Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35332e302f32342d3234203d3e20323032363536.roa
File:                     33312e362e35332e302f32342d3234203d3e20323032363536.roa (raw, json)
Hash identifier:          5qO3a5GhZBjvQTikKAJjkqsPb0E8zgqWcHwuGDRlx+Y=
Subject key identifier:   40:01:39:FD:95:8F:6D:4A:11:BA:4D:22:D9:51:94:99:C6:44:84:09
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       13C3CA9579F65370251BAC4C33A7B035729E26A3
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35332e302f32342d3234203d3e20323032363536.roa
Signing time:             Thu 16 Oct 2025 23:55:08 +0000
ROA not before:           Thu 16 Oct 2025 23:50:08 +0000
ROA not after:            Thu 15 Oct 2026 23:55:08 +0000
asID:                     202656
IP address blocks:        31.6.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:c3:ca:95:79:f6:53:70:25:1b:ac:4c:33:a7:b0:35:72:9e:26:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct 16 23:50:08 2025 GMT
            Not After : Oct 15 23:55:08 2026 GMT
        Subject: CN=400139FD958F6D4A11BA4D22D9519499C6448409
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:26:6b:46:d9:2b:24:4e:c8:bb:74:2e:a9:6c:
                    5d:b6:e4:48:5a:d7:ba:f2:89:69:ff:c4:0a:88:49:
                    5a:1f:5a:7a:84:3c:64:32:1b:71:7d:d7:50:8f:a0:
                    eb:a2:7c:4f:77:b0:5a:bc:d9:52:37:7a:94:d7:a6:
                    77:80:ff:bf:cf:ba:96:91:23:67:c8:95:92:b4:52:
                    58:6d:1b:a1:da:a5:fe:c1:a1:bb:54:90:54:3e:59:
                    43:d9:7c:0f:c8:ad:6e:74:1e:65:b6:4c:9b:4c:ef:
                    a8:fe:70:fa:43:c5:2e:73:17:b9:26:0b:4e:d1:fd:
                    eb:da:ba:bb:63:a3:4f:b2:87:90:cb:76:bf:32:bb:
                    bc:24:08:cd:8e:59:d4:fa:eb:09:00:7d:85:3e:be:
                    4a:4b:7c:11:01:7e:ed:37:b1:89:0b:f3:a6:f4:73:
                    35:32:28:6f:83:8d:86:b4:f0:4a:b2:1f:93:69:88:
                    b4:a2:e4:d1:39:78:49:ab:ea:28:8a:5f:9a:a7:5e:
                    58:67:c9:87:8f:27:38:57:63:02:c5:62:75:f1:a8:
                    ae:39:30:f0:70:d6:bf:20:3a:16:84:2a:c9:8c:47:
                    67:8a:55:2b:fe:e2:20:ec:c5:28:67:c5:89:b6:30:
                    ad:ae:3d:1a:90:2d:a8:92:7b:e7:3f:31:21:4b:64:
                    1e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:01:39:FD:95:8F:6D:4A:11:BA:4D:22:D9:51:94:99:C6:44:84:09
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35332e302f32342d3234203d3e20323032363536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:e1:aa:68:6b:14:23:bd:90:01:c6:e8:e6:3f:32:86:b1:6c:
         fe:45:41:3d:1e:17:20:71:ba:9d:59:a5:3a:65:8d:a5:0b:a2:
         54:78:40:da:bc:63:10:56:c3:25:8a:01:30:dc:8e:6e:af:20:
         76:f0:1f:48:36:86:45:33:72:d5:14:c4:46:9b:8e:e1:95:43:
         ce:bb:57:8b:74:7b:55:cd:bc:d0:35:ce:66:e7:40:57:91:f2:
         16:e6:03:50:2f:71:5f:c4:1f:9d:d4:13:25:04:48:aa:07:79:
         5f:f1:19:b2:bb:d9:57:0b:b5:d4:a7:75:a4:a1:26:db:16:c0:
         50:ba:47:33:fe:02:c0:6a:6f:8f:ad:e9:38:a2:3a:ba:9e:03:
         52:70:d4:a5:d5:6d:72:de:f8:8d:9e:26:4a:dd:75:47:af:b2:
         a7:9d:63:be:e7:75:3d:dd:31:9a:d6:b4:0d:65:6e:e2:c1:16:
         ee:b8:b9:4f:bc:7d:e0:ec:04:95:a3:ec:84:67:1b:52:af:d7:
         4c:f0:4c:1d:31:06:59:e6:69:37:de:19:96:0f:ef:0c:34:78:
         e7:f6:05:86:f4:1c:5a:e3:a8:63:f3:5f:02:28:a9:63:8c:54:
         d1:f6:21:7b:ca:71:81:6d:16:c6:62:32:c6:a4:f6:69:64:a5:
         92:da:37:0c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUE8PKlXn2U3AlG6xMM6ewNXKeJqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTEwMTYyMzUwMDhaFw0yNjEwMTUyMzU1MDhaMDMxMTAvBgNV
BAMTKDQwMDEzOUZEOTU4RjZENEExMUJBNEQyMkQ5NTE5NDk5QzY0NDg0MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2JmtG2SskTsi7dC6pbF225Eha
17ryiWn/xAqISVofWnqEPGQyG3F911CPoOuifE93sFq82VI3epTXpneA/7/PupaR
I2fIlZK0UlhtG6Hapf7BobtUkFQ+WUPZfA/IrW50HmW2TJtM76j+cPpDxS5zF7km
C07R/evaurtjo0+yh5DLdr8yu7wkCM2OWdT66wkAfYU+vkpLfBEBfu03sYkL86b0
czUyKG+DjYa08EqyH5NpiLSi5NE5eEmr6iiKX5qnXlhnyYePJzhXYwLFYnXxqK45
MPBw1r8gOhaEKsmMR2eKVSv+4iDsxShnxYm2MK2uPRqQLaiSe+c/MSFLZB4ZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQAE5/ZWPbUoRuk0i2VGUmcZEhAkwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzIzNjM1MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjUw
DQYJKoZIhvcNAQELBQADggEBADjhqmhrFCO9kAHG6OY/MoaxbP5FQT0eFyBxup1Z
pTpljaULolR4QNq8YxBWwyWKATDcjm6vIHbwH0g2hkUzctUUxEabjuGVQ867V4t0
e1XNvNA1zmbnQFeR8hbmA1AvcV/EH53UEyUESKoHeV/xGbK72VcLtdSndaShJtsW
wFC6RzP+AsBqb4+t6TiiOrqeA1Jw1KXVbXLe+I2eJkrddUevsqedY77ndT3dMZrW
tA1lbuLBFu64uU+8feDsBJWj7IRnG1Kv10zwTB0xBlnmaTfeGZYP7ww0eOf2BYb0
HFrjqGPzXwIoqWOMVNH2IXvKcYFtFsZiMsak9mlkpZLaNww=
-----END CERTIFICATE-----