Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa
File:                     33312e362e34322e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          xEDjTRHqphz3KEpKpFG0uUC8o0s7th578eRlEBxHxqs=
Subject key identifier:   BF:3B:9E:6B:33:73:B9:EA:05:A2:76:E7:BB:D9:0F:F2:5E:3B:A6:5B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       2D9AB6A947F38A03408F1E2033997BD9E924C09A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 04 Aug 2025 06:54:13 +0000
ROA not before:           Mon 04 Aug 2025 06:49:13 +0000
ROA not after:            Mon 03 Aug 2026 06:54:13 +0000
asID:                     22363
IP address blocks:        31.6.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:9a:b6:a9:47:f3:8a:03:40:8f:1e:20:33:99:7b:d9:e9:24:c0:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug  4 06:49:13 2025 GMT
            Not After : Aug  3 06:54:13 2026 GMT
        Subject: CN=BF3B9E6B3373B9EA05A276E7BBD90FF25E3BA65B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:11:6a:1d:e1:e4:1b:41:af:18:d4:77:97:d9:
                    80:59:3c:37:ca:f7:34:14:a0:82:42:7a:7a:a4:9e:
                    30:d2:a2:59:ef:46:17:cd:d1:77:9f:82:5d:49:b4:
                    a8:c7:16:d0:1b:d1:4b:d4:40:b7:c7:36:00:b5:2a:
                    cb:4b:ec:fd:3c:25:55:65:92:a7:bf:e8:40:39:89:
                    71:32:35:e0:51:86:53:b7:16:31:5d:1d:eb:2b:64:
                    f8:ca:7d:9c:4b:17:da:fc:95:77:5d:d4:d9:a7:45:
                    5f:67:23:29:05:ed:ee:cc:b3:50:05:98:69:ab:ee:
                    e9:ac:38:a0:f6:57:a5:55:d0:d8:a3:f8:df:fb:06:
                    32:38:71:1f:2d:38:53:9f:a8:7a:c6:64:4d:e8:7a:
                    c5:2e:cc:b4:66:47:80:40:1a:6a:77:b6:a5:fd:35:
                    98:3e:c7:74:c1:b6:e1:b9:8f:03:12:9b:3e:52:6e:
                    89:ce:de:3e:18:20:fe:89:46:28:81:81:72:dc:8d:
                    fb:91:a5:06:19:40:1d:87:44:ab:45:a7:60:19:a8:
                    88:48:0d:7e:52:62:08:d6:fb:79:43:fd:3b:27:1e:
                    1b:47:d8:e0:25:5b:6f:49:27:e0:65:c1:8e:8a:30:
                    20:25:02:9b:d1:54:05:6f:3d:29:59:08:65:02:5b:
                    6c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3B:9E:6B:33:73:B9:EA:05:A2:76:E7:BB:D9:0F:F2:5E:3B:A6:5B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34322e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9f:3e:0b:08:1a:97:df:f6:f1:59:95:ca:26:f9:e5:94:e2:
         92:86:9c:57:1f:1e:3b:3d:c9:83:a4:67:5d:2e:e9:3d:e4:44:
         9c:a3:52:15:a7:91:b2:c2:55:d6:55:ad:b1:57:06:84:cc:56:
         d4:d2:69:c0:93:75:3a:3c:11:36:e9:3f:e0:78:70:f2:96:cc:
         5b:88:c4:f7:5b:63:6e:2c:04:37:19:51:b0:35:16:4c:29:fd:
         be:1f:d1:5e:e3:b3:c9:2c:58:85:e5:92:c7:1f:0e:54:cf:bc:
         36:27:26:1d:cf:c7:49:a2:08:93:8a:49:77:b8:12:7c:3e:e1:
         21:77:9d:c3:14:db:5a:dd:19:d2:3b:6c:a6:5b:1d:05:26:65:
         45:33:ab:42:58:1d:30:72:39:b7:33:bd:b6:33:12:d4:6e:9c:
         c2:d0:3d:6c:89:67:3c:73:c6:39:77:2d:8b:54:b9:1b:f8:3b:
         ed:cf:d6:5d:d0:79:76:f2:4c:a2:6f:7e:cc:c5:94:eb:8a:e7:
         2c:32:d8:a2:98:da:b5:61:9f:c5:c9:4d:f2:0f:de:dc:e9:03:
         bd:60:66:f9:9c:66:b3:f2:e3:d0:59:36:9b:9e:3f:2b:35:34:
         5b:df:b0:1e:1b:44:df:d6:99:e3:f2:da:9c:fb:19:b5:20:a9:
         a3:4f:4b:42
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULZq2qUfzigNAjx4gM5l72ekkwJowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MDQwNjQ5MTNaFw0yNjA4MDMwNjU0MTNaMDMxMTAvBgNV
BAMTKEJGM0I5RTZCMzM3M0I5RUEwNUEyNzZFN0JCRDkwRkYyNUUzQkE2NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNEWod4eQbQa8Y1HeX2YBZPDfK
9zQUoIJCenqknjDSolnvRhfN0Xefgl1JtKjHFtAb0UvUQLfHNgC1KstL7P08JVVl
kqe/6EA5iXEyNeBRhlO3FjFdHesrZPjKfZxLF9r8lXdd1NmnRV9nIykF7e7Ms1AF
mGmr7umsOKD2V6VV0Nij+N/7BjI4cR8tOFOfqHrGZE3oesUuzLRmR4BAGmp3tqX9
NZg+x3TBtuG5jwMSmz5SbonO3j4YIP6JRiiBgXLcjfuRpQYZQB2HRKtFp2AZqIhI
DX5SYgjW+3lD/TsnHhtH2OAlW29JJ+BlwY6KMCAlApvRVAVvPSlZCGUCW2yfAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUvzueazNzueoFonbnu9kP8l47plswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMyMzMzNjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYqMA0G
CSqGSIb3DQEBCwUAA4IBAQB2nz4LCBqX3/bxWZXKJvnllOKShpxXHx47PcmDpGdd
Luk95ESco1IVp5GywlXWVa2xVwaEzFbU0mnAk3U6PBE26T/geHDylsxbiMT3W2Nu
LAQ3GVGwNRZMKf2+H9Fe47PJLFiF5ZLHHw5Uz7w2JyYdz8dJogiTikl3uBJ8PuEh
d53DFNta3RnSO2ymWx0FJmVFM6tCWB0wcjm3M722MxLUbpzC0D1siWc8c8Y5dy2L
VLkb+Dvtz9Zd0Hl28kyib37MxZTriucsMtiimNq1YZ/FyU3yD97c6QO9YGb5nGaz
8uPQWTabnj8rNTRb37AeG0Tf1pnj8tqc+xm1IKmjT0tC
-----END CERTIFICATE-----