Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/33312e32342e3235332e302f32342d3234203d3e203537303433.roa
File:                     33312e32342e3235332e302f32342d3234203d3e203537303433.roa (raw, json)
Hash identifier:          aGiZqTpXJPhTg58rge3+e3xntyR/eOr6d8g5P002e/g=
Subject key identifier:   99:6E:4C:E5:EE:1B:3D:71:D7:4A:01:79:2B:35:01:2F:A7:5D:40:AA
Certificate issuer:       /CN=4f4dd60da35a0a9fba440fd44a61e5d27d7dceb1
Certificate serial:       7D02AE8BC629027A9BE9C5360C04F4D382852AA1
Authority key identifier: 4F:4D:D6:0D:A3:5A:0A:9F:BA:44:0F:D4:4A:61:E5:D2:7D:7D:CE:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T03WDaNaCp-6RA_USmHl0n19zrE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/33312e32342e3235332e302f32342d3234203d3e203537303433.roa
Signing time:             Tue 01 Aug 2023 12:03:18 +0000
ROA not before:           Tue 01 Aug 2023 11:58:18 +0000
ROA not after:            Tue 30 Jul 2024 12:03:18 +0000
asID:                     57043
IP address blocks:        31.24.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/4F4DD60DA35A0A9FBA440FD44A61E5D27D7DCEB1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/4F4DD60DA35A0A9FBA440FD44A61E5D27D7DCEB1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T03WDaNaCp-6RA_USmHl0n19zrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:02:ae:8b:c6:29:02:7a:9b:e9:c5:36:0c:04:f4:d3:82:85:2a:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4dd60da35a0a9fba440fd44a61e5d27d7dceb1
        Validity
            Not Before: Aug  1 11:58:18 2023 GMT
            Not After : Jul 30 12:03:18 2024 GMT
        Subject: CN=996E4CE5EE1B3D71D74A01792B35012FA75D40AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a6:f4:84:b8:c4:3d:bb:4f:72:44:2e:0d:bb:
                    bd:6f:71:45:3b:cb:7d:59:08:6e:99:cb:33:5b:43:
                    ff:d0:76:90:c1:ef:b5:13:5f:fe:90:97:7b:0d:2b:
                    c3:37:19:e4:80:56:50:4a:ef:f3:04:8c:3f:8b:22:
                    1e:ef:34:54:a5:1e:19:c2:6c:4c:a0:de:3f:d0:e0:
                    f3:e6:2e:89:78:be:f4:d6:2d:8b:03:3e:f5:5a:48:
                    4d:f6:de:8f:97:6b:3a:9d:0e:ae:eb:86:4c:52:c5:
                    5c:1a:5a:f3:21:c6:e6:d3:5c:2f:af:a9:cf:c1:43:
                    7d:cc:8d:93:8c:95:89:f9:58:c9:94:b5:9a:d3:e2:
                    ef:96:11:62:aa:1c:b4:19:72:5c:34:44:ec:ff:52:
                    94:c1:d7:36:81:16:0b:3a:6d:40:3a:eb:5e:37:33:
                    3c:c7:ca:0e:7f:89:a7:7b:19:78:4a:83:4d:7c:ae:
                    8c:5d:ed:a9:1f:ff:7a:dc:35:65:8b:72:d8:a8:6a:
                    22:48:1a:df:c9:ac:7d:5c:5a:e8:bd:5b:fb:62:6c:
                    df:3e:32:bf:34:24:05:97:ba:32:a9:05:40:88:18:
                    2d:e9:4e:c3:67:b5:3b:1d:00:84:63:c2:4b:90:ac:
                    15:e3:af:04:39:43:2b:41:b0:33:d9:90:0c:d0:21:
                    6f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:6E:4C:E5:EE:1B:3D:71:D7:4A:01:79:2B:35:01:2F:A7:5D:40:AA
            X509v3 Authority Key Identifier:
                keyid:4F:4D:D6:0D:A3:5A:0A:9F:BA:44:0F:D4:4A:61:E5:D2:7D:7D:CE:B1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/4F4DD60DA35A0A9FBA440FD44A61E5D27D7DCEB1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T03WDaNaCp-6RA_USmHl0n19zrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/33312e32342e3235332e302f32342d3234203d3e203537303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:2f:32:20:b3:b7:44:c5:5a:b3:b8:11:6d:86:70:4b:07:09:
         19:1c:7a:3d:a3:aa:bb:90:05:d2:9f:04:6e:fb:fc:0d:5d:ad:
         21:18:27:1b:a6:5b:bb:c1:90:db:51:e1:28:9f:12:ac:dd:08:
         39:3f:85:5b:c9:d9:ed:d6:3c:97:73:55:db:0e:0e:2e:95:80:
         55:70:10:ee:0b:90:5a:18:b6:ca:0b:32:32:05:09:bb:de:bd:
         ec:d7:cb:d9:3a:37:39:58:8f:ac:82:48:cf:3d:3b:1b:d4:2a:
         79:3c:c8:86:2e:2b:ed:c4:84:09:eb:3e:59:06:8c:d5:b6:fa:
         99:4f:6f:04:b6:18:00:ca:16:09:01:6b:68:a3:77:b7:14:b9:
         b5:7f:a9:92:e4:30:fd:1e:38:4c:d1:64:04:4e:79:1f:f6:fb:
         90:01:14:fa:7d:3e:64:4a:ce:24:3f:a7:76:00:0f:61:ce:0a:
         3f:32:9b:49:87:45:cb:7a:a2:4c:43:0e:f9:77:ad:99:38:fb:
         f1:f5:67:1f:91:ca:d6:8f:41:d7:0b:fe:ee:a6:1c:e5:28:4e:
         8d:53:ab:5b:04:39:50:0c:e5:58:6c:aa:cd:00:c9:c7:1f:7b:
         fd:07:03:5f:da:7a:cf:4b:57:a9:5a:a4:7b:e4:cf:3d:c5:b2:
         84:88:dd:a0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfQKui8YpAnqb6cU2DAT004KFKqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGY0ZGQ2MGRhMzVhMGE5ZmJhNDQwZmQ0NGE2MWU1ZDI3
ZDdkY2ViMTAeFw0yMzA4MDExMTU4MThaFw0yNDA3MzAxMjAzMThaMDMxMTAvBgNV
BAMTKDk5NkU0Q0U1RUUxQjNENzFENzRBMDE3OTJCMzUwMTJGQTc1RDQwQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxpvSEuMQ9u09yRC4Nu71vcUU7
y31ZCG6ZyzNbQ//QdpDB77UTX/6Ql3sNK8M3GeSAVlBK7/MEjD+LIh7vNFSlHhnC
bEyg3j/Q4PPmLol4vvTWLYsDPvVaSE323o+XazqdDq7rhkxSxVwaWvMhxubTXC+v
qc/BQ33MjZOMlYn5WMmUtZrT4u+WEWKqHLQZclw0ROz/UpTB1zaBFgs6bUA66143
MzzHyg5/iad7GXhKg018roxd7akf/3rcNWWLctioaiJIGt/JrH1cWui9W/tibN8+
Mr80JAWXujKpBUCIGC3pTsNntTsdAIRjwkuQrBXjrwQ5QytBsDPZkAzQIW9vAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmW5M5e4bPXHXSgF5KzUBL6ddQKowHwYDVR0j
BBgwFoAUT03WDaNaCp+6RA/USmHl0n19zrEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODM3MTE2MDgtYjNkMi00NjllLTlhYjUtNjhiMWNiZjli
ZTI1LzAvNEY0REQ2MERBMzVBMEE5RkJBNDQwRkQ0NEE2MUU1RDI3RDdEQ0VCMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1QwM1dEYU5hQ3AtNlJBX1VTbUhsMG4x
OXpyRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODM3MTE2MDgt
YjNkMi00NjllLTlhYjUtNjhiMWNiZjliZTI1LzAvMzMzMTJlMzIzNDJlMzIzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNzMwMzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8Y
/TANBgkqhkiG9w0BAQsFAAOCAQEA0C8yILO3RMVas7gRbYZwSwcJGRx6PaOqu5AF
0p8Ebvv8DV2tIRgnG6Zbu8GQ21HhKJ8SrN0IOT+FW8nZ7dY8l3NV2w4OLpWAVXAQ
7guQWhi2ygsyMgUJu9697NfL2To3OViPrIJIzz07G9QqeTzIhi4r7cSECes+WQaM
1bb6mU9vBLYYAMoWCQFraKN3txS5tX+pkuQw/R44TNFkBE55H/b7kAEU+n0+ZErO
JD+ndgAPYc4KPzKbSYdFy3qiTEMO+XetmTj78fVnH5HK1o9B1wv+7qYc5ShOjVOr
WwQ5UAzlWGyqzQDJxx97/QcDX9p6z0tXqVqke+TPPcWyhIjdoA==
-----END CERTIFICATE-----