Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33322e302f32342d3234203d3e20323135363933.roa
File:                     33312e362e33322e302f32342d3234203d3e20323135363933.roa (raw, json)
Hash identifier:          k+Ivt/8Q8XPnvUqQXDLjbllXxaw9ylKLnCWdH3+kXKM=
Subject key identifier:   36:DB:E4:90:F5:AF:6C:03:27:00:9E:DD:44:54:8C:B7:AD:BB:E1:9D
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       670D4C196F227F24071DC245DE19900B0E255295
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33322e302f32342d3234203d3e20323135363933.roa
Signing time:             Thu 12 Mar 2026 07:56:43 +0000
ROA not before:           Thu 12 Mar 2026 07:51:43 +0000
ROA not after:            Thu 11 Mar 2027 07:56:43 +0000
asID:                     215693
IP address blocks:        31.6.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:0d:4c:19:6f:22:7f:24:07:1d:c2:45:de:19:90:0b:0e:25:52:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 12 07:51:43 2026 GMT
            Not After : Mar 11 07:56:43 2027 GMT
        Subject: CN=36DBE490F5AF6C0327009EDD44548CB7ADBBE19D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d2:bb:ae:25:6d:40:ed:f1:16:fa:0a:94:3c:
                    2f:9d:04:8e:1c:ed:15:f4:92:9b:ee:dc:9a:b3:fb:
                    b4:94:37:04:d5:d1:18:9c:09:44:7c:43:65:e3:b1:
                    eb:23:09:ec:09:61:30:a1:83:b2:7e:9b:15:1b:fb:
                    b6:17:53:08:35:96:e3:e3:ec:85:55:d4:99:bc:f2:
                    4f:36:82:e1:c9:d9:96:25:8f:0a:bc:56:40:1b:2c:
                    c2:9e:f5:92:0b:8e:94:92:16:d8:0d:41:bb:d0:5d:
                    c6:68:ca:47:58:fa:cf:3a:a4:0a:6e:68:3d:6f:3a:
                    5a:ad:8b:bb:61:8a:57:d7:a2:42:19:76:7d:35:21:
                    36:09:61:e9:f7:ee:41:10:7b:67:e1:96:ae:15:ad:
                    1d:40:98:cd:ee:87:03:0a:3e:ff:8d:e3:a7:84:2c:
                    fb:97:71:01:ac:ac:50:a0:be:fe:67:2e:ea:77:bc:
                    63:08:77:53:41:42:ae:f2:28:86:a8:57:a6:a9:98:
                    dd:13:44:81:d9:a9:c8:57:2e:39:cf:05:f9:e2:0f:
                    f7:09:e2:3f:c5:fb:eb:c6:9c:24:a8:46:9f:af:21:
                    bb:e6:13:f9:c8:ae:a5:67:27:32:98:7a:50:da:1b:
                    44:b3:4a:3e:1d:38:a0:55:d2:c7:aa:dc:5d:37:51:
                    71:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DB:E4:90:F5:AF:6C:03:27:00:9E:DD:44:54:8C:B7:AD:BB:E1:9D
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33322e302f32342d3234203d3e20323135363933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ce:eb:42:e2:4b:f2:6a:ae:d0:5f:9c:ec:40:3d:e2:49:00:
         e0:06:c9:1b:ab:11:e3:97:54:f3:b8:50:4b:8c:5c:54:ca:3e:
         af:35:8b:60:53:48:75:33:67:dd:90:5c:24:fa:9b:92:0d:12:
         03:48:5c:77:7c:57:c6:75:f4:c4:1c:c4:21:c5:5d:7b:16:09:
         ee:1c:b5:ec:c0:96:3f:fe:de:16:3a:83:21:ed:71:63:e9:b3:
         7d:6c:17:67:64:ce:fd:9b:fa:bb:09:23:97:cc:05:b8:8d:d3:
         5c:08:fd:5f:d7:d3:33:1e:57:cf:3c:68:9e:b5:bc:d1:f8:c9:
         e9:9e:b9:75:31:fc:f6:57:f2:e6:d0:30:8e:2b:7d:d5:b2:21:
         d1:eb:05:72:18:89:8d:1b:8b:25:54:02:eb:7c:28:ba:ed:43:
         93:f1:ab:bd:8f:a6:4b:e5:b4:61:8d:42:7e:cf:49:77:f1:38:
         6d:f0:c1:30:a9:9d:ba:af:96:ec:c3:13:38:7f:74:2b:be:82:
         ff:57:af:a9:aa:cb:4b:87:7c:7f:c1:10:2d:cd:a5:3b:4a:a4:
         92:63:56:b3:51:b8:72:0c:f2:1d:d7:a7:ed:d4:9b:0c:a3:e5:
         90:bf:87:53:b7:a1:ba:49:8a:65:6d:45:dc:0b:da:07:ae:23:
         6e:09:a3:f1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZw1MGW8ifyQHHcJF3hmQCw4lUpUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMTIwNzUxNDNaFw0yNzAzMTEwNzU2NDNaMDMxMTAvBgNV
BAMTKDM2REJFNDkwRjVBRjZDMDMyNzAwOUVERDQ0NTQ4Q0I3QURCQkUxOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD0ruuJW1A7fEW+gqUPC+dBI4c
7RX0kpvu3Jqz+7SUNwTV0RicCUR8Q2XjsesjCewJYTChg7J+mxUb+7YXUwg1luPj
7IVV1Jm88k82guHJ2ZYljwq8VkAbLMKe9ZILjpSSFtgNQbvQXcZoykdY+s86pApu
aD1vOlqti7thilfXokIZdn01ITYJYen37kEQe2fhlq4VrR1AmM3uhwMKPv+N46eE
LPuXcQGsrFCgvv5nLup3vGMId1NBQq7yKIaoV6apmN0TRIHZqchXLjnPBfniD/cJ
4j/F++vGnCSoRp+vIbvmE/nIrqVnJzKYelDaG0SzSj4dOKBV0seq3F03UXFnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUNtvkkPWvbAMnAJ7dRFSMt6274Z0wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzUzNjM5MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBiAw
DQYJKoZIhvcNAQELBQADggEBACDO60LiS/JqrtBfnOxAPeJJAOAGyRurEeOXVPO4
UEuMXFTKPq81i2BTSHUzZ92QXCT6m5INEgNIXHd8V8Z19MQcxCHFXXsWCe4ctezA
lj/+3hY6gyHtcWPps31sF2dkzv2b+rsJI5fMBbiN01wI/V/X0zMeV888aJ61vNH4
yemeuXUx/PZX8ubQMI4rfdWyIdHrBXIYiY0biyVUAut8KLrtQ5Pxq72PpkvltGGN
Qn7PSXfxOG3wwTCpnbqvluzDEzh/dCu+gv9Xr6mqy0uHfH/BEC3NpTtKpJJjVrNR
uHIM8h3Xp+3Umwyj5ZC/h1O3obpJimVtRdwL2geuI24Jo/E=
-----END CERTIFICATE-----