Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33322e302f32342d3234203d3e20323135363933.roa
File:                     33312e362e33322e302f32342d3234203d3e20323135363933.roa (raw, json)
Hash identifier:          0lnNgfiR5OPstc67kEAwhGKofxHCrBS/nPnjUQ6/tU0=
Subject key identifier:   02:99:B9:69:B1:B6:D4:86:FA:2F:85:05:E9:F0:5B:49:FE:91:0A:A3
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       427DD4079C5269E68BF2AD9FA4C4A5793E3AE79A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33322e302f32342d3234203d3e20323135363933.roa
Signing time:             Sun 10 Aug 2025 14:17:53 +0000
ROA not before:           Sun 10 Aug 2025 14:12:53 +0000
ROA not after:            Sun 09 Aug 2026 14:17:53 +0000
asID:                     215693
IP address blocks:        31.6.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:17:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:7d:d4:07:9c:52:69:e6:8b:f2:ad:9f:a4:c4:a5:79:3e:3a:e7:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug 10 14:12:53 2025 GMT
            Not After : Aug  9 14:17:53 2026 GMT
        Subject: CN=0299B969B1B6D486FA2F8505E9F05B49FE910AA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:12:af:df:b6:11:f0:02:38:a1:f5:5b:9d:8e:
                    1f:c0:2a:ee:27:ad:82:2d:62:54:a2:d4:58:08:0d:
                    3c:cf:e5:18:4b:cf:a2:e7:51:80:88:a2:16:47:8f:
                    12:c0:a7:1a:8f:ba:b8:60:7b:61:b9:2f:b9:12:bf:
                    e9:81:ba:3c:56:74:eb:63:9b:25:5f:39:e8:55:61:
                    dd:a6:1b:61:13:b2:e3:1e:c7:44:b4:bf:aa:eb:91:
                    85:2e:42:4c:63:b4:fa:dc:76:31:ef:c9:6b:4f:bd:
                    75:b6:46:4b:51:58:87:21:32:d5:9a:1d:a0:a2:3b:
                    20:b5:77:8f:9d:70:5e:06:3e:d0:2f:11:71:fd:7f:
                    90:ea:8b:f6:0b:6b:26:82:ca:14:1d:37:1a:90:45:
                    0a:58:90:fb:1e:82:cb:a2:11:75:88:bf:ee:6e:10:
                    a9:ff:c6:ed:06:c6:70:37:53:a3:ea:3f:22:fb:ba:
                    65:6f:ac:2c:2b:a4:4b:3d:d3:e4:2a:7f:fc:22:fd:
                    7b:02:d6:dd:4a:03:b4:70:d9:0f:57:86:f2:be:0f:
                    27:06:1b:d0:8f:7f:34:09:bb:ee:f2:20:71:83:19:
                    89:42:b5:6f:d3:2e:9a:f3:50:0a:c5:42:aa:cb:93:
                    7d:19:1c:4b:b4:16:06:4b:b2:ee:1a:2e:83:59:c1:
                    84:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:99:B9:69:B1:B6:D4:86:FA:2F:85:05:E9:F0:5B:49:FE:91:0A:A3
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33322e302f32342d3234203d3e20323135363933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f1:22:b1:3f:82:89:0f:2c:5c:c0:97:5e:c0:3c:ec:cf:33:
         8f:41:68:64:a7:a7:d4:a8:eb:f7:78:19:2a:1c:bc:af:ca:be:
         01:67:24:31:be:00:7a:fe:dc:42:4f:ba:99:ef:ce:5b:ee:af:
         43:2b:0f:09:96:60:a6:ad:11:19:c5:8e:2b:79:63:62:f4:94:
         1f:42:54:2e:b8:e4:d2:4b:a9:0d:c4:c1:99:f3:c3:a9:7f:87:
         ed:a2:12:b8:ed:ab:4f:4a:1a:a0:6e:bb:1a:4f:ee:90:4a:bc:
         53:6e:85:bf:ff:9a:97:df:a0:bd:53:f9:5e:9a:f1:7a:74:0e:
         7f:68:fd:6c:2f:12:93:8f:3b:42:e5:e7:d3:9a:55:de:13:5e:
         1f:38:80:a2:c2:3d:af:65:e9:9b:48:6e:5e:ca:f0:e7:df:a9:
         b7:d9:d7:fc:56:95:40:19:08:ec:73:36:f0:cb:a9:f6:40:61:
         53:80:c5:6d:7d:6e:34:c7:7d:39:49:f5:82:de:fa:1e:0c:7f:
         14:dc:10:bf:de:2c:94:96:3d:ed:38:78:dc:27:9b:2b:91:61:
         8a:50:2f:b2:08:32:54:0a:24:c7:f2:c5:6e:af:ac:ef:70:3e:
         99:f7:9b:b5:3a:88:1b:bf:f2:16:aa:5e:87:8b:f4:2d:8d:f5:
         ad:6b:12:9f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQn3UB5xSaeaL8q2fpMSleT4655owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MTAxNDEyNTNaFw0yNjA4MDkxNDE3NTNaMDMxMTAvBgNV
BAMTKDAyOTlCOTY5QjFCNkQ0ODZGQTJGODUwNUU5RjA1QjQ5RkU5MTBBQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkEq/fthHwAjih9Vudjh/AKu4n
rYItYlSi1FgIDTzP5RhLz6LnUYCIohZHjxLApxqPurhge2G5L7kSv+mBujxWdOtj
myVfOehVYd2mG2ETsuMex0S0v6rrkYUuQkxjtPrcdjHvyWtPvXW2RktRWIchMtWa
HaCiOyC1d4+dcF4GPtAvEXH9f5Dqi/YLayaCyhQdNxqQRQpYkPsegsuiEXWIv+5u
EKn/xu0GxnA3U6PqPyL7umVvrCwrpEs90+Qqf/wi/XsC1t1KA7Rw2Q9XhvK+DycG
G9CPfzQJu+7yIHGDGYlCtW/TLprzUArFQqrLk30ZHEu0FgZLsu4aLoNZwYR3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUApm5abG21Ib6L4UF6fBbSf6RCqMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzUzNjM5MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBiAw
DQYJKoZIhvcNAQELBQADggEBAHTxIrE/gokPLFzAl17APOzPM49BaGSnp9So6/d4
GSocvK/KvgFnJDG+AHr+3EJPupnvzlvur0MrDwmWYKatERnFjit5Y2L0lB9CVC64
5NJLqQ3EwZnzw6l/h+2iErjtq09KGqBuuxpP7pBKvFNuhb//mpffoL1T+V6a8Xp0
Dn9o/WwvEpOPO0Ll59OaVd4TXh84gKLCPa9l6ZtIbl7K8OffqbfZ1/xWlUAZCOxz
NvDLqfZAYVOAxW19bjTHfTlJ9YLe+h4MfxTcEL/eLJSWPe04eNwnmyuRYYpQL7II
MlQKJMfyxW6vrO9wPpn3m7U6iBu/8haqXoeL9C2N9a1rEp8=
-----END CERTIFICATE-----