Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa
File:                     33312e362e322e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          2u4PzOoNmyFm2fCejrL+oYMKS1tjEuwMrbIBHbCbpZg=
Subject key identifier:   13:29:F4:B5:87:1E:23:8E:B0:FB:A3:5E:2B:89:7B:33:EA:63:4C:9F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4BC732E3AFEBE0CD38C8B7CC6CC48DFE9241B494
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa
Signing time:             Wed 20 Aug 2025 12:54:13 +0000
ROA not before:           Wed 20 Aug 2025 12:49:13 +0000
ROA not after:            Wed 19 Aug 2026 12:54:13 +0000
asID:                     29802
IP address blocks:        31.6.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:17:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:c7:32:e3:af:eb:e0:cd:38:c8:b7:cc:6c:c4:8d:fe:92:41:b4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug 20 12:49:13 2025 GMT
            Not After : Aug 19 12:54:13 2026 GMT
        Subject: CN=1329F4B5871E238EB0FBA35E2B897B33EA634C9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:42:c7:b6:bb:e9:ef:bf:70:bb:d5:04:db:c4:
                    6c:36:43:aa:90:8d:e2:0e:8e:4a:ff:fc:e7:1f:d4:
                    e1:a8:42:1e:78:30:8c:66:76:fe:bd:b9:40:83:35:
                    df:3e:1c:80:b9:2f:84:b0:d5:32:0b:09:16:79:e0:
                    9b:1f:7d:3c:2a:5d:1f:80:c0:12:03:0b:74:15:e4:
                    e9:a9:b3:f5:4d:e0:9b:ba:8e:dd:0b:54:57:16:60:
                    f0:76:70:d5:19:ec:85:70:fa:1f:74:fc:e8:30:4a:
                    b1:40:9f:6c:57:8d:c3:25:41:46:5a:d6:af:ac:f1:
                    52:2c:c5:87:d9:05:4a:4d:24:65:28:f9:f8:b5:c2:
                    34:f8:62:02:c5:e1:f9:aa:63:15:be:83:6a:9c:d8:
                    a1:60:86:c0:98:d7:bf:fe:0f:09:40:0d:69:97:0f:
                    c2:ab:ba:8f:03:4f:47:6d:c8:25:e0:6a:b4:11:af:
                    a1:db:10:6b:e5:1c:30:fe:75:09:81:d9:03:85:8f:
                    8a:3f:f5:2d:de:fd:5f:52:b6:8c:44:9b:13:aa:21:
                    62:ef:b8:e2:10:85:26:9c:d7:e3:ca:5e:97:2f:49:
                    0d:70:17:ee:a4:10:2b:b0:15:86:d8:39:f9:bc:50:
                    09:00:8a:ee:20:22:ee:ac:1f:c7:11:9b:ef:eb:3e:
                    a6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:29:F4:B5:87:1E:23:8E:B0:FB:A3:5E:2B:89:7B:33:EA:63:4C:9F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:99:40:4e:ff:de:af:5c:6d:c2:f4:f8:6c:41:36:ae:7e:c7:
         2f:7d:6e:69:2f:10:8d:fa:84:56:9c:48:78:a9:d9:cf:57:35:
         28:12:3a:a5:ac:59:bf:85:e5:74:19:0d:81:0d:0c:9e:44:0b:
         0f:66:63:ed:bb:b5:21:df:e8:c0:d4:d7:d1:2d:e8:23:f7:74:
         1b:47:9e:41:fc:8a:22:b6:e6:5d:bd:25:de:67:df:ec:fa:83:
         5e:7b:28:51:9c:57:35:40:f4:b4:a5:53:ca:f3:83:e9:f5:45:
         d6:a9:62:59:d1:c0:97:a3:4d:2b:a2:25:8e:a6:3c:85:97:a9:
         71:f0:0a:b5:48:2e:6f:68:d3:1c:fc:38:14:a0:73:12:5c:7b:
         1b:a0:a2:de:8f:d2:66:72:28:8a:34:42:46:48:28:40:ed:da:
         e8:68:14:d2:fb:8b:e4:65:f4:2f:4e:32:39:de:d9:3a:13:cf:
         c2:08:8d:74:15:5b:d2:cb:ab:b7:3f:80:9d:62:47:c4:3f:9a:
         10:ba:01:ba:e2:ce:be:eb:d7:56:50:d5:89:a1:4b:dc:ee:b0:
         8e:6c:37:25:e9:92:80:84:23:d1:79:cb:15:80:90:69:1f:4d:
         5e:6c:64:07:2b:43:d5:25:70:fb:30:09:95:d4:ad:96:9e:03:
         ac:f3:8f:63
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUS8cy46/r4M04yLfMbMSN/pJBtJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MjAxMjQ5MTNaFw0yNjA4MTkxMjU0MTNaMDMxMTAvBgNV
BAMTKDEzMjlGNEI1ODcxRTIzOEVCMEZCQTM1RTJCODk3QjMzRUE2MzRDOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsQse2u+nvv3C71QTbxGw2Q6qQ
jeIOjkr//Ocf1OGoQh54MIxmdv69uUCDNd8+HIC5L4Sw1TILCRZ54JsffTwqXR+A
wBIDC3QV5Omps/VN4Ju6jt0LVFcWYPB2cNUZ7IVw+h90/OgwSrFAn2xXjcMlQUZa
1q+s8VIsxYfZBUpNJGUo+fi1wjT4YgLF4fmqYxW+g2qc2KFghsCY17/+DwlADWmX
D8Kruo8DT0dtyCXgarQRr6HbEGvlHDD+dQmB2QOFj4o/9S3e/V9StoxEmxOqIWLv
uOIQhSac1+PKXpcvSQ1wF+6kECuwFYbYOfm8UAkAiu4gIu6sH8cRm+/rPqZpAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUEyn0tYceI46w+6NeK4l7M+pjTJ8wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GAjANBgkq
hkiG9w0BAQsFAAOCAQEAAJlATv/er1xtwvT4bEE2rn7HL31uaS8QjfqEVpxIeKnZ
z1c1KBI6paxZv4XldBkNgQ0MnkQLD2Zj7bu1Id/owNTX0S3oI/d0G0eeQfyKIrbm
Xb0l3mff7PqDXnsoUZxXNUD0tKVTyvOD6fVF1qliWdHAl6NNK6IljqY8hZepcfAK
tUgub2jTHPw4FKBzElx7G6Ci3o/SZnIoijRCRkgoQO3a6GgU0vuL5GX0L04yOd7Z
OhPPwgiNdBVb0surtz+AnWJHxD+aELoBuuLOvuvXVlDViaFL3O6wjmw3JemSgIQj
0XnLFYCQaR9NXmxkBytD1SVw+zAJldStlp4DrPOPYw==
-----END CERTIFICATE-----