Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31352e302f32342d3234203d3e20313937363036.roa
File:                     33312e362e31352e302f32342d3234203d3e20313937363036.roa (raw, json)
Hash identifier:          E0rgC7drFeptJmby2e1neAjU99IItUYTz/SE4Td57j8=
Subject key identifier:   AE:61:FE:E5:B4:D0:6D:35:3A:65:44:F1:04:8E:BD:FF:AC:0A:79:D9
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       275BEAC7B2081B334E2691824BD726D3E5127659
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31352e302f32342d3234203d3e20313937363036.roa
Signing time:             Fri 27 Mar 2026 20:46:56 +0000
ROA not before:           Fri 27 Mar 2026 20:41:56 +0000
ROA not after:            Fri 26 Mar 2027 20:46:56 +0000
asID:                     197606
IP address blocks:        31.6.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:5b:ea:c7:b2:08:1b:33:4e:26:91:82:4b:d7:26:d3:e5:12:76:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 27 20:41:56 2026 GMT
            Not After : Mar 26 20:46:56 2027 GMT
        Subject: CN=AE61FEE5B4D06D353A6544F1048EBDFFAC0A79D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9b:2a:9c:a1:2d:fe:e3:3c:b0:1c:65:02:a8:
                    dc:04:6c:01:d6:0a:cb:42:4c:ad:d1:1c:66:f2:c0:
                    f1:40:d9:95:e1:e2:fb:38:e7:95:2b:72:2e:30:b7:
                    9d:66:4f:c9:27:d7:08:67:b8:fe:00:ad:17:79:b1:
                    ec:40:f1:ef:c9:31:68:ca:de:12:13:54:34:15:f2:
                    27:cd:5b:b1:90:46:bb:2e:10:47:da:cf:47:93:c2:
                    1e:48:eb:62:42:92:ee:32:0f:7d:54:5a:7e:13:a4:
                    60:5f:a1:8d:5a:d3:57:2f:6d:0c:ab:2c:93:9c:71:
                    64:24:96:97:cc:f1:47:15:6b:07:09:82:70:3a:c5:
                    c3:54:ba:7a:ab:ee:1d:bb:d4:26:7b:fb:fb:31:0d:
                    e5:38:a8:05:fe:74:67:b8:e9:af:72:ff:ac:b9:f4:
                    91:55:f4:e4:a6:75:a2:7d:be:a9:79:dd:46:c8:d4:
                    72:a8:3c:ad:e8:0e:8d:a2:cd:9f:40:3e:18:d0:7f:
                    34:13:d2:50:10:f6:9e:be:f4:78:b3:37:30:a6:2e:
                    f7:eb:77:26:6c:72:41:2c:96:21:e3:e6:95:8d:3f:
                    4c:a9:42:e1:76:52:93:30:3b:72:c7:7d:b6:93:c7:
                    e0:ee:80:32:e1:3d:8e:97:69:fa:63:3d:60:b6:16:
                    ee:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:61:FE:E5:B4:D0:6D:35:3A:65:44:F1:04:8E:BD:FF:AC:0A:79:D9
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e31352e302f32342d3234203d3e20313937363036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:7c:1f:e6:51:d0:5f:55:9c:dd:39:b5:29:de:c3:49:04:44:
         79:8f:20:f6:60:37:de:94:d9:23:59:ed:7f:6b:2c:14:5d:e7:
         04:55:4b:b8:04:53:91:98:84:0b:63:3a:fb:7b:5e:62:e2:a0:
         b5:0f:20:e6:9d:77:c0:99:8b:15:b7:65:31:69:16:bc:b2:8d:
         6e:22:6e:e4:2a:6c:82:e0:d5:82:1c:66:9a:62:0e:a2:ad:fb:
         68:4a:10:b1:f0:4a:d9:17:d8:31:4f:36:63:6c:fc:c0:43:f6:
         22:ee:b4:b0:8e:71:6b:23:bf:30:ef:b3:e1:63:72:ba:75:2b:
         f5:02:3d:0c:0a:8a:ef:20:ae:2a:1c:09:14:fb:f3:9a:20:47:
         87:21:a4:b7:a3:0d:70:c3:63:5e:01:2e:0f:0d:33:83:a3:ff:
         3a:7d:e5:ed:62:0f:5f:1b:63:8e:e9:09:7b:ae:1a:89:5a:d6:
         cb:7a:38:13:50:98:18:34:74:f2:8e:ce:cb:1e:7a:5a:4a:c0:
         f6:9c:3c:1b:a6:20:83:3d:7c:ac:68:57:6c:29:52:63:00:a3:
         bd:bf:02:b9:78:98:36:ed:34:4f:55:5c:3e:4e:1a:99:b7:2a:
         2d:de:69:7a:2d:50:00:70:9e:07:3f:ee:e0:bb:15:86:76:70:
         06:87:aa:b0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJ1vqx7IIGzNOJpGCS9cm0+USdlkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMjcyMDQxNTZaFw0yNzAzMjYyMDQ2NTZaMDMxMTAvBgNV
BAMTKEFFNjFGRUU1QjREMDZEMzUzQTY1NDRGMTA0OEVCREZGQUMwQTc5RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwmyqcoS3+4zywHGUCqNwEbAHW
CstCTK3RHGbywPFA2ZXh4vs455Urci4wt51mT8kn1whnuP4ArRd5sexA8e/JMWjK
3hITVDQV8ifNW7GQRrsuEEfaz0eTwh5I62JCku4yD31UWn4TpGBfoY1a01cvbQyr
LJOccWQklpfM8UcVawcJgnA6xcNUunqr7h271CZ7+/sxDeU4qAX+dGe46a9y/6y5
9JFV9OSmdaJ9vql53UbI1HKoPK3oDo2izZ9APhjQfzQT0lAQ9p6+9HizNzCmLvfr
dyZsckEsliHj5pWNP0ypQuF2UpMwO3LHfbaTx+DugDLhPY6XafpjPWC2Fu7FAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUrmH+5bTQbTU6ZUTxBI69/6wKedkwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMxMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM5MzczNjMwMzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBg8w
DQYJKoZIhvcNAQELBQADggEBAJB8H+ZR0F9VnN05tSnew0kERHmPIPZgN96U2SNZ
7X9rLBRd5wRVS7gEU5GYhAtjOvt7XmLioLUPIOadd8CZixW3ZTFpFryyjW4ibuQq
bILg1YIcZppiDqKt+2hKELHwStkX2DFPNmNs/MBD9iLutLCOcWsjvzDvs+Fjcrp1
K/UCPQwKiu8griocCRT785ogR4chpLejDXDDY14BLg8NM4Oj/zp95e1iD18bY47p
CXuuGola1st6OBNQmBg0dPKOzsseelpKwPacPBumIIM9fKxoV2wpUmMAo72/Arl4
mDbtNE9VXD5OGpm3Ki3eaXotUABwngc/7uC7FYZ2cAaHqrA=
-----END CERTIFICATE-----