Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203136323736.roa
File:                     33312e32342e3235332e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          w4tu2zM6PmZseGXunZyMW6fBt+yFj2B4sJoqvaWmk7A=
Subject key identifier:   5B:48:CC:B4:B5:8C:31:E6:F0:AE:9A:6A:84:C8:72:8B:1D:1D:84:CB
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       4956670F514B7898DAADBC9310C64525233CE425
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203136323736.roa
Signing time:             Tue 24 Jun 2025 06:54:11 +0000
ROA not before:           Tue 24 Jun 2025 06:49:11 +0000
ROA not after:            Tue 23 Jun 2026 06:54:11 +0000
asID:                     16276
IP address blocks:        31.24.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:56:67:0f:51:4b:78:98:da:ad:bc:93:10:c6:45:25:23:3c:e4:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Jun 24 06:49:11 2025 GMT
            Not After : Jun 23 06:54:11 2026 GMT
        Subject: CN=5B48CCB4B58C31E6F0AE9A6A84C8728B1D1D84CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:73:e8:09:d3:de:f9:71:60:ff:3e:01:f6:ee:
                    1f:ae:49:0b:99:8a:3c:d7:b6:b6:d5:d5:3d:01:69:
                    2d:99:4f:85:7e:34:69:8a:dd:7b:ad:a2:df:20:52:
                    e0:52:2f:ea:11:af:94:b3:e2:d2:ff:85:04:42:90:
                    f8:62:83:83:eb:d3:d0:69:1d:4b:a9:bb:96:29:d1:
                    d1:ba:ad:bd:2c:77:1f:34:d8:ef:da:79:fe:8c:76:
                    0b:1d:9b:8e:c2:35:a0:d8:f5:83:5b:95:e6:1f:c4:
                    67:58:c2:b5:0b:36:98:d1:c9:6b:52:01:6b:f6:eb:
                    0c:67:00:ef:0d:23:d1:78:bd:0a:72:fa:20:da:af:
                    65:13:99:f8:d1:4d:b0:e8:ff:3c:19:ce:05:0b:3d:
                    81:0a:6e:90:93:1b:5e:c6:26:be:c2:23:9f:14:05:
                    3b:66:73:76:fa:65:e2:dc:64:e2:66:a0:48:f2:bf:
                    e1:03:76:81:ec:bb:85:2d:0f:90:1f:85:c2:96:dc:
                    a2:7f:a4:76:b5:43:19:56:28:d9:7a:e9:f7:55:d0:
                    00:7d:15:da:f6:0d:f9:71:d6:10:a0:3e:95:73:f9:
                    f3:7a:0a:ba:5e:a1:10:2b:03:45:ce:c5:15:3d:e5:
                    d1:b1:b6:5b:77:df:08:56:a1:32:a8:07:88:d6:5f:
                    b8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:48:CC:B4:B5:8C:31:E6:F0:AE:9A:6A:84:C8:72:8B:1D:1D:84:CB
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:b6:a0:b7:46:16:6d:c5:70:44:d3:2c:56:f3:2d:69:02:f3:
         ee:b0:db:38:1f:e9:32:5b:41:3f:76:a9:6c:18:6f:bc:9e:e5:
         37:d2:79:c8:ad:ce:af:8c:b4:23:b8:88:63:35:1e:65:4b:eb:
         c3:4d:0b:4e:85:5e:80:e5:48:24:e6:53:ed:35:1b:ae:ff:b3:
         78:7c:32:97:2b:6a:7f:42:3a:40:6f:5d:15:b5:82:2c:27:59:
         4f:2d:d0:8c:0a:b8:59:b4:2e:7a:c7:22:8d:fc:41:3a:ca:61:
         3b:86:47:cc:da:1f:86:55:a5:3c:92:41:00:57:b3:c7:da:08:
         46:63:2c:41:0a:e2:6c:d4:99:86:58:2b:06:c2:24:8f:bf:8c:
         74:80:d5:2d:5d:14:cf:d0:24:64:1a:c1:13:a2:81:c5:57:e8:
         01:d7:83:9e:eb:6f:66:c5:75:05:29:81:55:10:11:c9:2e:08:
         a8:f7:c1:34:be:81:00:20:71:76:95:09:86:36:06:ca:6e:c4:
         f5:77:78:52:ec:74:d2:84:54:7d:13:dd:a4:89:b1:20:38:21:
         58:5b:9f:ce:f7:38:d8:29:60:6e:e4:0f:8d:6c:93:b8:1e:a2:
         f0:ed:50:c2:5c:4c:46:a7:51:9d:23:2b:f7:be:bd:05:4f:ff:
         b3:78:6a:31
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSVZnD1FLeJjarbyTEMZFJSM85CUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTA2MjQwNjQ5MTFaFw0yNjA2MjMwNjU0MTFaMDMxMTAvBgNV
BAMTKDVCNDhDQ0I0QjU4QzMxRTZGMEFFOUE2QTg0Qzg3MjhCMUQxRDg0Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOc+gJ0975cWD/PgH27h+uSQuZ
ijzXtrbV1T0BaS2ZT4V+NGmK3Xutot8gUuBSL+oRr5Sz4tL/hQRCkPhig4Pr09Bp
HUupu5Yp0dG6rb0sdx802O/aef6Mdgsdm47CNaDY9YNbleYfxGdYwrULNpjRyWtS
AWv26wxnAO8NI9F4vQpy+iDar2UTmfjRTbDo/zwZzgULPYEKbpCTG17GJr7CI58U
BTtmc3b6ZeLcZOJmoEjyv+EDdoHsu4UtD5AfhcKW3KJ/pHa1QxlWKNl66fdV0AB9
Fdr2Dflx1hCgPpVz+fN6CrpeoRArA0XOxRU95dGxtlt33whWoTKoB4jWX7jpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW0jMtLWMMebwrppqhMhyix0dhMswHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzMzMTJlMzIzNDJlMzIzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjMyMzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8Y
/TANBgkqhkiG9w0BAQsFAAOCAQEAsbagt0YWbcVwRNMsVvMtaQLz7rDbOB/pMltB
P3apbBhvvJ7lN9J5yK3Or4y0I7iIYzUeZUvrw00LToVegOVIJOZT7TUbrv+zeHwy
lytqf0I6QG9dFbWCLCdZTy3QjAq4WbQuescijfxBOsphO4ZHzNofhlWlPJJBAFez
x9oIRmMsQQribNSZhlgrBsIkj7+MdIDVLV0Uz9AkZBrBE6KBxVfoAdeDnutvZsV1
BSmBVRARyS4IqPfBNL6BACBxdpUJhjYGym7E9Xd4Uux00oRUfRPdpImxIDghWFuf
zvc42ClgbuQPjWyTuB6i8O1QwlxMRqdRnSMr9769BU//s3hqMQ==
-----END CERTIFICATE-----