Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa
File:                     33312e362e31302e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          jOztVmCGHSzhj/N4PW1+J6zKnw5S3lQZTKoORNO1KCA=
Subject key identifier:   2D:B7:5B:08:28:00:DE:40:7B:FC:F7:98:98:08:1B:AA:56:5F:81:B5
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       23302E15387FEBFFC36EBB02632F2D6E77E8EF74
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 04 Aug 2025 06:54:13 +0000
ROA not before:           Mon 04 Aug 2025 06:49:13 +0000
ROA not after:            Mon 03 Aug 2026 06:54:13 +0000
asID:                     22363
IP address blocks:        31.6.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:30:2e:15:38:7f:eb:ff:c3:6e:bb:02:63:2f:2d:6e:77:e8:ef:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug  4 06:49:13 2025 GMT
            Not After : Aug  3 06:54:13 2026 GMT
        Subject: CN=2DB75B082800DE407BFCF79898081BAA565F81B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7e:28:09:45:67:c9:37:46:ba:7c:d5:59:d4:
                    6a:c8:34:b5:55:04:a8:98:2b:c0:28:dc:0f:2e:9c:
                    06:53:fe:cf:eb:9b:fd:52:ee:27:d7:c7:c6:23:b4:
                    d1:bc:cf:cf:c5:6a:11:2a:74:b6:6f:71:b3:0b:ec:
                    9c:7f:dd:4d:0f:c5:cb:e2:57:08:ec:67:a0:7d:21:
                    7a:0b:ed:00:e3:e2:e5:15:51:22:2d:02:09:29:32:
                    2b:06:05:68:9c:2b:54:c1:6b:6d:38:08:7c:03:e6:
                    5c:6a:2d:5c:39:df:5c:da:d8:c7:c1:bb:46:63:7a:
                    c7:81:92:e6:21:d5:22:f4:db:3e:32:a8:68:9a:e4:
                    b7:14:bd:5a:a4:14:2a:f3:21:74:4d:48:aa:f2:80:
                    8f:37:1c:aa:fb:12:0f:00:7d:19:20:27:97:14:79:
                    0f:c0:0a:a8:91:a3:a1:16:d6:fa:03:e0:41:fb:ca:
                    c7:1e:30:22:39:73:75:72:4d:bd:b8:bc:0d:51:68:
                    83:83:68:7f:4e:7c:41:a2:76:e8:05:d1:10:30:53:
                    e3:9e:d5:7d:9b:ad:46:08:67:4e:e4:75:ab:28:d8:
                    77:d7:ba:5f:ec:4e:6f:af:89:10:32:fe:dd:94:cc:
                    b5:9c:20:a2:6a:a1:95:c5:8a:3f:e6:4e:d0:6b:fa:
                    1f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B7:5B:08:28:00:DE:40:7B:FC:F7:98:98:08:1B:AA:56:5F:81:B5
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31302e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:07:e1:d4:a2:b0:90:c1:23:cc:29:66:0a:c1:26:71:fd:10:
         72:09:23:d8:88:7a:22:4d:01:8b:ab:ec:13:ce:2d:d5:7b:41:
         95:18:82:8c:ef:6a:96:46:68:fd:d0:49:d4:ab:55:c5:75:75:
         32:b6:c5:60:ff:31:a9:38:af:ad:5b:a8:b5:20:f6:a0:fe:46:
         32:9b:d1:d8:a6:31:aa:6f:5c:3b:a5:e3:cc:73:40:89:9e:db:
         2d:1a:b7:59:be:d6:63:9d:63:ce:8f:14:17:2a:32:1c:e1:4b:
         d2:fd:5e:3f:49:f5:0a:d5:5e:6a:92:bd:c0:fb:5a:e9:bf:86:
         ff:78:7e:ed:bd:c6:b7:2f:18:e2:84:ff:e1:47:28:2f:54:4b:
         b7:97:f2:dc:8e:13:4d:e1:00:84:7b:9e:3a:35:93:a5:61:4b:
         84:2e:fa:03:d2:50:74:b1:15:7c:23:e8:93:08:44:d7:56:45:
         7b:7c:52:8e:e1:ed:04:51:f4:1b:48:b8:f4:6f:dd:3d:5b:73:
         ea:1e:96:a6:90:3d:c2:f8:ff:b2:01:74:e0:f0:bd:f4:0f:1b:
         4f:51:c9:32:44:f0:09:55:c0:44:d5:1e:b1:30:0e:58:e4:f6:
         5c:ca:2d:d5:60:61:58:cd:fe:b0:0d:ae:b5:2d:50:f1:be:b7:
         df:21:8d:56
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUIzAuFTh/6//DbrsCYy8tbnfo73QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MDQwNjQ5MTNaFw0yNjA4MDMwNjU0MTNaMDMxMTAvBgNV
BAMTKDJEQjc1QjA4MjgwMERFNDA3QkZDRjc5ODk4MDgxQkFBNTY1RjgxQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNfigJRWfJN0a6fNVZ1GrINLVV
BKiYK8Ao3A8unAZT/s/rm/1S7ifXx8YjtNG8z8/FahEqdLZvcbML7Jx/3U0Pxcvi
VwjsZ6B9IXoL7QDj4uUVUSItAgkpMisGBWicK1TBa204CHwD5lxqLVw531za2MfB
u0ZjeseBkuYh1SL02z4yqGia5LcUvVqkFCrzIXRNSKrygI83HKr7Eg8AfRkgJ5cU
eQ/ACqiRo6EW1voD4EH7ysceMCI5c3VyTb24vA1RaIODaH9OfEGidugF0RAwU+Oe
1X2brUYIZ07kdaso2HfXul/sTm+viRAy/t2UzLWcIKJqoZXFij/mTtBr+h+pAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQULbdbCCgA3kB7/PeYmAgbqlZfgbUwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYKMA0G
CSqGSIb3DQEBCwUAA4IBAQCOB+HUorCQwSPMKWYKwSZx/RByCSPYiHoiTQGLq+wT
zi3Ve0GVGIKM72qWRmj90EnUq1XFdXUytsVg/zGpOK+tW6i1IPag/kYym9HYpjGq
b1w7pePMc0CJntstGrdZvtZjnWPOjxQXKjIc4UvS/V4/SfUK1V5qkr3A+1rpv4b/
eH7tvca3LxjihP/hRygvVEu3l/LcjhNN4QCEe546NZOlYUuELvoD0lB0sRV8I+iT
CETXVkV7fFKO4e0EUfQbSLj0b909W3PqHpamkD3C+P+yAXTg8L30DxtPUckyRPAJ
VcBE1R6xMA5Y5PZcyi3VYGFYzf6wDa61LVDxvrffIY1W
-----END CERTIFICATE-----