Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230332e302f32342d3234203d3e2039303039.roa
File:                     33312e39392e3230332e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          ukWKTFNy0nhBe+FLsHfZ/BgA8cd8+jxoh9zUxPcORkk=
Subject key identifier:   F9:75:C9:CA:3D:93:55:2C:51:37:AC:70:61:46:F6:EC:44:7F:3B:9D
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       6CCFF5970A6AF4F3224C4153C0AF76E80D9F623F
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230332e302f32342d3234203d3e2039303039.roa
Signing time:             Fri 03 Apr 2026 10:35:44 +0000
ROA not before:           Fri 03 Apr 2026 10:30:44 +0000
ROA not after:            Fri 02 Apr 2027 10:35:44 +0000
asID:                     9009
IP address blocks:        31.99.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 11:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:cf:f5:97:0a:6a:f4:f3:22:4c:41:53:c0:af:76:e8:0d:9f:62:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Apr  3 10:30:44 2026 GMT
            Not After : Apr  2 10:35:44 2027 GMT
        Subject: CN=F975C9CA3D93552C5137AC706146F6EC447F3B9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0d:28:0e:0a:b3:23:c7:c9:aa:12:9c:63:97:
                    46:21:05:c6:85:2b:03:93:cf:45:d8:7b:58:ab:98:
                    86:87:3e:9c:36:9a:3e:a3:23:78:41:a0:e0:69:09:
                    a9:05:d7:50:e0:3a:9b:20:16:64:31:7b:97:6a:3e:
                    5b:33:f3:9a:da:94:c6:70:78:4a:7b:3a:95:19:27:
                    15:11:31:c4:0e:69:8c:68:3c:6d:1f:b0:32:bf:b9:
                    82:17:cd:c2:dd:b8:44:d3:06:9d:14:29:d9:d8:1c:
                    65:47:df:f9:c6:4f:68:f7:10:b7:96:03:05:0f:33:
                    6d:97:b2:45:66:e5:9f:93:a3:42:50:1a:00:5e:5f:
                    1e:be:21:e6:70:0f:29:29:ac:39:02:9b:e0:d1:ef:
                    90:30:a4:28:7f:0b:1d:3d:3f:8e:05:21:9f:43:96:
                    93:29:3d:93:1f:2e:09:a1:b1:53:c8:d8:e3:33:7e:
                    b7:50:08:5a:d2:7d:cf:65:39:b8:ff:bd:59:cf:c1:
                    09:cb:65:fa:49:ab:3e:27:a6:23:54:51:ca:e3:d4:
                    22:40:5d:27:76:c0:b4:d5:67:4f:e8:8d:42:f1:8f:
                    b0:03:3a:6f:95:45:65:36:45:5d:5e:b9:87:0d:a8:
                    3f:ab:2c:e9:22:bb:91:8a:d4:37:a3:c3:32:2c:62:
                    43:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:75:C9:CA:3D:93:55:2C:51:37:AC:70:61:46:F6:EC:44:7F:3B:9D
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230332e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.99.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:5a:c7:b7:8c:6f:0b:7a:5f:98:47:df:94:4e:e2:c4:13:93:
         e7:27:8f:3c:51:ba:81:90:ca:07:97:ae:d6:00:f1:bc:48:05:
         08:ef:79:87:cf:17:8e:0c:35:d4:82:d2:74:2d:d3:11:d8:c3:
         76:2e:2b:95:2c:bf:4d:f9:99:f6:4c:e8:ab:36:7c:e9:b7:37:
         1b:6c:c7:88:d4:37:b5:13:d1:99:83:82:cd:b8:0f:78:4f:c7:
         f2:70:de:74:61:f9:05:0d:51:2d:8a:46:4e:15:6f:8e:67:e6:
         9a:d3:13:6f:cb:ba:de:10:cd:b4:13:dc:18:62:5d:74:76:ae:
         7d:09:37:52:ef:61:0f:2e:1a:6c:91:65:da:aa:c4:eb:23:88:
         c5:88:e3:f1:f9:49:32:9c:c1:92:45:22:fc:3d:3a:da:a1:b4:
         ae:0b:51:28:cc:0b:a6:92:44:5f:a4:3b:a0:60:f7:bf:cf:37:
         98:b1:7e:d9:93:8c:fa:7b:bc:bf:25:5b:f0:71:c2:d3:35:04:
         60:be:f4:f2:90:33:be:1d:cb:05:39:6b:70:ce:33:8f:72:c7:
         c6:02:a8:a3:84:f2:a8:03:3a:46:0f:f4:a9:2d:f6:c6:04:5d:
         f4:31:b4:cf:7a:67:d8:8c:49:fa:dd:2b:3f:b7:1a:95:75:d8:
         24:ff:96:ac
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbM/1lwpq9PMiTEFTwK926A2fYj8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjA0MDMxMDMwNDRaFw0yNzA0MDIxMDM1NDRaMDMxMTAvBgNV
BAMTKEY5NzVDOUNBM0Q5MzU1MkM1MTM3QUM3MDYxNDZGNkVDNDQ3RjNCOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcDSgOCrMjx8mqEpxjl0YhBcaF
KwOTz0XYe1irmIaHPpw2mj6jI3hBoOBpCakF11DgOpsgFmQxe5dqPlsz85ralMZw
eEp7OpUZJxURMcQOaYxoPG0fsDK/uYIXzcLduETTBp0UKdnYHGVH3/nGT2j3ELeW
AwUPM22XskVm5Z+To0JQGgBeXx6+IeZwDykprDkCm+DR75AwpCh/Cx09P44FIZ9D
lpMpPZMfLgmhsVPI2OMzfrdQCFrSfc9lObj/vVnPwQnLZfpJqz4npiNUUcrj1CJA
XSd2wLTVZ0/ojULxj7ADOm+VRWU2RV1euYcNqD+rLOkiu5GK1DejwzIsYkNzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU+XXJyj2TVSxRN6xwYUb27ER/O50wHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzMzMTJlMzkzOTJlMzIzMDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfY8sw
DQYJKoZIhvcNAQELBQADggEBAGVax7eMbwt6X5hH35RO4sQTk+cnjzxRuoGQygeX
rtYA8bxIBQjveYfPF44MNdSC0nQt0xHYw3YuK5Usv035mfZM6Ks2fOm3Nxtsx4jU
N7UT0ZmDgs24D3hPx/Jw3nRh+QUNUS2KRk4Vb45n5prTE2/Lut4QzbQT3BhiXXR2
rn0JN1LvYQ8uGmyRZdqqxOsjiMWI4/H5STKcwZJFIvw9OtqhtK4LUSjMC6aSRF+k
O6Bg97/PN5ixftmTjPp7vL8lW/BxwtM1BGC+9PKQM74dywU5a3DOM49yx8YCqKOE
8qgDOkYP9Kkt9sYEXfQxtM96Z9iMSfrdKz+3GpV12CT/lqw=
-----END CERTIFICATE-----