Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS44382.roa
File:                     AS44382.roa (raw, json)
Hash identifier:          pnT2w6yAfFvLU9Ap9dAix/HAlEDx7QDupGkZ4aUTdkU=
Subject key identifier:   48:3A:82:00:9C:99:DA:3C:6E:ED:7D:F0:CE:CD:EC:D1:E2:4B:CA:28
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       6265F048ED62FAE6E61DD46ED9F413C1CC9DCE39
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS44382.roa
Signing time:             Tue 19 Aug 2025 06:30:36 +0000
ROA not before:           Tue 19 Aug 2025 06:25:36 +0000
ROA not after:            Tue 18 Aug 2026 06:30:36 +0000
asID:                     44382
IP address blocks:        31.40.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:33:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:65:f0:48:ed:62:fa:e6:e6:1d:d4:6e:d9:f4:13:c1:cc:9d:ce:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Aug 19 06:25:36 2025 GMT
            Not After : Aug 18 06:30:36 2026 GMT
        Subject: CN=483A82009C99DA3C6EED7DF0CECDECD1E24BCA28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5d:92:e6:5b:a3:65:30:ec:3a:f2:c5:6e:b5:
                    34:48:33:89:a4:58:85:23:cf:12:ac:8c:bb:a1:f2:
                    98:cb:0d:e3:eb:fd:4c:c8:5a:d4:5a:95:cc:0f:5d:
                    9d:80:19:06:be:bb:f5:36:d8:ad:e5:47:01:77:10:
                    e3:3d:45:73:68:c1:1e:0c:4f:04:10:fb:c1:0c:e9:
                    b2:68:9d:66:84:e3:e5:a9:11:b0:7c:f0:88:e4:31:
                    0e:72:cb:88:dc:f5:15:3d:38:22:2b:30:f3:2d:3e:
                    e0:94:97:b0:89:72:8b:47:53:13:e8:9f:08:65:76:
                    5d:61:09:05:9e:b7:33:c3:ff:6e:4f:0d:51:1a:e6:
                    6e:0b:c0:36:29:2f:c7:46:28:8a:60:30:86:f1:31:
                    8c:91:f1:9f:1e:76:83:f1:ed:ce:01:0e:50:ce:26:
                    e8:e9:1e:31:ee:cb:b9:4b:98:03:f8:0d:44:21:cb:
                    64:5c:44:ae:db:c2:46:07:e7:f6:c0:8b:1b:22:92:
                    5a:a9:49:c5:c0:0a:e3:f0:c1:cd:87:00:b0:95:97:
                    6d:34:b6:0b:91:ff:c6:2a:4e:d5:8f:94:9e:76:e4:
                    d2:71:87:8f:89:ef:bf:73:1d:82:77:8d:f5:70:6d:
                    a0:2d:57:5e:e8:c4:f5:03:15:cf:1b:db:22:f0:09:
                    2e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:3A:82:00:9C:99:DA:3C:6E:ED:7D:F0:CE:CD:EC:D1:E2:4B:CA:28
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS44382.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:8f:20:8e:28:50:94:d7:6e:15:cc:c6:4d:7a:92:70:fc:22:
         d1:03:7e:13:5e:30:3a:88:88:bb:71:fe:9a:e6:29:e9:ef:dd:
         aa:33:7f:fd:1b:70:3b:09:92:9c:29:b2:d3:51:5c:da:97:91:
         b3:e3:7f:19:d3:e7:33:51:74:a3:21:4e:ef:ae:0a:ba:41:7e:
         80:61:41:0e:bc:0f:c4:db:96:21:6c:9d:ab:c6:8a:49:56:cd:
         37:4f:d1:bc:08:f2:35:fc:85:1b:0c:96:98:de:84:04:79:1d:
         09:19:99:1e:e4:5a:f9:dd:35:93:9c:24:5f:ef:81:47:68:d0:
         26:32:ab:cc:d6:bd:da:a1:10:f0:83:3f:34:ac:d0:a7:db:1a:
         e5:08:e7:4e:b9:ea:76:e1:91:d2:de:59:6e:c0:18:d1:8a:ce:
         38:5b:f8:76:35:f4:80:73:6b:bc:b2:d9:ad:d4:12:49:ff:8e:
         57:35:54:19:35:77:b3:54:25:f4:8d:95:26:c4:29:78:d3:83:
         2e:e7:5c:1a:d5:e4:40:fa:72:be:b5:9f:7e:ba:72:a7:16:03:
         4e:3f:e1:e1:27:14:ec:61:aa:02:fc:9d:c2:3d:28:bf:03:5e:
         56:71:24:ef:5a:dc:ea:da:29:63:ec:67:a7:89:82:cb:c9:fd:
         c3:59:6c:a0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYmXwSO1i+ubmHdRu2fQTwcydzjkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA4MTkwNjI1MzZaFw0yNjA4MTgwNjMwMzZaMDMxMTAvBgNV
BAMTKDQ4M0E4MjAwOUM5OURBM0M2RUVEN0RGMENFQ0RFQ0QxRTI0QkNBMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIXZLmW6NlMOw68sVutTRIM4mk
WIUjzxKsjLuh8pjLDePr/UzIWtRalcwPXZ2AGQa+u/U22K3lRwF3EOM9RXNowR4M
TwQQ+8EM6bJonWaE4+WpEbB88IjkMQ5yy4jc9RU9OCIrMPMtPuCUl7CJcotHUxPo
nwhldl1hCQWetzPD/25PDVEa5m4LwDYpL8dGKIpgMIbxMYyR8Z8edoPx7c4BDlDO
JujpHjHuy7lLmAP4DUQhy2RcRK7bwkYH5/bAixsiklqpScXACuPwwc2HALCVl200
tguR/8YqTtWPlJ525NJxh4+J779zHYJ3jfVwbaAtV17oxPUDFc8b2yLwCS4nAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUSDqCAJyZ2jxu7X3wzs3s0eJLyigwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTNDQzODIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfKMww
DQYJKoZIhvcNAQELBQADggEBAJWPII4oUJTXbhXMxk16knD8ItEDfhNeMDqIiLtx
/prmKenv3aozf/0bcDsJkpwpstNRXNqXkbPjfxnT5zNRdKMhTu+uCrpBfoBhQQ68
D8TbliFsnavGiklWzTdP0bwI8jX8hRsMlpjehAR5HQkZmR7kWvndNZOcJF/vgUdo
0CYyq8zWvdqhEPCDPzSs0KfbGuUI50656nbhkdLeWW7AGNGKzjhb+HY19IBza7yy
2a3UEkn/jlc1VBk1d7NUJfSNlSbEKXjTgy7nXBrV5ED6cr61n366cqcWA04/4eEn
FOxhqgL8ncI9KL8DXlZxJO9a3OraKWPsZ6eJgsvJ/cNZbKA=
-----END CERTIFICATE-----