Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32332d3234203d3e2039333034.roa
File:                     33312e362e35342e302f32332d3234203d3e2039333034.roa (raw, json)
Hash identifier:          AQFcfVSBqUdw59eGO/72ifDQkvc3LTs3B1sk7xXcFXo=
Subject key identifier:   3B:AD:B1:17:1B:0B:F1:75:A4:43:7B:35:38:2D:91:50:51:E2:D3:E9
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       6141EC242BED4FC45C36BA9D370B120273F2A5A8
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32332d3234203d3e2039333034.roa
Signing time:             Wed 25 Mar 2026 13:00:28 +0000
ROA not before:           Wed 25 Mar 2026 12:55:28 +0000
ROA not after:            Wed 24 Mar 2027 13:00:28 +0000
asID:                     9304
IP address blocks:        31.6.54.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 14:30:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:41:ec:24:2b:ed:4f:c4:5c:36:ba:9d:37:0b:12:02:73:f2:a5:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 25 12:55:28 2026 GMT
            Not After : Mar 24 13:00:28 2027 GMT
        Subject: CN=3BADB1171B0BF175A4437B35382D915051E2D3E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1a:28:23:dd:cf:d3:b8:84:38:cb:02:a2:ef:
                    10:17:8d:b1:ae:e9:76:25:7b:ab:1b:88:e2:d9:30:
                    5e:0b:a9:52:d2:29:75:85:7e:75:47:e6:f7:0d:32:
                    de:1f:4f:29:77:fe:71:bf:4b:5f:0f:5e:89:41:21:
                    4a:02:b7:20:72:a8:cd:8c:96:94:72:87:aa:f5:68:
                    40:ed:df:ac:44:e4:2b:22:3f:a2:0c:6e:10:21:1e:
                    62:f2:0d:eb:86:58:27:0e:83:e4:ee:28:25:f1:a3:
                    0c:5d:cb:6a:72:36:a2:bb:35:f4:10:1f:1c:c2:d3:
                    16:63:24:37:4c:a1:b2:6e:6e:3d:a4:97:bc:7a:54:
                    1f:bb:d1:49:84:f4:2e:ca:bd:b2:05:c7:06:cf:6c:
                    e5:31:59:ef:68:fe:a5:5b:d1:37:e8:e9:1e:3d:9e:
                    eb:98:88:15:a4:b6:62:5d:e4:66:08:31:13:ed:da:
                    80:17:ca:15:b2:98:ab:4a:f0:40:29:f2:78:b5:c3:
                    5e:67:f8:58:3b:e9:f4:43:f5:7b:56:e0:b9:d4:39:
                    7c:5e:51:8a:0a:c4:f0:82:af:2e:0f:d3:4a:84:95:
                    bd:f8:98:65:f7:e4:19:b0:59:0f:9e:fe:b1:f0:9f:
                    bd:12:f2:01:bd:81:b0:e5:c3:11:07:2f:4f:d0:ea:
                    dc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:AD:B1:17:1B:0B:F1:75:A4:43:7B:35:38:2D:91:50:51:E2:D3:E9
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35342e302f32332d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:4e:a1:04:fe:1a:3c:6f:1e:ee:8c:4e:98:4d:62:91:ff:42:
         78:af:38:04:24:f0:d3:3b:75:aa:06:04:86:a7:d1:7d:10:90:
         1a:88:27:2b:47:0a:75:d2:aa:ef:b3:03:e1:7a:b0:2c:d9:36:
         10:06:4b:6a:6b:bc:d8:5a:81:a8:ed:69:1f:6c:76:95:f5:03:
         f1:da:35:69:09:2d:8a:ab:9a:7a:86:92:7d:65:c8:d8:35:f5:
         b6:50:69:8a:e1:aa:bb:21:04:a4:e0:6f:be:eb:bc:c0:4b:66:
         ad:cd:da:fc:8b:28:37:14:cd:93:78:62:14:04:8c:22:e3:63:
         14:61:1b:fd:1f:2e:b0:97:6e:df:af:7b:07:a5:72:5a:24:36:
         96:80:e1:06:ef:19:10:b2:d2:a0:90:5a:6b:b8:8b:9b:31:92:
         fa:1a:56:9f:19:79:c8:00:46:10:cf:b5:e2:dc:49:59:0d:91:
         86:fa:a7:32:f7:46:1f:cc:86:49:12:73:17:97:25:a0:d4:b9:
         e1:57:5f:d7:9a:8a:3a:19:52:b0:a7:78:72:ef:e4:b8:77:1f:
         65:b6:22:a3:b6:8a:ed:28:83:64:87:ec:94:d3:41:f1:6a:bb:
         12:df:01:e7:1f:ce:16:bd:00:d9:fa:7f:49:aa:9a:95:03:fe:
         3c:7b:8b:a6
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUYUHsJCvtT8RcNrqdNwsSAnPypagwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMjUxMjU1MjhaFw0yNzAzMjQxMzAwMjhaMDMxMTAvBgNV
BAMTKDNCQURCMTE3MUIwQkYxNzVBNDQzN0IzNTM4MkQ5MTUwNTFFMkQzRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvGigj3c/TuIQ4ywKi7xAXjbGu
6XYle6sbiOLZMF4LqVLSKXWFfnVH5vcNMt4fTyl3/nG/S18PXolBIUoCtyByqM2M
lpRyh6r1aEDt36xE5CsiP6IMbhAhHmLyDeuGWCcOg+TuKCXxowxdy2pyNqK7NfQQ
HxzC0xZjJDdMobJubj2kl7x6VB+70UmE9C7KvbIFxwbPbOUxWe9o/qVb0Tfo6R49
nuuYiBWktmJd5GYIMRPt2oAXyhWymKtK8EAp8ni1w15n+Fg76fRD9XtW4LnUOXxe
UYoKxPCCry4P00qElb34mGX35BmwWQ+e/rHwn70S8gG9gbDlwxEHL0/Q6txFAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUO62xFxsL8XWkQ3s1OC2RUFHi0+kwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzQyZTMw
MmYzMjMzMmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAR8GNjANBgkq
hkiG9w0BAQsFAAOCAQEAGk6hBP4aPG8e7oxOmE1ikf9CeK84BCTw0zt1qgYEhqfR
fRCQGognK0cKddKq77MD4XqwLNk2EAZLamu82FqBqO1pH2x2lfUD8do1aQktiqua
eoaSfWXI2DX1tlBpiuGquyEEpOBvvuu8wEtmrc3a/IsoNxTNk3hiFASMIuNjFGEb
/R8usJdu3697B6VyWiQ2loDhBu8ZELLSoJBaa7iLmzGS+hpWnxl5yABGEM+14txJ
WQ2RhvqnMvdGH8yGSRJzF5cloNS54Vdf15qKOhlSsKd4cu/kuHcfZbYio7aK7SiD
ZIfslNNB8Wq7Et8B5x/OFr0A2fp/SaqalQP+PHuLpg==
-----END CERTIFICATE-----