Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa
File:                     33312e362e34352e302f32342d3234203d3e20323039303433.roa (raw, json)
Hash identifier:          XsqK9b3pjscmg80HNM4CTe/mrvPwqu8ifdGcUq3M4jk=
Subject key identifier:   3C:0B:56:07:45:FC:F8:BF:30:41:C9:87:F7:95:29:BA:C9:4A:83:3E
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       357C32DBAC6C3A5D1AA5261C4A507B74B0C4A24B
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa
Signing time:             Thu 19 Mar 2026 10:46:48 +0000
ROA not before:           Thu 19 Mar 2026 10:41:48 +0000
ROA not after:            Thu 18 Mar 2027 10:46:48 +0000
asID:                     209043
IP address blocks:        31.6.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:7c:32:db:ac:6c:3a:5d:1a:a5:26:1c:4a:50:7b:74:b0:c4:a2:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 19 10:41:48 2026 GMT
            Not After : Mar 18 10:46:48 2027 GMT
        Subject: CN=3C0B560745FCF8BF3041C987F79529BAC94A833E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c7:06:dc:37:3d:26:b4:04:b1:65:ae:a5:aa:
                    70:67:0c:63:5e:f5:e5:67:df:a2:ca:fd:2e:aa:33:
                    91:07:3d:d9:c2:0e:31:72:b6:97:ec:93:a3:9f:54:
                    45:d7:83:9f:76:ba:a1:ea:9c:c2:e6:c2:d3:2a:c2:
                    d3:28:bd:cd:7b:d4:fd:7f:75:c7:73:64:85:86:28:
                    d4:dd:df:7d:d8:92:0c:cb:2a:c6:68:13:bc:39:a2:
                    d9:2c:54:db:57:a8:21:9d:4c:e8:f9:1d:4e:43:1d:
                    a7:eb:7f:91:ae:db:9e:1e:6f:30:d0:a5:17:50:44:
                    44:42:9a:c9:86:df:0e:44:86:56:d7:eb:27:b9:5c:
                    a2:a2:83:05:6d:e3:2e:b6:85:9c:9e:d3:ef:3c:47:
                    60:4a:d2:1a:3a:68:dd:be:56:20:fe:34:a5:32:8b:
                    f1:7a:82:3c:d6:41:ad:12:0a:16:b2:83:7d:a3:dc:
                    0e:63:38:ed:03:05:33:23:85:36:7c:0d:44:13:ee:
                    e3:83:9b:e5:8a:75:3f:c2:23:ea:93:fb:53:b8:8b:
                    05:0e:15:f5:ee:a9:2d:37:1b:85:fe:a9:b1:ee:71:
                    1c:8c:51:7b:b1:6f:da:7b:3f:1e:2c:94:23:d2:f0:
                    97:e3:c1:91:e2:57:16:4f:ce:7c:93:ab:7c:50:ae:
                    79:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:0B:56:07:45:FC:F8:BF:30:41:C9:87:F7:95:29:BA:C9:4A:83:3E
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34352e302f32342d3234203d3e20323039303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:5a:e6:35:21:ce:bf:90:15:f5:2f:16:3e:b6:b2:1c:9e:28:
         7e:6b:85:cc:3d:7a:c2:f0:38:99:62:f1:d3:26:a8:c1:d8:2d:
         85:66:c9:73:07:4b:c7:7d:85:3c:dd:61:8f:78:0e:6d:c6:45:
         d4:b2:23:b0:cf:56:12:33:9e:37:26:95:9a:57:5a:bd:55:25:
         61:47:ee:ac:b6:95:9f:8e:29:1e:e2:1b:2b:ba:df:58:e1:0f:
         b2:26:82:6b:0b:80:3e:27:d8:a9:9d:d1:11:c7:7e:75:0c:53:
         13:40:12:02:41:31:d8:0c:d0:2a:09:35:61:e0:9a:55:2b:11:
         4f:9f:49:10:6b:e3:a4:f8:2e:26:f1:12:c2:c6:1a:55:bd:7a:
         fd:81:d0:36:07:ce:8d:ff:8d:3b:81:9a:d6:3a:32:0d:b6:16:
         6c:02:b3:b1:3a:2b:c4:93:63:8f:f1:d1:0e:f0:3a:7f:35:ff:
         59:9c:5a:f7:3c:88:df:5c:82:b8:80:3d:b3:ef:6d:d1:b8:cc:
         c0:9c:32:4a:53:10:46:55:80:08:de:99:f4:2b:ac:99:16:93:
         e8:e9:5d:49:7c:23:4f:c5:4e:7a:51:bf:1d:7c:26:51:b8:b8:
         a5:56:20:8c:f3:1c:7f:0a:e6:c0:5f:35:19:7c:fe:6b:bb:cb:
         e8:43:b1:3e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNXwy26xsOl0apSYcSlB7dLDEokswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMTkxMDQxNDhaFw0yNzAzMTgxMDQ2NDhaMDMxMTAvBgNV
BAMTKDNDMEI1NjA3NDVGQ0Y4QkYzMDQxQzk4N0Y3OTUyOUJBQzk0QTgzM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpxwbcNz0mtASxZa6lqnBnDGNe
9eVn36LK/S6qM5EHPdnCDjFytpfsk6OfVEXXg592uqHqnMLmwtMqwtMovc171P1/
dcdzZIWGKNTd333YkgzLKsZoE7w5otksVNtXqCGdTOj5HU5DHafrf5Gu254ebzDQ
pRdQRERCmsmG3w5EhlbX6ye5XKKigwVt4y62hZye0+88R2BK0ho6aN2+ViD+NKUy
i/F6gjzWQa0SChayg32j3A5jOO0DBTMjhTZ8DUQT7uODm+WKdT/CI+qT+1O4iwUO
FfXuqS03G4X+qbHucRyMUXuxb9p7Px4slCPS8JfjwZHiVxZPznyTq3xQrnnTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUPAtWB0X8+L8wQcmH95UpuslKgz4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzkzMDM0MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi0w
DQYJKoZIhvcNAQELBQADggEBAGha5jUhzr+QFfUvFj62shyeKH5rhcw9esLwOJli
8dMmqMHYLYVmyXMHS8d9hTzdYY94Dm3GRdSyI7DPVhIznjcmlZpXWr1VJWFH7qy2
lZ+OKR7iGyu631jhD7ImgmsLgD4n2Kmd0RHHfnUMUxNAEgJBMdgM0CoJNWHgmlUr
EU+fSRBr46T4LibxEsLGGlW9ev2B0DYHzo3/jTuBmtY6Mg22FmwCs7E6K8STY4/x
0Q7wOn81/1mcWvc8iN9cgriAPbPvbdG4zMCcMkpTEEZVgAjemfQrrJkWk+jpXUl8
I0/FTnpRvx18JlG4uKVWIIzzHH8K5sBfNRl8/mu7y+hDsT4=
-----END CERTIFICATE-----