Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230332e302f32342d3234203d3e20383334.roa
File:                     33312e39392e3230332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          AkENFigRyAUb+VRKLIg05eNR2DATlVcoQ6cEURE1+Kc=
Subject key identifier:   80:FD:CA:2E:0D:A1:E7:1F:B0:BE:6F:3F:ED:7A:13:C4:F6:98:47:CF
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       2825EE5E3447322D9E9D85F8C61C18E09EE1E846
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 17 Feb 2026 15:06:06 +0000
ROA not before:           Tue 17 Feb 2026 15:01:06 +0000
ROA not after:            Tue 16 Feb 2027 15:06:06 +0000
asID:                     834
IP address blocks:        31.99.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 11:39:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:25:ee:5e:34:47:32:2d:9e:9d:85:f8:c6:1c:18:e0:9e:e1:e8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Feb 17 15:01:06 2026 GMT
            Not After : Feb 16 15:06:06 2027 GMT
        Subject: CN=80FDCA2E0DA1E71FB0BE6F3FED7A13C4F69847CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6c:c3:0c:08:af:c3:79:5e:59:14:61:4d:10:
                    42:b2:dd:fa:cc:63:8f:25:b9:61:e8:67:55:9d:a1:
                    25:e8:7d:c6:ed:32:22:6c:64:05:e9:de:2b:86:3d:
                    90:7b:5a:f0:10:dc:af:10:d0:4a:a9:71:3f:3f:b2:
                    5d:31:af:42:c7:80:a5:20:c8:5b:7d:52:32:32:63:
                    75:1d:65:8b:de:8b:90:2a:5c:ca:84:bf:98:fb:cd:
                    01:f9:02:ef:4f:62:f9:57:d2:58:e8:ba:69:d7:d7:
                    61:2f:30:9a:f2:bb:1c:84:3a:5b:a9:69:29:4f:90:
                    d7:f8:5d:43:29:70:4a:1f:71:0b:f6:0a:bb:52:95:
                    0d:3b:d7:e1:80:84:91:aa:68:98:75:66:5e:f3:ba:
                    82:aa:e7:ea:12:1f:4f:59:b7:bd:e3:29:a3:ec:6b:
                    1e:1f:88:a5:f6:72:8d:ec:3a:35:cf:67:78:e5:d2:
                    64:59:5c:80:81:20:cd:d1:1f:e7:7c:1d:f9:88:6a:
                    e4:c9:26:21:5c:91:62:f9:10:9a:47:c5:7d:4e:b2:
                    e2:24:b9:fd:10:7f:23:dd:f0:6f:9e:ff:96:8b:f5:
                    9b:9a:21:d4:3a:16:a4:2d:59:15:9f:6c:df:a7:cb:
                    17:07:cf:91:a8:4d:13:1c:e7:c2:aa:5b:8f:07:4a:
                    c2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:FD:CA:2E:0D:A1:E7:1F:B0:BE:6F:3F:ED:7A:13:C4:F6:98:47:CF
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.99.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a0:2e:56:24:21:37:a0:d6:c1:45:2c:1e:47:a4:66:4a:82:
         a6:b4:72:da:4e:d8:ab:6b:a3:d6:ad:77:bd:c7:d5:2f:67:e3:
         d8:8d:00:71:44:cb:f0:c0:55:1c:cd:d4:c4:82:0e:c3:54:93:
         e3:7c:38:d9:a4:00:95:83:1a:80:8a:b6:2e:94:6b:c9:1f:32:
         15:ad:07:84:91:a9:c1:19:b2:14:a6:71:cd:ae:fd:5a:d0:8c:
         97:31:61:f6:b2:7a:64:ff:79:42:c6:17:c3:7d:84:9a:5f:8d:
         bd:99:aa:21:52:fa:8d:f3:69:32:14:83:99:a9:ad:68:92:b2:
         b9:c1:33:c4:59:ec:c1:a3:83:e0:64:1e:14:b4:5a:29:2c:1f:
         43:0a:09:1b:78:40:9e:bc:a7:00:92:9c:ad:59:90:aa:33:62:
         81:89:2a:1a:64:8b:52:35:02:ed:ff:9e:0e:21:df:f3:e7:b9:
         38:59:c2:3a:4a:79:a1:0f:50:65:96:42:46:78:d5:5b:1a:c4:
         bc:c7:81:4e:d2:59:39:b2:30:ac:d5:15:16:78:1f:6b:3a:82:
         f2:dd:30:3c:7b:6d:e8:ae:4d:78:c7:52:5c:17:11:4e:9c:77:
         6a:6c:31:e7:00:12:f3:a4:c1:cd:01:c0:e5:b7:01:93:ac:21:
         9b:97:d1:d3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUKCXuXjRHMi2enYX4xhwY4J7h6EYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAyMTcxNTAxMDZaFw0yNzAyMTYxNTA2MDZaMDMxMTAvBgNV
BAMTKDgwRkRDQTJFMERBMUU3MUZCMEJFNkYzRkVEN0ExM0M0RjY5ODQ3Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCibMMMCK/DeV5ZFGFNEEKy3frM
Y48luWHoZ1WdoSXofcbtMiJsZAXp3iuGPZB7WvAQ3K8Q0EqpcT8/sl0xr0LHgKUg
yFt9UjIyY3UdZYvei5AqXMqEv5j7zQH5Au9PYvlX0ljoumnX12EvMJryuxyEOlup
aSlPkNf4XUMpcEofcQv2CrtSlQ071+GAhJGqaJh1Zl7zuoKq5+oSH09Zt73jKaPs
ax4fiKX2co3sOjXPZ3jl0mRZXICBIM3RH+d8HfmIauTJJiFckWL5EJpHxX1OsuIk
uf0QfyPd8G+e/5aL9ZuaIdQ6FqQtWRWfbN+nyxcHz5GoTRMc58KqW48HSsJhAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUgP3KLg2h5x+wvm8/7XoTxPaYR88wHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzMzMTJlMzkzOTJlMzIzMDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH2PLMA0G
CSqGSIb3DQEBCwUAA4IBAQB1oC5WJCE3oNbBRSweR6RmSoKmtHLaTtira6PWrXe9
x9UvZ+PYjQBxRMvwwFUczdTEgg7DVJPjfDjZpACVgxqAirYulGvJHzIVrQeEkanB
GbIUpnHNrv1a0IyXMWH2snpk/3lCxhfDfYSaX429maohUvqN82kyFIOZqa1okrK5
wTPEWezBo4PgZB4UtFopLB9DCgkbeECevKcAkpytWZCqM2KBiSoaZItSNQLt/54O
Id/z57k4WcI6SnmhD1BllkJGeNVbGsS8x4FO0lk5sjCs1RUWeB9rOoLy3TA8e23o
rk14x1JcFxFOnHdqbDHnABLzpMHNAcDltwGTrCGbl9HT
-----END CERTIFICATE-----