Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20383334.roa
File:                     33312e362e35322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          wIbXiZB2UNyYerrFjKZwsOI4CCzcqc9XNPi6CNKJNvI=
Subject key identifier:   58:9B:43:76:31:23:16:13:AD:AC:05:59:60:68:72:CE:82:48:53:93
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       07B6C4F36B7BF5132264A60EC536382932E5584A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20383334.roa
Signing time:             Sun 26 Apr 2026 11:29:05 +0000
ROA not before:           Sun 26 Apr 2026 11:24:05 +0000
ROA not after:            Sun 25 Apr 2027 11:29:05 +0000
asID:                     834
IP address blocks:        31.6.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:b6:c4:f3:6b:7b:f5:13:22:64:a6:0e:c5:36:38:29:32:e5:58:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Apr 26 11:24:05 2026 GMT
            Not After : Apr 25 11:29:05 2027 GMT
        Subject: CN=589B437631231613ADAC0559606872CE82485393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:98:1e:56:65:28:91:c1:eb:83:5d:c9:bf:23:
                    01:8b:d3:66:1e:0e:5e:2b:ed:09:29:6d:f0:c2:f9:
                    5c:11:2a:66:4e:a8:ed:32:0b:c8:05:2c:e0:b9:35:
                    eb:a8:70:28:d4:1b:58:1a:1f:4e:3f:c0:88:4e:a8:
                    d5:ff:9f:63:46:37:30:ad:2d:98:32:fc:49:92:49:
                    47:84:ea:5c:ab:cb:5c:e7:5c:ea:f9:91:5e:18:dc:
                    75:1b:2f:bc:92:2b:22:31:be:69:b3:9b:21:b8:99:
                    e2:12:22:34:f1:34:a4:8b:e7:22:e5:c0:78:d2:ca:
                    fa:aa:83:d2:2f:fc:15:07:3a:8d:e4:f9:10:c3:cb:
                    2d:f8:a2:72:9b:ee:7b:4c:3f:31:fc:73:13:41:04:
                    83:ab:7c:f0:36:27:1a:23:33:b5:c3:30:4f:ef:63:
                    9c:06:26:c7:cc:3a:a6:0c:0f:db:ff:96:81:c2:df:
                    41:a6:a5:c4:88:12:4d:3d:b7:0a:d9:23:fb:5b:32:
                    a6:a9:10:62:a1:fd:54:29:98:aa:0a:10:39:9f:b3:
                    f5:17:f4:13:cd:29:cd:41:c0:ac:f8:38:23:36:53:
                    f4:47:e8:e9:3a:9b:eb:54:2c:b4:52:04:5d:d0:8f:
                    3a:70:67:58:2a:35:63:43:62:e6:b6:bc:ea:be:15:
                    9a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:9B:43:76:31:23:16:13:AD:AC:05:59:60:68:72:CE:82:48:53:93
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ba:b0:98:59:53:17:2c:29:5c:e7:23:d3:fd:5f:5d:3f:95:
         89:29:c8:ad:83:12:04:2c:8c:47:58:2d:6f:cd:70:3e:c0:b3:
         25:3e:30:78:89:98:f2:54:d7:da:fb:c6:4d:f4:ed:3c:f8:e8:
         e9:38:a7:7d:f5:25:3e:86:5d:b2:8c:a7:62:22:c0:d3:ee:bd:
         db:71:75:8a:5d:60:60:22:9c:c3:9f:ac:8a:39:03:15:53:3b:
         61:b5:f9:8c:67:a8:a7:b6:fc:d4:0d:18:91:e1:df:1b:12:7e:
         70:f9:64:e4:17:6e:66:58:8f:a7:f7:9e:a2:5a:50:b4:41:91:
         ed:cb:91:10:b9:6e:7d:c4:d8:fb:8c:3c:43:fd:6e:a0:9c:32:
         27:29:f3:9a:9b:96:18:68:79:37:32:c2:81:f0:a8:e2:c3:11:
         ee:1a:55:7b:58:b8:f8:31:38:7d:eb:ac:5f:dd:45:d0:b3:95:
         ee:c6:a1:ab:eb:61:41:b9:61:f1:36:95:f4:c3:24:79:83:d9:
         64:10:bf:4b:03:81:49:87:8a:b2:4b:f8:02:58:8d:22:e2:2d:
         f3:b5:37:60:53:7b:a8:7e:ac:9c:3b:3f:57:d9:ff:da:42:24:
         fb:02:2a:fb:5c:47:fe:77:14:3d:e1:38:d8:55:e5:b2:c1:ef:
         2c:0b:9e:b1
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUB7bE82t79RMiZKYOxTY4KTLlWEowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjA0MjYxMTI0MDVaFw0yNzA0MjUxMTI5MDVaMDMxMTAvBgNV
BAMTKDU4OUI0Mzc2MzEyMzE2MTNBREFDMDU1OTYwNjg3MkNFODI0ODUzOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgmB5WZSiRweuDXcm/IwGL02Ye
Dl4r7QkpbfDC+VwRKmZOqO0yC8gFLOC5NeuocCjUG1gaH04/wIhOqNX/n2NGNzCt
LZgy/EmSSUeE6lyry1znXOr5kV4Y3HUbL7ySKyIxvmmzmyG4meISIjTxNKSL5yLl
wHjSyvqqg9Iv/BUHOo3k+RDDyy34onKb7ntMPzH8cxNBBIOrfPA2JxojM7XDME/v
Y5wGJsfMOqYMD9v/loHC30GmpcSIEk09twrZI/tbMqapEGKh/VQpmKoKEDmfs/UX
9BPNKc1BwKz4OCM2U/RH6Ok6m+tULLRSBF3QjzpwZ1gqNWNDYua2vOq+FZoHAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUWJtDdjEjFhOtrAVZYGhyzoJIU5MwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjQwDQYJKoZI
hvcNAQELBQADggEBAGa6sJhZUxcsKVznI9P9X10/lYkpyK2DEgQsjEdYLW/NcD7A
syU+MHiJmPJU19r7xk307Tz46Ok4p331JT6GXbKMp2IiwNPuvdtxdYpdYGAinMOf
rIo5AxVTO2G1+YxnqKe2/NQNGJHh3xsSfnD5ZOQXbmZYj6f3nqJaULRBke3LkRC5
bn3E2PuMPEP9bqCcMicp85qblhhoeTcywoHwqOLDEe4aVXtYuPgxOH3rrF/dRdCz
le7GoavrYUG5YfE2lfTDJHmD2WQQv0sDgUmHirJL+AJYjSLiLfO1N2BTe6h+rJw7
P1fZ/9pCJPsCKvtcR/53FD3hONhV5bLB7ywLnrE=
-----END CERTIFICATE-----