Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323131333733.roa
File:                     33312e362e34362e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          BGnEAqmo+F5DG2Z3Vq0uYVR2im3GRIZ/Ou7jFzSbTYY=
Subject key identifier:   40:53:68:87:ED:FE:89:42:5F:DC:87:25:4D:40:61:A1:4A:72:04:A3
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       7C05D2790495EC984C32FD833353B78CCCD1C63F
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323131333733.roa
Signing time:             Wed 25 Jun 2025 08:48:11 +0000
ROA not before:           Wed 25 Jun 2025 08:43:11 +0000
ROA not after:            Wed 24 Jun 2026 08:48:11 +0000
asID:                     211373
IP address blocks:        31.6.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:05:d2:79:04:95:ec:98:4c:32:fd:83:33:53:b7:8c:cc:d1:c6:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jun 25 08:43:11 2025 GMT
            Not After : Jun 24 08:48:11 2026 GMT
        Subject: CN=40536887EDFE89425FDC87254D4061A14A7204A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:70:bd:ad:41:94:c4:54:2c:f7:c9:02:52:12:
                    12:4c:6d:6f:f5:8c:d7:10:dc:f4:75:8f:15:87:04:
                    8e:7a:94:be:6c:48:3a:97:09:4e:42:aa:3f:9c:18:
                    34:ab:92:1a:c5:2f:33:c1:a5:33:94:da:b2:ef:41:
                    d4:d7:bb:29:ec:1d:91:03:55:82:59:db:7c:29:14:
                    19:45:b5:05:39:51:d0:e8:98:40:6d:cf:25:73:56:
                    4e:d2:87:7e:9c:7d:26:67:d7:53:4d:ec:ac:39:e0:
                    33:f2:4f:8e:c3:ca:1b:be:db:ad:d9:94:a1:f5:74:
                    95:01:fe:ab:4b:d2:0b:d3:1b:a6:a4:8a:a3:50:55:
                    02:e7:cd:e7:44:06:3e:b7:0c:99:60:55:24:dc:bf:
                    8b:96:a9:32:1a:31:96:7c:d7:82:23:fe:f4:b6:91:
                    3d:ba:ab:8f:4e:a3:57:a1:55:bc:47:0d:4c:81:58:
                    40:c7:8e:54:4d:32:21:7e:7e:d5:03:8d:ca:37:d5:
                    fd:e5:e2:c7:0f:05:02:26:0e:00:73:0b:d9:df:6f:
                    49:8f:71:cc:47:f0:0d:41:01:8c:7f:e8:e5:4b:c0:
                    dd:ac:06:3e:23:75:21:41:de:27:a6:46:bf:07:0c:
                    7c:5a:17:48:b9:ba:f7:72:29:8f:be:f6:54:44:a6:
                    b9:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:53:68:87:ED:FE:89:42:5F:DC:87:25:4D:40:61:A1:4A:72:04:A3
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:0d:e1:e4:c6:e1:fc:1a:37:49:fe:d1:bc:bd:30:08:37:87:
         ee:08:f8:ad:61:7b:05:e2:ca:9e:34:3d:78:bb:e1:8d:54:9d:
         36:16:5f:0d:7e:cf:22:d7:1e:0b:4b:ed:8a:89:8b:92:bf:ec:
         72:80:68:7f:87:87:25:1c:c8:29:07:b1:a3:9d:93:0e:85:03:
         d6:00:fc:7f:c9:52:ec:cd:4c:53:e1:b6:41:f6:8b:00:71:b8:
         de:11:ab:79:da:54:6e:40:a7:91:25:36:33:32:f4:86:bc:63:
         75:95:25:bb:5c:88:36:6a:ca:90:d6:cf:08:94:a4:48:34:64:
         ad:a5:0a:54:a1:24:a8:16:de:53:61:b2:d1:22:82:65:ef:e8:
         41:5c:05:ec:a0:45:97:79:6b:12:83:a5:9c:c4:e0:16:3b:84:
         02:61:65:6f:09:bf:29:4e:54:e0:b8:53:dc:a4:ac:24:ec:da:
         65:05:7f:b9:b9:6b:1e:db:13:85:54:49:1f:16:bf:4b:ca:41:
         9f:9f:76:3a:57:fe:29:01:92:ed:6b:5d:72:df:20:ff:9f:41:
         d2:55:67:a8:1a:cb:ad:34:35:7a:e3:f9:ab:0d:e6:99:6e:6a:
         da:72:d9:91:12:a8:73:07:62:27:93:b3:a1:61:6c:ff:6c:a3:
         9b:76:77:a5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfAXSeQSV7JhMMv2DM1O3jMzRxj8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA2MjUwODQzMTFaFw0yNjA2MjQwODQ4MTFaMDMxMTAvBgNV
BAMTKDQwNTM2ODg3RURGRTg5NDI1RkRDODcyNTRENDA2MUExNEE3MjA0QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkcL2tQZTEVCz3yQJSEhJMbW/1
jNcQ3PR1jxWHBI56lL5sSDqXCU5Cqj+cGDSrkhrFLzPBpTOU2rLvQdTXuynsHZED
VYJZ23wpFBlFtQU5UdDomEBtzyVzVk7Sh36cfSZn11NN7Kw54DPyT47Dyhu+263Z
lKH1dJUB/qtL0gvTG6akiqNQVQLnzedEBj63DJlgVSTcv4uWqTIaMZZ814Ij/vS2
kT26q49Oo1ehVbxHDUyBWEDHjlRNMiF+ftUDjco31f3l4scPBQImDgBzC9nfb0mP
ccxH8A1BAYx/6OVLwN2sBj4jdSFB3iemRr8HDHxaF0i5uvdyKY++9lREprkVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQFNoh+3+iUJf3IclTUBhoUpyBKMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzEzMzM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi4w
DQYJKoZIhvcNAQELBQADggEBAC8N4eTG4fwaN0n+0by9MAg3h+4I+K1hewXiyp40
PXi74Y1UnTYWXw1+zyLXHgtL7YqJi5K/7HKAaH+HhyUcyCkHsaOdkw6FA9YA/H/J
UuzNTFPhtkH2iwBxuN4Rq3naVG5Ap5ElNjMy9Ia8Y3WVJbtciDZqypDWzwiUpEg0
ZK2lClShJKgW3lNhstEigmXv6EFcBeygRZd5axKDpZzE4BY7hAJhZW8JvylOVOC4
U9ykrCTs2mUFf7m5ax7bE4VUSR8Wv0vKQZ+fdjpX/ikBku1rXXLfIP+fQdJVZ6ga
y600NXrj+asN5pluatpy2ZESqHMHYieTs6FhbP9so5t2d6U=
-----END CERTIFICATE-----