Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS31898.roa
File:                     AS31898.roa (raw, json)
Hash identifier:          P66BFpzvpbPUst3+SaDRNwRBkbUJ4nigLrQsLmpIamA=
Subject key identifier:   C6:AA:AE:CB:B8:7A:94:77:C0:A5:2D:B7:F2:0A:55:4F:06:32:C1:F3
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0170CF26C13580A9EA4A7251E30F57DCBF0D5B50
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS31898.roa
Signing time:             Mon 28 Jul 2025 10:18:14 +0000
ROA not before:           Mon 28 Jul 2025 10:13:14 +0000
ROA not after:            Mon 27 Jul 2026 10:18:14 +0000
asID:                     31898
IP address blocks:        143.14.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:70:cf:26:c1:35:80:a9:ea:4a:72:51:e3:0f:57:dc:bf:0d:5b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 28 10:13:14 2025 GMT
            Not After : Jul 27 10:18:14 2026 GMT
        Subject: CN=C6AAAECBB87A9477C0A52DB7F20A554F0632C1F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ec:26:20:54:a2:c1:35:7d:06:b0:8f:9b:68:
                    e6:53:76:9b:d7:59:a2:f6:d6:87:79:23:a5:67:90:
                    57:3c:7f:d1:16:cf:9a:1e:43:5b:86:41:22:ef:2d:
                    95:07:98:ff:e0:3b:10:0f:6c:ce:53:26:65:61:9c:
                    f8:bd:c1:77:1e:c9:25:30:cf:b7:b4:75:f1:e6:d6:
                    7f:85:a1:2c:e1:1b:f0:f6:3a:d2:50:a6:e3:d9:42:
                    ea:97:a5:11:e9:88:6a:69:5a:68:89:65:c1:ed:a4:
                    6b:be:54:2b:8d:47:04:a1:e9:bc:ce:97:b1:1f:7f:
                    ae:38:75:9d:0a:ca:5b:5b:f8:1e:bb:7c:e5:3e:a6:
                    34:54:cd:30:ff:d5:7e:fc:60:5e:2a:d5:6b:65:ef:
                    5b:11:45:ee:11:ed:95:23:c2:50:df:3e:ad:01:ee:
                    c3:b6:ea:2d:d1:86:c2:65:34:1f:0e:da:91:69:32:
                    63:7d:04:b8:f7:3f:13:d2:52:e5:68:08:63:a3:92:
                    6f:d9:17:64:f8:5f:52:00:80:d2:d9:7c:22:31:13:
                    6a:3c:4d:a7:16:f4:34:31:7f:40:e1:ba:26:19:c4:
                    12:8b:5b:81:b4:6a:60:04:9e:35:95:4e:f3:ca:aa:
                    e4:22:c4:f9:3e:b3:9a:15:ee:3c:f4:19:fa:e7:ed:
                    e0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:AA:AE:CB:B8:7A:94:77:C0:A5:2D:B7:F2:0A:55:4F:06:32:C1:F3
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS31898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:68:fe:bc:21:07:4a:f1:c7:53:ec:0c:c0:8a:11:b9:9a:38:
         29:5c:f3:23:2e:6e:aa:d3:f3:a6:4a:81:3f:5d:8c:99:1e:87:
         a7:eb:a3:a3:0f:95:34:24:eb:e6:fd:42:c7:77:cb:7e:18:e6:
         f2:8f:29:45:32:6c:2e:c4:86:f2:eb:e5:30:5c:15:4f:d5:10:
         df:fb:57:7e:cc:a8:22:65:5d:52:ce:a6:93:0e:05:6d:1d:25:
         7a:83:4a:74:37:c5:83:10:9f:7a:ef:c8:a8:60:9f:46:2b:d3:
         15:50:7e:46:6c:f4:21:00:29:fb:2a:8b:d7:35:c6:af:b4:ec:
         5d:25:f6:20:5a:eb:df:68:2b:74:68:1d:e0:86:d1:38:3b:c2:
         b1:91:d4:25:f0:ca:92:23:c5:9a:44:b9:c9:d8:09:85:5a:d6:
         0e:2e:42:13:70:2d:8e:da:4b:84:7a:ef:72:b1:9d:65:7f:56:
         8a:5f:43:28:78:44:82:79:e7:64:9f:31:77:47:22:93:35:5e:
         a7:18:1e:28:d2:1b:9a:09:5a:6b:55:43:a9:26:9a:c2:c3:3b:
         1f:50:63:8b:1b:c1:1f:da:39:b0:de:11:ef:21:e4:25:11:41:
         79:61:a1:b4:35:91:24:a6:05:88:a1:f4:49:1d:3f:49:49:66:
         d8:0a:21:bd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAXDPJsE1gKnqSnJR4w9X3L8NW1AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MjgxMDEzMTRaFw0yNjA3MjcxMDE4MTRaMDMxMTAvBgNV
BAMTKEM2QUFBRUNCQjg3QTk0NzdDMEE1MkRCN0YyMEE1NTRGMDYzMkMxRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv7CYgVKLBNX0GsI+baOZTdpvX
WaL21od5I6VnkFc8f9EWz5oeQ1uGQSLvLZUHmP/gOxAPbM5TJmVhnPi9wXceySUw
z7e0dfHm1n+FoSzhG/D2OtJQpuPZQuqXpRHpiGppWmiJZcHtpGu+VCuNRwSh6bzO
l7Eff644dZ0Kyltb+B67fOU+pjRUzTD/1X78YF4q1Wtl71sRRe4R7ZUjwlDfPq0B
7sO26i3RhsJlNB8O2pFpMmN9BLj3PxPSUuVoCGOjkm/ZF2T4X1IAgNLZfCIxE2o8
TacW9DQxf0DhuiYZxBKLW4G0amAEnjWVTvPKquQixPk+s5oV7jz0Gfrn7eAbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUxqquy7h6lHfApS238gpVTwYywfMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzE4OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPDokw
DQYJKoZIhvcNAQELBQADggEBACho/rwhB0rxx1PsDMCKEbmaOClc8yMubqrT86ZK
gT9djJkeh6fro6MPlTQk6+b9Qsd3y34Y5vKPKUUybC7EhvLr5TBcFU/VEN/7V37M
qCJlXVLOppMOBW0dJXqDSnQ3xYMQn3rvyKhgn0Yr0xVQfkZs9CEAKfsqi9c1xq+0
7F0l9iBa699oK3RoHeCG0Tg7wrGR1CXwypIjxZpEucnYCYVa1g4uQhNwLY7aS4R6
73KxnWV/VopfQyh4RIJ552SfMXdHIpM1XqcYHijSG5oJWmtVQ6kmmsLDOx9QY4sb
wR/aObDeEe8h5CURQXlhobQ1kSSmBYih9EkdP0lJZtgKIb0=
-----END CERTIFICATE-----