Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20333939303733.roa
File:                     33312e362e35312e302f32342d3234203d3e20333939303733.roa (raw, json)
Hash identifier:          MVzVFXXmuMQ/zh+6pR5voWaaU0k9GEHcsC+fdwRQNSg=
Subject key identifier:   26:60:CB:3A:3B:D3:B2:D3:45:F2:6A:40:E3:6B:47:B1:D1:67:3B:48
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       25F22EA0AAB6AE4B5D41F8CDA055E023629D902A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20333939303733.roa
Signing time:             Wed 13 Aug 2025 09:26:20 +0000
ROA not before:           Wed 13 Aug 2025 09:21:20 +0000
ROA not after:            Wed 12 Aug 2026 09:26:20 +0000
asID:                     399073
IP address blocks:        31.6.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f2:2e:a0:aa:b6:ae:4b:5d:41:f8:cd:a0:55:e0:23:62:9d:90:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug 13 09:21:20 2025 GMT
            Not After : Aug 12 09:26:20 2026 GMT
        Subject: CN=2660CB3A3BD3B2D345F26A40E36B47B1D1673B48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8b:e4:90:8e:2e:8c:97:51:ba:b4:72:64:c3:
                    c6:f1:a8:36:4c:9d:bd:4c:7f:9f:97:50:1a:d6:17:
                    f9:9b:a1:13:0f:af:33:1a:3a:2a:c5:48:62:f7:29:
                    10:63:cb:4f:c4:81:7c:74:35:8d:a1:86:4f:b6:0e:
                    50:61:81:96:d5:d7:e9:8f:37:66:cc:8c:75:b0:60:
                    c0:74:d1:68:7f:da:ae:8f:ae:5c:3b:c5:7d:19:8e:
                    de:1c:cc:16:af:9a:07:eb:a5:37:b0:7e:56:03:d8:
                    8d:71:49:d0:bb:b6:b3:ea:59:5b:7e:65:86:25:7c:
                    36:08:40:42:d1:92:62:0c:91:89:a4:48:40:6a:66:
                    74:c1:93:c1:d6:88:10:4f:e1:70:7d:c3:a2:c2:a7:
                    ab:57:71:8e:07:21:11:57:b7:4b:c6:c2:ab:2e:eb:
                    d9:cf:6b:7f:c3:28:09:65:a9:ec:0d:26:a5:66:c3:
                    5e:ad:f7:40:25:f1:cf:bf:66:41:34:91:16:87:07:
                    aa:6e:e7:1b:9d:44:8c:b9:2c:d9:f8:a9:2a:bc:0d:
                    8f:fb:07:4d:1f:04:67:39:47:52:f7:61:e1:7d:7a:
                    60:61:97:75:58:1a:ca:89:56:fa:23:f2:18:ef:e0:
                    24:c7:fb:93:71:11:0e:76:32:3a:2a:f5:04:04:c6:
                    05:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:60:CB:3A:3B:D3:B2:D3:45:F2:6A:40:E3:6B:47:B1:D1:67:3B:48
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20333939303733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:f8:8b:c7:78:b9:01:0e:c9:3c:8d:32:1a:29:53:4d:f0:4e:
         b4:f8:c5:ce:45:04:2d:a7:54:cc:f0:cd:b1:6e:3d:5c:ad:cf:
         13:4f:a8:1e:d7:30:05:d8:9c:24:eb:3b:96:6d:67:0e:22:7f:
         2f:01:36:ae:96:30:44:38:52:36:f7:b5:a7:97:ef:14:45:ea:
         58:ef:90:80:8f:f2:01:28:c2:ef:c4:f1:6f:a5:94:3a:16:fa:
         88:00:f4:c4:9e:8b:ab:cc:f4:a7:10:39:af:3d:a0:08:99:c4:
         fd:9f:bf:d2:cc:5e:5c:f9:3c:04:29:36:2f:76:8f:f4:a3:27:
         21:a3:af:5f:22:67:2d:b2:72:95:77:55:43:a4:5a:12:9f:ab:
         61:44:51:f8:47:1b:fc:f5:14:c9:0a:0c:c8:7b:5c:1e:eb:a5:
         6f:31:17:59:c0:ea:34:56:3d:1a:d8:7b:b3:40:b3:ea:6c:23:
         ae:a0:f8:d5:b6:5c:08:94:70:78:c6:99:c3:3e:b7:7c:d2:02:
         8f:a7:9b:b0:36:8f:92:2c:23:9a:13:e8:92:d1:60:ef:74:40:
         24:e9:6c:10:b2:a5:26:58:9e:86:8b:46:f8:39:78:08:14:2f:
         9e:61:11:3d:4a:84:89:2a:84:70:07:87:5d:6c:59:7a:67:37:
         f4:6c:20:d7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJfIuoKq2rktdQfjNoFXgI2KdkCowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MTMwOTIxMjBaFw0yNjA4MTIwOTI2MjBaMDMxMTAvBgNV
BAMTKDI2NjBDQjNBM0JEM0IyRDM0NUYyNkE0MEUzNkI0N0IxRDE2NzNCNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpi+SQji6Ml1G6tHJkw8bxqDZM
nb1Mf5+XUBrWF/mboRMPrzMaOirFSGL3KRBjy0/EgXx0NY2hhk+2DlBhgZbV1+mP
N2bMjHWwYMB00Wh/2q6Prlw7xX0Zjt4czBavmgfrpTewflYD2I1xSdC7trPqWVt+
ZYYlfDYIQELRkmIMkYmkSEBqZnTBk8HWiBBP4XB9w6LCp6tXcY4HIRFXt0vGwqsu
69nPa3/DKAllqewNJqVmw16t90Al8c+/ZkE0kRaHB6pu5xudRIy5LNn4qSq8DY/7
B00fBGc5R1L3YeF9emBhl3VYGsqJVvoj8hjv4CTH+5NxEQ52Mjoq9QQExgWJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJmDLOjvTstNF8mpA42tHsdFnO0gwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzkzMDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjMw
DQYJKoZIhvcNAQELBQADggEBAJL4i8d4uQEOyTyNMhopU03wTrT4xc5FBC2nVMzw
zbFuPVytzxNPqB7XMAXYnCTrO5ZtZw4ify8BNq6WMEQ4Ujb3taeX7xRF6ljvkICP
8gEowu/E8W+llDoW+ogA9MSei6vM9KcQOa89oAiZxP2fv9LMXlz5PAQpNi92j/Sj
JyGjr18iZy2ycpV3VUOkWhKfq2FEUfhHG/z1FMkKDMh7XB7rpW8xF1nA6jRWPRrY
e7NAs+psI66g+NW2XAiUcHjGmcM+t3zSAo+nm7A2j5IsI5oT6JLRYO90QCTpbBCy
pSZYnoaLRvg5eAgUL55hET1KhIkqhHAHh11sWXpnN/RsINc=
-----END CERTIFICATE-----