Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e20323135333632.roa
File:                     33312e362e312e302f32342d3234203d3e20323135333632.roa (raw, json)
Hash identifier:          yS3TR3axK2X+qN09lOG1pmLUohFmUQfgCwEJyv3vrxM=
Subject key identifier:   26:BC:76:A3:77:96:CC:8B:D8:B2:4D:7B:BC:4E:16:1B:63:A9:93:1A
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       2E89551F961BAAF82458624BA0D2AF0CE8FF7D
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e20323135333632.roa
Signing time:             Mon 19 Jan 2026 16:55:34 +0000
ROA not before:           Mon 19 Jan 2026 16:50:34 +0000
ROA not after:            Mon 18 Jan 2027 16:55:34 +0000
asID:                     215362
IP address blocks:        31.6.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:89:55:1f:96:1b:aa:f8:24:58:62:4b:a0:d2:af:0c:e8:ff:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jan 19 16:50:34 2026 GMT
            Not After : Jan 18 16:55:34 2027 GMT
        Subject: CN=26BC76A37796CC8BD8B24D7BBC4E161B63A9931A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1c:ec:82:c5:e1:0f:24:86:97:4c:1d:ef:ba:
                    fd:6a:91:b1:f6:ba:6d:c9:4c:19:cf:02:a3:88:ba:
                    59:1b:0c:7f:5e:0e:50:ee:8e:16:12:93:67:f1:22:
                    63:cf:aa:e3:d7:16:fb:7d:26:3c:00:e5:86:c7:9c:
                    3f:5b:86:c9:7e:18:0c:24:2f:dc:52:dc:6a:85:dc:
                    22:e3:db:c4:36:c4:b6:df:88:24:3c:01:b8:ab:41:
                    16:73:61:fc:92:1a:fc:8b:4f:ef:74:29:dd:98:82:
                    89:77:75:62:95:33:5e:20:ec:ff:d5:35:1c:97:cd:
                    4b:4e:a5:b1:b1:6f:e0:84:9f:9e:55:0e:e5:23:2b:
                    2b:5a:5f:4b:1d:58:9b:e0:f0:98:02:28:96:27:ad:
                    5b:61:26:71:e1:47:64:ab:b5:ec:12:1a:5e:3f:3e:
                    78:52:43:92:8f:ae:87:0b:c5:3a:bb:16:1c:fe:df:
                    f3:03:c7:aa:6b:26:56:0c:75:2a:a3:6a:e9:fe:07:
                    2d:1f:82:d9:83:10:b9:01:3e:85:e5:1a:1a:0f:bc:
                    9c:81:8e:34:4f:18:e1:fd:07:41:aa:05:6e:0c:3e:
                    fc:01:a7:70:44:0e:0e:6e:0a:f2:ec:0f:b8:33:71:
                    d2:5b:d9:ff:bf:89:97:6f:c7:1e:81:9d:c9:63:40:
                    aa:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BC:76:A3:77:96:CC:8B:D8:B2:4D:7B:BC:4E:16:1B:63:A9:93:1A
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e312e302f32342d3234203d3e20323135333632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d8:29:2a:42:73:32:44:c7:d4:24:f5:1b:cc:99:3f:68:09:
         7a:c7:4b:8c:e5:52:4c:f5:73:8f:e5:84:7d:9d:84:60:29:50:
         63:45:16:b0:69:95:48:33:6a:3b:f5:bd:68:0e:6a:bd:37:3a:
         e9:b6:16:99:f4:e4:6a:b1:d1:23:d9:b2:3c:5d:88:05:17:f8:
         f0:33:bc:99:c0:8c:3f:03:1e:1d:6a:23:ba:b8:da:13:97:79:
         94:07:f5:ac:22:a3:b9:2e:85:5b:7a:6b:b8:5c:ef:57:2c:27:
         c7:68:5f:7d:cb:9e:ef:21:ec:fd:d0:93:cf:49:e0:e6:40:1a:
         aa:cd:6e:db:03:7b:61:c1:a5:72:c3:e7:47:b2:e8:1a:95:14:
         17:92:51:27:2b:37:11:ef:7d:2d:16:4c:e4:12:d7:7a:5e:dc:
         bc:1a:c2:09:a5:4b:3d:90:d3:98:19:29:ee:c9:eb:ab:41:d3:
         3a:e6:28:45:1c:53:1b:fa:5e:19:a7:f8:bc:a7:f9:04:de:08:
         ea:c6:d6:a3:1e:1e:bc:c8:ec:2c:2e:d3:55:cb:80:df:71:f6:
         e6:91:08:95:8c:d2:44:db:d8:02:d6:3b:44:19:0c:9b:51:8b:
         59:30:ea:3a:4c:ea:a9:8b:93:a1:ee:34:d4:ad:6a:f3:6e:54:
         ec:43:51:54
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgITLolVH5YbqvgkWGJLoNKvDOj/fTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEygwNDhhZjY2NWJmOGIxODZiNzAyMjA3NTlkMjZjNTc4ZjQw
YjVmM2UzMB4XDTI2MDExOTE2NTAzNFoXDTI3MDExODE2NTUzNFowMzExMC8GA1UE
AxMoMjZCQzc2QTM3Nzk2Q0M4QkQ4QjI0RDdCQkM0RTE2MUI2M0E5OTMxQTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4c7ILF4Q8khpdMHe+6/WqRsfa6
bclMGc8Co4i6WRsMf14OUO6OFhKTZ/EiY8+q49cW+30mPADlhsecP1uGyX4YDCQv
3FLcaoXcIuPbxDbEtt+IJDwBuKtBFnNh/JIa/ItP73Qp3ZiCiXd1YpUzXiDs/9U1
HJfNS06lsbFv4ISfnlUO5SMrK1pfSx1Ym+DwmAIolietW2EmceFHZKu17BIaXj8+
eFJDko+uhwvFOrsWHP7f8wPHqmsmVgx1KqNq6f4HLR+C2YMQuQE+heUaGg+8nIGO
NE8Y4f0HQaoFbgw+/AGncEQODm4K8uwPuDNx0lvZ/7+Jl2/HHoGdyWNAqqsCAwEA
AaOCAjcwggIzMB0GA1UdDgQWBBQmvHajd5bMi9iyTXu8ThYbY6mTGjAfBgNVHSME
GDAWgBQEivZlv4sYa3AiB1nSbFePQLXz4zAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS84MmE5YmY1Yi0zOWMxLTQwNTAtYjA3My00ODA3NWI4NjFk
ODcvMC8wNDhBRjY2NUJGOEIxODZCNzAyMjA3NTlEMjZDNTc4RjQwQjVGM0UzLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvQklyMlpiLUxHR3R3SWdkWjBteFhqMEMx
OC1NLmNlcjCBpwYIKwYBBQUHAQsEgZowgZcwgZQGCCsGAQUFBzALhoGHcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MmE5YmY1Yi0z
OWMxLTQwNTAtYjA3My00ODA3NWI4NjFkODcvMC8zMzMxMmUzNjJlMzEyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMjMxMzUzMzM2MzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBgEwDQYJ
KoZIhvcNAQELBQADggEBAD7YKSpCczJEx9Qk9RvMmT9oCXrHS4zlUkz1c4/lhH2d
hGApUGNFFrBplUgzajv1vWgOar03Oum2Fpn05Gqx0SPZsjxdiAUX+PAzvJnAjD8D
Hh1qI7q42hOXeZQH9awio7kuhVt6a7hc71csJ8doX33Lnu8h7P3Qk89J4OZAGqrN
btsDe2HBpXLD50ey6BqVFBeSUScrNxHvfS0WTOQS13pe3LwawgmlSz2Q05gZKe7J
66tB0zrmKEUcUxv6Xhmn+Lyn+QTeCOrG1qMeHrzI7Cwu01XLgN9x9uaRCJWM0kTb
2ALWO0QZDJtRi1kw6jpM6qmLk6HuNNStavNuVOxDUVQ=
-----END CERTIFICATE-----