Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35372e302f32342d3234203d3e20333935333734.roa
File:                     33312e362e35372e302f32342d3234203d3e20333935333734.roa (raw, json)
Hash identifier:          iZ5RmfKXzxIvkAtHL/Lluyf82fmzTscs7ijUs/FaoLk=
Subject key identifier:   31:DF:EC:D2:0D:9D:7A:87:88:44:45:57:AA:FF:05:1F:BC:25:F3:5F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4AF47ED48F325BD818FEA84270B8D2B7AA62332F
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35372e302f32342d3234203d3e20333935333734.roa
Signing time:             Fri 27 Jun 2025 09:51:45 +0000
ROA not before:           Fri 27 Jun 2025 09:46:45 +0000
ROA not after:            Fri 26 Jun 2026 09:51:45 +0000
asID:                     395374
IP address blocks:        31.6.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 03:14:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:f4:7e:d4:8f:32:5b:d8:18:fe:a8:42:70:b8:d2:b7:aa:62:33:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jun 27 09:46:45 2025 GMT
            Not After : Jun 26 09:51:45 2026 GMT
        Subject: CN=31DFECD20D9D7A8788444557AAFF051FBC25F35F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:03:38:e0:2d:14:b0:51:a4:2b:8d:65:4d:00:
                    df:9e:72:be:09:a9:22:57:78:a2:1c:5b:aa:eb:e2:
                    fd:7f:b3:a0:e1:14:f4:1a:89:90:31:80:e7:04:90:
                    52:cb:ce:a4:ea:59:7e:f8:c4:c6:63:46:ca:5f:9f:
                    17:eb:02:78:10:0d:2f:8b:c3:f6:3f:d9:e3:72:23:
                    60:d4:60:15:4d:08:76:4a:a4:47:85:7e:fd:7a:1f:
                    cb:45:67:a0:2e:e1:6a:d2:6e:02:fb:01:d6:11:f2:
                    bb:2f:25:b1:74:14:f0:c2:70:ea:9a:6c:e9:fc:44:
                    db:58:31:25:1c:ae:0b:0a:f4:8d:94:8f:ce:de:6b:
                    f6:e7:b7:92:d6:5f:54:d1:b8:e7:f6:67:1d:4d:b1:
                    df:dc:fa:7a:79:31:dd:41:a1:2c:79:55:05:cc:51:
                    bf:b7:61:45:0a:de:fb:5e:13:91:35:db:69:78:39:
                    f1:b3:cb:76:3d:15:9a:2c:e2:dc:24:3e:3d:28:57:
                    50:b0:41:dd:cf:b8:e8:59:99:29:bd:cf:59:27:15:
                    ad:d2:9a:7d:f6:32:2d:0f:a9:29:48:1b:4c:5d:f5:
                    be:d1:0a:0e:9e:95:03:e3:30:5c:b6:bd:6b:6b:4a:
                    6f:18:47:e3:de:fd:21:5a:3a:ec:7f:b3:0a:58:78:
                    fc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DF:EC:D2:0D:9D:7A:87:88:44:45:57:AA:FF:05:1F:BC:25:F3:5F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35372e302f32342d3234203d3e20333935333734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b5:df:05:52:e4:04:14:df:a6:b1:73:34:e9:64:56:16:9c:
         f5:46:66:19:d5:0b:4d:0e:f3:d0:27:53:0c:de:b5:6b:40:7f:
         ff:a6:f0:a8:aa:11:c6:a2:c1:7d:7d:3d:e7:eb:0e:39:35:49:
         9c:40:a8:4b:a2:df:55:d6:22:88:8b:41:12:1f:c2:7d:c9:2b:
         7c:29:fc:07:26:16:6b:51:50:42:9d:6b:d2:52:4e:e8:03:7c:
         cd:1e:d0:02:7c:4f:ec:cd:80:df:3b:c5:2c:ff:84:c8:0b:96:
         e3:a3:bc:a5:19:e3:f9:06:2c:30:d1:95:fe:ab:a2:4f:07:af:
         83:8a:ab:1a:7d:2f:69:71:a7:65:34:19:23:47:53:1a:37:8d:
         61:1a:ff:a7:fa:e1:01:9e:5c:e7:e1:8b:dd:f5:06:6c:02:a9:
         d9:01:0b:50:77:86:92:6e:81:f2:32:4a:ca:da:cf:d3:5b:b9:
         9a:16:d9:55:9e:68:5d:3b:49:c7:14:f8:ac:ff:21:91:48:9b:
         57:f1:eb:6c:b0:4e:be:89:3f:91:d6:09:b7:ff:ea:b6:90:56:
         5b:75:d9:2a:df:65:f7:a4:06:65:a1:aa:3b:86:b1:45:04:de:
         dd:a0:f6:30:0c:8c:a3:b7:18:4b:b6:a4:27:a0:f5:b3:72:1f:
         34:18:6f:b4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSvR+1I8yW9gY/qhCcLjSt6piMy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA2MjcwOTQ2NDVaFw0yNjA2MjYwOTUxNDVaMDMxMTAvBgNV
BAMTKDMxREZFQ0QyMEQ5RDdBODc4ODQ0NDU1N0FBRkYwNTFGQkMyNUYzNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkAzjgLRSwUaQrjWVNAN+ecr4J
qSJXeKIcW6rr4v1/s6DhFPQaiZAxgOcEkFLLzqTqWX74xMZjRspfnxfrAngQDS+L
w/Y/2eNyI2DUYBVNCHZKpEeFfv16H8tFZ6Au4WrSbgL7AdYR8rsvJbF0FPDCcOqa
bOn8RNtYMSUcrgsK9I2Uj87ea/bnt5LWX1TRuOf2Zx1Nsd/c+np5Md1BoSx5VQXM
Ub+3YUUK3vteE5E122l4OfGzy3Y9FZos4twkPj0oV1CwQd3PuOhZmSm9z1knFa3S
mn32Mi0PqSlIG0xd9b7RCg6elQPjMFy2vWtrSm8YR+Pe/SFaOux/swpYePxRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMd/s0g2deoeIREVXqv8FH7wl818wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzUzMzM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjkw
DQYJKoZIhvcNAQELBQADggEBACu13wVS5AQU36axczTpZFYWnPVGZhnVC00O89An
UwzetWtAf/+m8KiqEcaiwX19PefrDjk1SZxAqEui31XWIoiLQRIfwn3JK3wp/Acm
FmtRUEKda9JSTugDfM0e0AJ8T+zNgN87xSz/hMgLluOjvKUZ4/kGLDDRlf6rok8H
r4OKqxp9L2lxp2U0GSNHUxo3jWEa/6f64QGeXOfhi931BmwCqdkBC1B3hpJugfIy
Ssraz9NbuZoW2VWeaF07SccU+Kz/IZFIm1fx62ywTr6JP5HWCbf/6raQVlt12Srf
ZfekBmWhqjuGsUUE3t2g9jAMjKO3GEu2pCeg9bNyHzQYb7Q=
-----END CERTIFICATE-----