Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS31898.roa
File:                     AS31898.roa (raw, json)
Hash identifier:          N6rePLLJx+XPquKhnsEEEIZGvsBLpVYCr47dZvradlk=
Subject key identifier:   CE:A7:8C:81:CB:CE:BC:F2:9C:FA:DD:5F:92:35:A3:07:2A:00:5B:E0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       56E3DD6CCE5B7CF85AB72B62E75EA133C4D14167
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS31898.roa
Signing time:             Sat 06 Jun 2026 03:48:14 +0000
ROA not before:           Sat 06 Jun 2026 03:43:14 +0000
ROA not after:            Sat 05 Jun 2027 03:48:14 +0000
asID:                     31898
IP address blocks:        143.14.137.0/24 maxlen: 24
                          168.222.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:e3:dd:6c:ce:5b:7c:f8:5a:b7:2b:62:e7:5e:a1:33:c4:d1:41:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  6 03:43:14 2026 GMT
            Not After : Jun  5 03:48:14 2027 GMT
        Subject: CN=CEA78C81CBCEBCF29CFADD5F9235A3072A005BE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1e:70:a6:dc:b7:28:b3:73:3c:79:3e:57:67:
                    c0:07:29:a4:d7:64:c0:d4:ee:eb:87:0a:96:33:2f:
                    28:86:d3:02:ed:41:9e:ce:40:cf:5d:a1:03:b1:3f:
                    e7:2c:8a:89:03:fc:ea:40:6d:fb:f6:4c:8f:ee:e7:
                    01:25:d0:46:76:a4:b5:a4:f0:7d:97:61:8c:a0:00:
                    8f:b8:74:bd:cc:7c:05:ca:58:3d:20:b2:6d:68:e0:
                    8a:e3:14:a7:be:c0:5c:c3:57:48:7d:89:c0:09:7a:
                    e9:63:d6:3d:84:07:a4:e1:d5:1c:8c:b6:66:2a:73:
                    11:cc:2b:a0:68:77:93:e0:95:fa:9d:71:8a:a8:c0:
                    34:e9:4e:d9:c7:47:b8:2b:a8:14:8c:63:5f:80:87:
                    31:6e:66:76:28:71:d5:68:ab:24:bd:d6:ae:59:d6:
                    97:c4:36:05:df:e0:37:b6:0c:3e:f2:d9:89:fd:fa:
                    eb:b2:55:68:90:7d:79:68:bf:35:f7:ac:88:11:5d:
                    ff:f7:1d:46:ef:48:35:a6:af:ee:a3:de:6d:ab:ea:
                    fa:1b:15:76:41:f7:92:9a:98:5e:c5:cc:c6:5e:dd:
                    35:77:28:07:98:56:bd:e0:68:8c:0d:44:c3:fa:fd:
                    70:76:cb:84:83:c9:7b:fa:f9:d9:fb:03:b9:fb:eb:
                    d8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A7:8C:81:CB:CE:BC:F2:9C:FA:DD:5F:92:35:A3:07:2A:00:5B:E0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS31898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.137.0/24
                  168.222.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c3:e1:84:a6:d9:f6:b8:51:5a:ad:50:7b:96:68:44:5b:12:
         95:11:26:ab:bb:c7:09:3f:94:c0:3f:19:52:9d:8c:52:07:d9:
         26:24:e4:72:ed:61:eb:cd:21:2f:d9:b9:e2:16:a2:49:63:3d:
         a8:f5:8f:37:25:d5:bd:01:c4:64:4a:ea:54:82:81:78:47:cd:
         dc:a2:26:b6:7c:51:1e:de:e4:dc:4d:84:25:74:bf:68:74:c2:
         6c:52:a1:dd:9e:01:9a:fb:bd:ad:ba:a5:93:b6:2f:5b:71:a6:
         6f:1f:66:70:3d:7f:e9:61:a2:51:34:a3:91:f7:33:39:4b:a2:
         f0:fd:9d:e1:28:83:96:5a:bd:0c:c4:2a:5d:ec:3d:4d:37:27:
         21:a3:bc:3f:6e:c5:29:77:58:25:b2:7f:55:97:e8:c3:02:b8:
         76:5a:82:a8:73:4e:0a:c3:75:6e:f7:0b:59:5a:de:0d:6c:15:
         9f:5e:66:66:c5:f7:31:0c:25:fe:15:fb:db:8b:66:6a:bc:97:
         e6:8d:41:50:37:61:78:95:71:77:7e:9e:4f:cb:ec:d5:7d:4a:
         ea:4a:90:1a:1e:b8:95:e1:39:43:4d:c7:83:36:76:5f:a5:68:
         d7:e0:40:95:5d:99:16:ce:5e:67:c3:c2:63:07:9d:63:27:06:
         c1:3e:1c:99
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUVuPdbM5bfPhatyti516hM8TRQWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDYwMzQzMTRaFw0yNzA2MDUwMzQ4MTRaMDMxMTAvBgNV
BAMTKENFQTc4QzgxQ0JDRUJDRjI5Q0ZBREQ1RjkyMzVBMzA3MkEwMDVCRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYHnCm3Lcos3M8eT5XZ8AHKaTX
ZMDU7uuHCpYzLyiG0wLtQZ7OQM9doQOxP+csiokD/OpAbfv2TI/u5wEl0EZ2pLWk
8H2XYYygAI+4dL3MfAXKWD0gsm1o4IrjFKe+wFzDV0h9icAJeulj1j2EB6Th1RyM
tmYqcxHMK6Bod5PglfqdcYqowDTpTtnHR7grqBSMY1+AhzFuZnYocdVoqyS91q5Z
1pfENgXf4De2DD7y2Yn9+uuyVWiQfXlovzX3rIgRXf/3HUbvSDWmr+6j3m2r6vob
FXZB95KamF7FzMZe3TV3KAeYVr3gaIwNRMP6/XB2y4SDyXv6+dn7A7n769j9AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUzqeMgcvOvPKc+t1fkjWjByoAW+AwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzE4OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPDokD
BACo3hEwDQYJKoZIhvcNAQELBQADggEBACPD4YSm2fa4UVqtUHuWaERbEpURJqu7
xwk/lMA/GVKdjFIH2SYk5HLtYevNIS/ZueIWokljPaj1jzcl1b0BxGRK6lSCgXhH
zdyiJrZ8UR7e5NxNhCV0v2h0wmxSod2eAZr7va26pZO2L1txpm8fZnA9f+lholE0
o5H3MzlLovD9neEog5ZavQzEKl3sPU03JyGjvD9uxSl3WCWyf1WX6MMCuHZagqhz
TgrDdW73C1la3g1sFZ9eZmbF9zEMJf4V+9uLZmq8l+aNQVA3YXiVcXd+nk/L7NV9
SupKkBoeuJXhOUNNx4M2dl+laNfgQJVdmRbOXmfDwmMHnWMnBsE+HJk=
-----END CERTIFICATE-----