Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230352e302f32342d3234203d3e203136323736.roa
File:                     33312e39392e3230352e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          iY6Z6WsOmh7cm9RSrsKpdBWAVKfI3GwyklAdOa/akGA=
Subject key identifier:   CE:45:74:1A:EC:E6:0C:C1:EC:DF:0C:2C:37:68:1E:6A:C2:A8:84:85
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       64359B39958E15B01BC6E1E1AA1377B99F37C0F9
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230352e302f32342d3234203d3e203136323736.roa
Signing time:             Sun 05 Apr 2026 18:36:22 +0000
ROA not before:           Sun 05 Apr 2026 18:31:22 +0000
ROA not after:            Sun 04 Apr 2027 18:36:22 +0000
asID:                     16276
IP address blocks:        31.99.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 11:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:35:9b:39:95:8e:15:b0:1b:c6:e1:e1:aa:13:77:b9:9f:37:c0:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Apr  5 18:31:22 2026 GMT
            Not After : Apr  4 18:36:22 2027 GMT
        Subject: CN=CE45741AECE60CC1ECDF0C2C37681E6AC2A88485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:3c:ff:a3:be:59:a4:d3:b2:f0:4b:92:bb:e6:
                    88:7e:19:d6:52:a3:24:f4:11:e2:f3:c5:09:31:0d:
                    35:f4:67:d3:96:5f:81:cd:00:96:37:1c:3d:07:ac:
                    52:b3:03:e0:f6:2f:21:36:18:1c:b5:0f:cf:d0:d6:
                    9d:0a:78:d5:f7:42:72:28:ef:72:53:ff:ef:d2:be:
                    01:79:84:57:19:0c:75:97:46:f9:fb:f4:1e:da:bd:
                    a5:81:a5:22:55:eb:19:c1:66:b0:b7:e5:15:7e:b6:
                    94:d7:46:90:47:96:eb:8f:1e:ec:c8:83:f7:4e:a4:
                    b4:82:40:47:ee:59:fc:4a:59:48:83:8b:aa:37:bc:
                    4e:e7:93:d3:13:c0:82:61:79:04:25:e0:dc:dd:af:
                    2b:8b:2a:da:df:92:6c:87:c5:b5:a1:ff:2b:c3:a3:
                    4d:56:9d:f9:d6:f1:37:28:c1:50:5c:92:a5:2c:ee:
                    63:8f:0e:fa:b9:3b:d1:67:d1:62:e7:18:6f:91:33:
                    ce:78:09:80:a2:69:37:4a:e7:78:a5:84:c3:ec:9f:
                    5b:4b:82:35:0f:1a:84:2e:e4:9c:35:46:ec:59:e9:
                    54:a9:bf:84:8d:68:37:85:86:a4:d7:d3:e6:01:24:
                    ef:1b:75:14:cb:0a:7a:7b:69:df:7b:0a:19:d1:b3:
                    4f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:45:74:1A:EC:E6:0C:C1:EC:DF:0C:2C:37:68:1E:6A:C2:A8:84:85
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230352e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.99.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:70:ec:1c:ff:4c:05:fc:99:02:85:2d:e5:b3:f3:b1:3f:5e:
         b1:c9:5a:3c:3b:63:89:69:00:45:31:e8:cb:b7:ca:86:14:ba:
         b3:55:ea:94:90:7d:47:2c:03:e3:29:29:6b:47:08:98:45:0f:
         3d:f0:3e:21:6e:34:73:dd:98:9a:45:1f:6e:d5:bd:3a:2c:30:
         2b:eb:d7:97:b9:ab:48:1d:86:01:46:04:7a:f0:c5:6e:64:67:
         2a:8b:5c:4d:5f:fc:12:a2:0b:1e:9d:a9:f3:06:f2:85:c1:eb:
         87:66:da:f8:a4:d1:87:34:5a:62:41:b3:43:1d:5a:35:1d:5c:
         f1:68:32:5e:6b:86:e4:bd:42:a4:dc:89:17:14:e7:16:5a:46:
         40:f1:8c:3a:17:15:19:5d:05:98:23:84:37:e3:08:42:34:13:
         c8:45:ec:fe:a5:23:34:66:3e:61:a9:ff:a9:a9:1d:53:42:9e:
         12:48:3e:1e:ed:a4:2d:93:09:bb:f0:cc:6d:62:26:60:3e:34:
         2a:f5:f6:e0:96:ca:e9:38:4b:f7:06:90:4d:5d:4a:d1:ca:a0:
         c9:c8:d4:46:20:3e:3e:d5:49:db:56:b1:3d:37:80:94:c4:b5:
         23:82:22:14:1f:37:e4:28:29:6d:43:2c:7c:50:ea:ce:5c:db:
         47:a4:8d:eb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZDWbOZWOFbAbxuHhqhN3uZ83wPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjA0MDUxODMxMjJaFw0yNzA0MDQxODM2MjJaMDMxMTAvBgNV
BAMTKENFNDU3NDFBRUNFNjBDQzFFQ0RGMEMyQzM3NjgxRTZBQzJBODg0ODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD9PP+jvlmk07LwS5K75oh+GdZS
oyT0EeLzxQkxDTX0Z9OWX4HNAJY3HD0HrFKzA+D2LyE2GBy1D8/Q1p0KeNX3QnIo
73JT/+/SvgF5hFcZDHWXRvn79B7avaWBpSJV6xnBZrC35RV+tpTXRpBHluuPHuzI
g/dOpLSCQEfuWfxKWUiDi6o3vE7nk9MTwIJheQQl4NzdryuLKtrfkmyHxbWh/yvD
o01WnfnW8TcowVBckqUs7mOPDvq5O9Fn0WLnGG+RM854CYCiaTdK53ilhMPsn1tL
gjUPGoQu5Jw1RuxZ6VSpv4SNaDeFhqTX0+YBJO8bdRTLCnp7ad97ChnRs0/PAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUzkV0GuzmDMHs3wwsN2geasKohIUwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzMzMTJlMzkzOTJlMzIzMDM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjMyMzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB9j
zTANBgkqhkiG9w0BAQsFAAOCAQEAJnDsHP9MBfyZAoUt5bPzsT9esclaPDtjiWkA
RTHoy7fKhhS6s1XqlJB9RywD4ykpa0cImEUPPfA+IW40c92YmkUfbtW9OiwwK+vX
l7mrSB2GAUYEevDFbmRnKotcTV/8EqILHp2p8wbyhcHrh2ba+KTRhzRaYkGzQx1a
NR1c8WgyXmuG5L1CpNyJFxTnFlpGQPGMOhcVGV0FmCOEN+MIQjQTyEXs/qUjNGY+
Yan/qakdU0KeEkg+Hu2kLZMJu/DMbWImYD40KvX24JbK6ThL9waQTV1K0cqgycjU
RiA+PtVJ21axPTeAlMS1I4IiFB835CgpbUMsfFDqzlzbR6SN6w==
-----END CERTIFICATE-----