Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31332e302f32342d3234203d3e203534323532.roa
File:                     33312e362e31332e302f32342d3234203d3e203534323532.roa (raw, json)
Hash identifier:          q848/vE53L455QaST71brJ+4CLtkW2lmK9IHUEp4wVI=
Subject key identifier:   88:3E:EE:1B:8F:FE:15:00:8C:9D:8F:6F:33:E9:3E:B2:65:C4:03:C8
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       152272BC3DA67CD982316E714DE0E354850B4FDD
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31332e302f32342d3234203d3e203534323532.roa
Signing time:             Fri 10 Oct 2025 12:25:54 +0000
ROA not before:           Fri 10 Oct 2025 12:20:54 +0000
ROA not after:            Fri 09 Oct 2026 12:25:54 +0000
asID:                     54252
IP address blocks:        31.6.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:22:72:bc:3d:a6:7c:d9:82:31:6e:71:4d:e0:e3:54:85:0b:4f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct 10 12:20:54 2025 GMT
            Not After : Oct  9 12:25:54 2026 GMT
        Subject: CN=883EEE1B8FFE15008C9D8F6F33E93EB265C403C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ec:e5:34:06:64:c5:c4:af:6d:61:a4:81:7e:
                    39:c4:71:f3:d3:5d:03:56:71:f8:b0:2b:ee:b8:4a:
                    06:e9:8b:e5:46:6b:39:c8:cc:5e:ac:c7:9d:ff:dd:
                    e1:fa:64:17:41:d4:50:f5:43:b0:36:9e:9c:3f:03:
                    03:83:31:ab:1a:5c:50:c2:98:72:a5:47:b5:98:2f:
                    ab:79:dd:0d:86:dd:90:ad:b4:e8:d6:3e:e1:3e:82:
                    5b:88:b4:95:32:fc:ac:e0:bd:b3:84:54:73:27:a3:
                    fc:36:5c:e1:4c:ed:54:4f:60:48:bd:b2:d5:49:c9:
                    a9:d5:94:3c:ec:c3:72:87:2b:86:42:b1:e1:fd:ad:
                    e8:47:20:6f:80:31:e8:a7:7e:03:3e:09:9a:f6:8c:
                    b3:1c:02:cf:58:25:e3:a0:7d:e3:9a:2b:66:18:89:
                    f0:f5:b8:e6:0d:70:6a:0a:d2:68:e4:ce:a7:a3:85:
                    cb:b3:45:09:00:c4:d4:49:92:10:2c:b9:38:d7:85:
                    7f:b2:e0:25:47:c0:bb:31:84:85:37:82:ad:4c:81:
                    b0:0b:95:45:22:a0:4d:1f:8c:59:f1:07:1e:c5:49:
                    6d:ad:c7:75:85:78:61:42:30:21:cb:8b:f6:e1:1f:
                    86:99:aa:ec:77:fb:32:44:01:e8:b9:8b:9e:2c:60:
                    8a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:3E:EE:1B:8F:FE:15:00:8C:9D:8F:6F:33:E9:3E:B2:65:C4:03:C8
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31332e302f32342d3234203d3e203534323532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:6a:eb:d7:4a:2b:b1:59:b4:f0:66:af:a1:aa:66:ce:a0:e3:
         a0:43:ab:5e:0c:3b:2c:c2:27:e7:ec:df:21:5e:d5:17:1b:06:
         fb:0c:f9:03:99:84:4e:07:5a:fa:86:41:a3:44:08:b7:c1:cf:
         1b:f6:62:45:9d:a7:a0:7c:18:7e:19:0d:72:36:b5:40:14:fe:
         d5:34:ee:d7:5c:42:01:6e:69:13:a1:b1:6c:42:ae:f5:58:24:
         c3:b1:ea:30:e9:d4:18:00:08:82:ec:34:f9:c3:7a:77:f1:0f:
         29:a3:56:e4:a9:61:65:d8:bd:e9:45:a9:44:64:63:27:82:16:
         e4:88:82:a3:7a:d8:b5:11:1b:d6:2a:f8:a1:aa:d5:ec:e0:f3:
         76:7b:5c:21:71:0e:22:95:af:01:6b:ca:2e:b8:a1:f8:78:2b:
         12:dc:fe:69:e3:7c:fa:f3:b9:e2:4b:d1:b9:e7:a7:20:d2:2a:
         7a:b9:ff:f1:95:e4:ee:01:31:72:77:e3:c2:91:e4:67:37:b0:
         08:f0:31:d5:ca:5e:bd:42:1d:41:3e:d1:dc:2e:76:1a:cb:a0:
         ff:bb:4d:07:65:d6:2f:d9:46:25:1e:c8:dc:13:6d:0b:3c:d4:
         1b:c5:1b:ef:b3:f4:f4:f0:64:eb:18:3d:b7:ae:05:3e:ca:e2:
         e2:20:fc:69
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUFSJyvD2mfNmCMW5xTeDjVIULT90wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTEwMTAxMjIwNTRaFw0yNjEwMDkxMjI1NTRaMDMxMTAvBgNV
BAMTKDg4M0VFRTFCOEZGRTE1MDA4QzlEOEY2RjMzRTkzRUIyNjVDNDAzQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr7OU0BmTFxK9tYaSBfjnEcfPT
XQNWcfiwK+64Sgbpi+VGaznIzF6sx53/3eH6ZBdB1FD1Q7A2npw/AwODMasaXFDC
mHKlR7WYL6t53Q2G3ZCttOjWPuE+gluItJUy/KzgvbOEVHMno/w2XOFM7VRPYEi9
stVJyanVlDzsw3KHK4ZCseH9rehHIG+AMeinfgM+CZr2jLMcAs9YJeOgfeOaK2YY
ifD1uOYNcGoK0mjkzqejhcuzRQkAxNRJkhAsuTjXhX+y4CVHwLsxhIU3gq1MgbAL
lUUioE0fjFnxBx7FSW2tx3WFeGFCMCHLi/bhH4aZqux3+zJEAei5i54sYIpBAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiD7uG4/+FQCMnY9vM+k+smXEA8gwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM0MzIzNTMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYNMA0G
CSqGSIb3DQEBCwUAA4IBAQBfauvXSiuxWbTwZq+hqmbOoOOgQ6teDDsswifn7N8h
XtUXGwb7DPkDmYROB1r6hkGjRAi3wc8b9mJFnaegfBh+GQ1yNrVAFP7VNO7XXEIB
bmkTobFsQq71WCTDseow6dQYAAiC7DT5w3p38Q8po1bkqWFl2L3pRalEZGMnghbk
iIKjeti1ERvWKvihqtXs4PN2e1whcQ4ila8Ba8ouuKH4eCsS3P5p43z687niS9G5
56cg0ip6uf/xleTuATFyd+PCkeRnN7AI8DHVyl69Qh1BPtHcLnYay6D/u00HZdYv
2UYlHsjcE20LPNQbxRvvs/T08GTrGD23rgU+yuLiIPxp
-----END CERTIFICATE-----