Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33312e32322e31312e302f32342d3234203d3e20313336373837.roa
File:                     33312e32322e31312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          cs/ge5W6aB3nG9wPPu9n3JVvzRUCoPRZhnPg6gVjcxE=
Subject key identifier:   02:3F:41:EC:88:C9:C0:DF:A5:34:D7:A6:5A:69:2C:75:4F:C7:53:0B
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       52C2B951AE37DAD376E3881CE811B84398EDC9A6
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33312e32322e31312e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 05 May 2026 20:24:04 +0000
ROA not before:           Tue 05 May 2026 20:19:04 +0000
ROA not after:            Tue 04 May 2027 20:24:04 +0000
asID:                     136787
IP address blocks:        31.22.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 11:35:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:c2:b9:51:ae:37:da:d3:76:e3:88:1c:e8:11:b8:43:98:ed:c9:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May  5 20:19:04 2026 GMT
            Not After : May  4 20:24:04 2027 GMT
        Subject: CN=023F41EC88C9C0DFA534D7A65A692C754FC7530B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9d:1b:32:c9:2e:b7:6f:98:0a:ce:8e:13:97:
                    20:ea:f2:31:97:ce:21:d8:58:d7:e5:28:26:65:4e:
                    83:3f:f2:7e:b1:65:58:f0:f6:5f:a8:76:4f:5b:2e:
                    bb:35:d3:d9:cb:86:5c:e9:d9:80:5e:02:7f:92:6b:
                    5c:91:49:cd:98:ce:8b:41:11:41:07:56:20:00:48:
                    5d:82:f6:af:52:e9:94:ba:c1:6e:04:21:42:82:76:
                    ca:49:0d:cc:89:c6:3d:2a:87:2f:0e:a4:20:94:50:
                    8d:b7:2a:8c:9b:c3:d6:59:90:23:f7:42:e0:47:8c:
                    83:e8:51:39:f6:12:e5:b5:6f:c1:99:5e:fa:ff:4f:
                    26:09:5d:70:28:58:09:65:b7:b6:84:20:81:9c:4c:
                    ad:e7:53:16:86:81:f5:ee:b4:c9:12:8f:64:46:d0:
                    b2:53:d8:db:b6:05:09:d5:cc:32:2d:ee:cf:5d:d2:
                    e0:c6:4a:1c:e2:82:90:80:53:47:77:3b:61:22:87:
                    9b:05:7f:29:54:89:9f:da:7b:03:b3:75:b7:52:26:
                    cc:9d:6e:f3:2f:bd:54:39:cf:50:09:a4:6d:f1:41:
                    bb:dd:2e:37:16:aa:a6:96:7c:70:a4:a0:08:53:6e:
                    e8:8d:45:23:69:55:f2:3e:d1:07:cf:8c:ff:b2:d5:
                    55:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:3F:41:EC:88:C9:C0:DF:A5:34:D7:A6:5A:69:2C:75:4F:C7:53:0B
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/33312e32322e31312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:1d:68:fc:b2:3b:6c:5b:78:0e:5a:e8:71:75:08:c3:42:f6:
         82:17:86:db:79:5c:e8:c4:f8:81:02:7f:66:e7:ab:bb:45:55:
         b2:90:cd:fd:ae:1e:b8:2b:e9:16:ea:87:96:66:4d:b0:de:3c:
         6e:54:86:eb:1a:58:05:91:2d:fc:5d:ba:8e:70:91:45:a0:6d:
         a6:32:c9:a4:18:14:dd:7b:d8:73:8d:38:af:f0:61:ec:8f:c7:
         38:76:c5:9d:71:47:cc:25:be:b3:c0:7e:e9:75:06:6e:6b:4f:
         84:eb:cf:c3:e8:27:74:a3:da:26:9e:9b:07:57:13:2d:81:3d:
         73:ee:2e:16:09:19:dc:4b:77:9a:46:fb:7b:d2:15:30:07:e4:
         8d:e0:18:94:a4:30:f6:e0:ae:48:91:35:56:47:3a:d9:01:66:
         8a:9c:de:8e:d3:28:01:4d:1c:f5:7e:08:e1:8a:cd:dc:03:c0:
         34:d1:31:8a:af:6e:ee:51:ef:44:69:be:ea:30:ab:da:7f:22:
         ad:5b:09:7b:95:38:6f:1f:7d:0d:27:99:a9:7c:ad:38:9a:2b:
         24:60:f3:7e:d6:a7:3e:01:8c:a2:af:f5:94:e0:36:ba:cb:66:
         68:1c:2f:97:7b:d9:37:53:8c:74:fe:8c:2a:2b:a9:51:43:ee:
         16:83:cf:22
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUsK5Ua432tN244gc6BG4Q5jtyaYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjA1MDUyMDE5MDRaFw0yNzA1MDQyMDI0MDRaMDMxMTAvBgNV
BAMTKDAyM0Y0MUVDODhDOUMwREZBNTM0RDdBNjVBNjkyQzc1NEZDNzUzMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpnRsyyS63b5gKzo4TlyDq8jGX
ziHYWNflKCZlToM/8n6xZVjw9l+odk9bLrs109nLhlzp2YBeAn+Sa1yRSc2YzotB
EUEHViAASF2C9q9S6ZS6wW4EIUKCdspJDcyJxj0qhy8OpCCUUI23Koybw9ZZkCP3
QuBHjIPoUTn2EuW1b8GZXvr/TyYJXXAoWAllt7aEIIGcTK3nUxaGgfXutMkSj2RG
0LJT2Nu2BQnVzDIt7s9d0uDGShzigpCAU0d3O2Eih5sFfylUiZ/aewOzdbdSJsyd
bvMvvVQ5z1AJpG3xQbvdLjcWqqaWfHCkoAhTbuiNRSNpVfI+0QfPjP+y1VXfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAj9B7IjJwN+lNNemWmksdU/HUwswHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzMzMTJlMzIzMjJlMzEzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8W
CzANBgkqhkiG9w0BAQsFAAOCAQEAsR1o/LI7bFt4DlrocXUIw0L2gheG23lc6MT4
gQJ/Zueru0VVspDN/a4euCvpFuqHlmZNsN48blSG6xpYBZEt/F26jnCRRaBtpjLJ
pBgU3XvYc404r/Bh7I/HOHbFnXFHzCW+s8B+6XUGbmtPhOvPw+gndKPaJp6bB1cT
LYE9c+4uFgkZ3Et3mkb7e9IVMAfkjeAYlKQw9uCuSJE1Vkc62QFmipzejtMoAU0c
9X4I4YrN3APANNExiq9u7lHvRGm+6jCr2n8irVsJe5U4bx99DSeZqXytOJorJGDz
ftanPgGMoq/1lOA2ustmaBwvl3vZN1OMdP6MKiupUUPuFoPPIg==
-----END CERTIFICATE-----