56:0a:
                    be:83:68:a4:60:24:ef:3a:bf:bd:67:24:11:14:59:
                    07:a3:51:db:dd:b0:18:8c:03:f7:a8:dc:fa:4f:4b:
                    27:0e:c9:44:1e:96:26:01:a5:7b:10:e2:20:09:5e:
                    53:ee:da:22:24:1a:92:a9:79:db:21:58:77:3c:8c:
                    64:a2:19:a1:b3:d7:ed:0a:b4:c7:48:d5:51:21:83:
                    d6:6a:ac:dd:22:02:44:51:25:7f:d9:a1:96:a6:3f:
                    8b:46:c4:a5:70:eb:3e:14:6f:c0:15:8d:1c:be:d1:
                    1a:01:e6:16:30:d0:2a:d5:6d:8f:49:c4:ae:ac:4e:
                    1d:13:f3:0c:82:52:c7:20:1b:d5:60:02:d2:5c:be:
                    0d:ea:37:a4:af:37:8d:35:9b:6c:1c:93:34:c0:54:
                    a8:75:03:7d:5f:9a:ec:4d:20:15:64:c1:a8:6e:56:
                    bd:41:28:0c:23:00:1c:ed:ee:27:5b:15:91:f1:bb:
                    31:88:bc:97:66:0b:7c:30:a4:2f:6d:62:5e:9e:51:
                    fd:1b:22:2b:97:4f:4e:fc:23:f3:23:42:d1:33:a3:
                    1f:44:cd:2a:64:7a:20:73:3b:43:dd:54:41:b1:ec:
                    1f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:9E:D8:D2:5B:AF:F2:AE:C2:D4:87:79:9D:1A:90:44:D7:6F:AB:4B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36302e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:77:bc:16:38:94:f2:a5:be:b3:c7:06:a5:1a:ee:25:72:ef:
         bc:83:da:4a:c4:8d:19:5a:b2:ba:fd:c5:ad:00:bd:70:1f:de:
         34:b7:47:29:ac:b5:ce:17:6a:0a:23:a6:00:78:20:ad:67:a9:
         bf:1b:f4:c7:b5:6b:47:18:cb:03:10:25:db:17:17:d0:31:ad:
         27:96:8d:20:d4:53:ad:75:64:9d:62:53:1c:12:4f:ca:0b:3f:
         70:86:c4:f4:75:12:17:7d:8c:c9:77:b7:e1:0f:29:15:10:4e:
         82:d1:65:9e:2c:92:28:ea:ca:b0:56:90:fc:d5:99:78:9a:ea:
         b5:5b:6e:01:b3:c6:db:02:c9:98:41:44:bf:be:58:b4:a4:15:
         32:42:44:20:a2:b6:86:c8:df:64:51:d8:58:28:c4:bc:e3:a7:
         a6:30:28:5a:52:c0:dc:36:2c:02:6e:9a:5e:ae:b2:e3:7e:9d:
         43:2c:39:30:02:d2:34:07:23:94:ad:e5:b4:f0:fc:66:ec:5e:
         fb:dd:00:be:fc:28:df:c0:82:b2:2e:65:df:be:23:45:27:8f:
         96:53:b8:19:31:03:6a:1c:b3:d0:f7:e5:5b:04:18:d5:ae:ba:
         53:2f:c3:de:d0:e4:20:49:57:89:91:0a:0a:dc:df:2b:bc:2f:
         cf:b8:75:e0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUdtXlPJshPwKBAr8kO8hRrelLgdAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yMzEwMDIwNTE3MjhaFw0yNDA5MzAwNTIyMjhaMDMxMTAvBgNV
BAMTKEI1OUVEOEQyNUJBRkYyQUVDMkQ0ODc3OTlEMUE5MDQ0RDc2RkFCNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8AKgCVupwdHZgtEsN1DH3mrnE
0R5PKEoNrJ5WCr6DaKRgJO86v71nJBEUWQejUdvdsBiMA/eo3PpPSycOyUQeliYB
pXsQ4iAJXlPu2iIkGpKpedshWHc8jGSiGaGz1+0KtMdI1VEhg9ZqrN0iAkRRJX/Z
oZamP4tGxKVw6z4Ub8AVjRy+0RoB5hYw0CrVbY9JxK6sTh0T8wyCUscgG9VgAtJc
vg3qN6SvN401m2wckzTAVKh1A31fmuxNIBVkwahuVr1BKAwjABzt7idbFZHxuzGI
vJdmC3wwpC9tYl6eUf0bIiuXT078I/MjQtEzox9EzSpkeiBzO0PdVEGx7B/rAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtZ7Y0luv8q7C1Id5nRqQRNdvq0swHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwY8MA0G
CSqGSIb3DQEBCwUAA4IBAQBwd7wWOJTypb6zxwalGu4lcu+8g9pKxI0ZWrK6/cWt
AL1wH940t0cprLXOF2oKI6YAeCCtZ6m/G/THtWtHGMsDECXbFxfQMa0nlo0g1FOt
dWSdYlMcEk/KCz9whsT0dRIXfYzJd7fhDykVEE6C0WWeLJIo6sqwVpD81Zl4muq1
W24Bs8bbAsmYQUS/vli0pBUyQkQgoraGyN9kUdhYKMS846emMChaUsDcNiwCbppe
rrLjfp1DLDkwAtI0ByOUreW08Pxm7F773QC+/CjfwIKyLmXfviNFJ4+WU7gZMQNq
HLPQ9+VbBBjVrrpTL8Pe0OQgSVeJkQoK3N8rvC/PuHXg
-----END CERTIFICATE-----