Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31332e302f32342d3234203d3e203634323637.roa
File:                     33312e362e31332e302f32342d3234203d3e203634323637.roa (raw, json)
Hash identifier:          3unYN/2skva1xnhsVUv2j4yBfzGTjiUtEyAW7S2INGU=
Subject key identifier:   61:3B:E3:E8:6A:83:FD:75:46:69:41:61:C4:AB:93:56:33:D5:44:09
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7B48A6BA1DA63022E2A838C992FE20662A7EBB00
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31332e302f32342d3234203d3e203634323637.roa
Signing time:             Fri 10 Oct 2025 12:25:54 +0000
ROA not before:           Fri 10 Oct 2025 12:20:54 +0000
ROA not after:            Fri 09 Oct 2026 12:25:54 +0000
asID:                     64267
IP address blocks:        31.6.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:48:a6:ba:1d:a6:30:22:e2:a8:38:c9:92:fe:20:66:2a:7e:bb:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct 10 12:20:54 2025 GMT
            Not After : Oct  9 12:25:54 2026 GMT
        Subject: CN=613BE3E86A83FD7546694161C4AB935633D54409
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a8:31:8e:6e:fd:24:9b:a8:35:7d:48:10:ba:
                    7d:cc:89:86:31:30:b4:cc:b8:2b:76:be:fc:3e:08:
                    2a:7f:d0:2c:5d:14:54:61:42:b5:2e:92:53:3e:d2:
                    ed:b5:2f:10:75:c3:4b:46:09:b9:07:c1:05:80:7b:
                    98:16:9a:e7:aa:00:9e:85:58:8f:fa:21:61:2b:b8:
                    b6:53:b3:d6:53:a9:50:f0:cc:4e:a5:d6:1b:86:0d:
                    dd:76:45:e3:eb:f2:72:99:a7:ee:a4:61:3c:e0:7b:
                    a4:57:4c:cf:f4:46:39:12:1a:96:6d:ae:5a:12:e4:
                    ab:a5:bd:eb:93:59:45:f4:e6:d9:df:ca:95:4a:c4:
                    fe:64:fe:8c:68:2d:cf:35:a6:7a:c8:17:98:2f:59:
                    2b:a7:51:b6:db:3f:a4:ff:c6:dd:d0:b0:df:aa:24:
                    e3:c0:72:6b:9f:79:b0:9c:f4:d1:55:0e:7a:14:5c:
                    d6:75:c1:f7:1e:b2:4d:aa:39:49:a9:2e:47:dd:ce:
                    e4:26:c9:95:c8:ae:45:51:49:49:b4:4d:2a:d4:ce:
                    ce:a3:09:41:89:d3:12:58:27:eb:99:ff:c6:8d:b7:
                    ec:b0:70:21:8b:2c:9c:4d:92:2c:64:de:f7:5d:06:
                    52:68:37:70:ec:c6:d9:a9:26:b6:53:c7:17:20:dc:
                    94:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3B:E3:E8:6A:83:FD:75:46:69:41:61:C4:AB:93:56:33:D5:44:09
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31332e302f32342d3234203d3e203634323637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:30:18:85:ef:a5:52:ed:ce:8f:82:c2:8e:78:00:b8:f6:4c:
         d2:c9:97:72:64:ff:cd:f3:e1:0c:bd:67:11:4b:5e:3d:b0:5e:
         f1:08:73:71:91:a8:08:b3:d2:22:12:92:c4:7f:81:87:bb:85:
         ca:e7:5d:1f:2c:97:53:fb:f2:01:64:e7:f1:95:fc:95:27:cc:
         ac:ca:92:17:b2:ed:01:d1:c5:29:bb:86:ad:d9:a4:25:a3:3b:
         7f:7d:25:79:89:58:2b:0d:8d:c1:b6:50:8f:09:91:d7:2b:7a:
         b0:e9:aa:90:b2:82:c3:04:9b:07:bb:7c:95:a1:9e:89:4a:1c:
         93:c8:85:ad:45:75:17:2f:0c:e3:fa:c6:64:d4:f6:37:ec:eb:
         a3:10:dd:39:f7:be:a4:af:49:e3:a5:d5:99:cd:f2:ce:46:fd:
         3a:1c:5b:17:cf:e3:e4:a1:dc:96:09:4b:84:2f:51:d6:b5:b1:
         e2:1d:66:b0:e3:15:66:99:81:5c:e0:26:0e:4e:d0:d0:cc:45:
         70:df:8b:e3:39:fc:dc:f2:d4:9b:23:b6:81:ce:60:8d:1c:f4:
         83:b8:53:68:4b:77:d1:1a:70:92:de:0b:bf:1c:20:48:76:bb:
         30:72:b0:0c:4f:cf:12:78:a5:47:8f:05:c8:b2:34:82:11:1d:
         42:93:b4:20
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUe0imuh2mMCLiqDjJkv4gZip+uwAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTEwMTAxMjIwNTRaFw0yNjEwMDkxMjI1NTRaMDMxMTAvBgNV
BAMTKDYxM0JFM0U4NkE4M0ZENzU0NjY5NDE2MUM0QUI5MzU2MzNENTQ0MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0qDGObv0km6g1fUgQun3MiYYx
MLTMuCt2vvw+CCp/0CxdFFRhQrUuklM+0u21LxB1w0tGCbkHwQWAe5gWmueqAJ6F
WI/6IWEruLZTs9ZTqVDwzE6l1huGDd12RePr8nKZp+6kYTzge6RXTM/0RjkSGpZt
rloS5KulveuTWUX05tnfypVKxP5k/oxoLc81pnrIF5gvWSunUbbbP6T/xt3QsN+q
JOPAcmufebCc9NFVDnoUXNZ1wfcesk2qOUmpLkfdzuQmyZXIrkVRSUm0TSrUzs6j
CUGJ0xJYJ+uZ/8aNt+ywcCGLLJxNkixk3vddBlJoN3DsxtmpJrZTxxcg3JQfAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUYTvj6GqD/XVGaUFhxKuTVjPVRAkwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjM0MzIzNjM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYNMA0G
CSqGSIb3DQEBCwUAA4IBAQCXMBiF76VS7c6PgsKOeAC49kzSyZdyZP/N8+EMvWcR
S149sF7xCHNxkagIs9IiEpLEf4GHu4XK510fLJdT+/IBZOfxlfyVJ8ysypIXsu0B
0cUpu4at2aQlozt/fSV5iVgrDY3BtlCPCZHXK3qw6aqQsoLDBJsHu3yVoZ6JShyT
yIWtRXUXLwzj+sZk1PY37OujEN05976kr0njpdWZzfLORv06HFsXz+PkodyWCUuE
L1HWtbHiHWaw4xVmmYFc4CYOTtDQzEVw34vjOfzc8tSbI7aBzmCNHPSDuFNoS3fR
GnCS3gu/HCBIdrswcrAMT88SeKVHjwXIsjSCER1Ck7Qg
-----END CERTIFICATE-----