Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20383334.roa
File:                     33312e362e34372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          YizGDGMPnnpKVUGZuaiDK++NUv1IOKGkinaT8fL5NDE=
Subject key identifier:   14:E1:D4:74:E8:6B:6F:64:34:C9:BD:B4:B5:BD:09:5D:0B:E2:B9:76
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       3EEEA284D638423FC8D61C4BBAA4E09EDC255433
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 24 Feb 2026 00:02:17 +0000
ROA not before:           Mon 23 Feb 2026 23:57:17 +0000
ROA not after:            Tue 23 Feb 2027 00:02:17 +0000
asID:                     834
IP address blocks:        31.6.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:ee:a2:84:d6:38:42:3f:c8:d6:1c:4b:ba:a4:e0:9e:dc:25:54:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Feb 23 23:57:17 2026 GMT
            Not After : Feb 23 00:02:17 2027 GMT
        Subject: CN=14E1D474E86B6F6434C9BDB4B5BD095D0BE2B976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:78:a5:09:55:88:f5:2f:66:15:59:e2:19:70:
                    06:bd:ff:e8:28:95:ef:43:1a:be:18:dd:7d:dd:0f:
                    28:86:bf:d6:6e:67:86:df:e2:3f:6b:ce:83:7a:5a:
                    e7:77:e3:8a:3c:c0:1e:8e:c6:10:35:3b:28:bd:78:
                    ca:c1:7c:1e:76:30:b5:ef:92:ca:d4:9a:bb:a9:ce:
                    75:cf:86:12:a9:64:c0:ce:93:5b:22:1c:f4:f7:f0:
                    27:fa:9b:b2:e4:87:a8:1a:e2:85:f8:c7:f3:b1:df:
                    60:d6:2f:11:e5:a8:b0:48:e9:ff:7f:04:fc:5e:13:
                    50:f2:71:9f:09:ca:f9:20:ed:1f:83:7f:a6:9a:06:
                    f1:80:24:f9:38:b4:95:6e:0b:46:c1:13:86:7a:06:
                    df:b3:8e:06:29:b7:47:09:4f:e5:bd:01:f1:2a:f4:
                    14:5b:1f:4e:ad:0c:38:a7:30:dc:d9:c9:16:db:97:
                    53:ab:58:64:75:30:a8:3d:3a:37:40:08:78:06:12:
                    ee:64:7a:1b:5d:bb:ec:60:46:d9:aa:b2:fc:f6:f9:
                    4a:f6:60:32:97:8b:64:e0:57:2f:26:c2:51:8c:e6:
                    ca:fb:da:eb:0c:f9:98:53:c6:2b:48:4f:5b:c4:55:
                    1c:75:25:35:4e:1e:06:e8:98:28:01:1d:7c:5c:f4:
                    bc:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E1:D4:74:E8:6B:6F:64:34:C9:BD:B4:B5:BD:09:5D:0B:E2:B9:76
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:80:19:97:65:46:08:79:6d:67:92:85:7a:11:89:38:b8:0f:
         77:8d:08:fa:b4:20:fc:62:ad:4c:5e:50:d8:0b:57:b1:2b:1c:
         b4:e6:33:e9:49:d2:9d:33:bd:2d:c4:fe:68:59:f0:c4:56:47:
         44:58:7e:2b:a8:50:d3:86:20:bc:40:32:01:b3:b1:f6:ae:de:
         65:85:7a:06:40:12:db:b9:be:99:2b:ad:89:fd:49:c4:7c:ed:
         9a:ce:4e:d6:c2:9b:09:c6:66:da:22:f7:fb:03:05:eb:8f:c6:
         ae:10:74:d6:a6:39:11:56:25:00:fc:a3:9f:fc:fe:da:19:84:
         c7:63:a6:e9:3f:5c:5a:a1:30:b4:75:8c:88:5e:78:86:e1:3f:
         99:de:8f:36:f4:6c:b1:55:c8:1d:fc:20:1f:55:db:37:5a:75:
         9e:90:f8:c6:98:9c:36:c5:48:d8:26:41:b0:d6:b3:29:61:ce:
         f9:7f:31:d1:c9:98:6f:b9:34:3b:81:df:87:0c:3a:f1:59:96:
         b3:3e:00:7c:80:ab:91:7a:e7:b8:98:98:a2:ec:7c:18:f1:55:
         0a:f2:3b:d5:92:5b:2f:43:f4:4e:3c:21:5f:a3:b2:c6:ba:9b:
         18:86:c4:57:ca:2d:0e:9a:4f:9d:31:0b:18:93:e1:fb:d7:f4:
         bb:7d:46:6f
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUPu6ihNY4Qj/I1hxLuqTgntwlVDMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAyMjMyMzU3MTdaFw0yNzAyMjMwMDAyMTdaMDMxMTAvBgNV
BAMTKDE0RTFENDc0RTg2QjZGNjQzNEM5QkRCNEI1QkQwOTVEMEJFMkI5NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKeKUJVYj1L2YVWeIZcAa9/+go
le9DGr4Y3X3dDyiGv9ZuZ4bf4j9rzoN6Wud344o8wB6OxhA1Oyi9eMrBfB52MLXv
ksrUmrupznXPhhKpZMDOk1siHPT38Cf6m7Lkh6ga4oX4x/Ox32DWLxHlqLBI6f9/
BPxeE1DycZ8Jyvkg7R+Df6aaBvGAJPk4tJVuC0bBE4Z6Bt+zjgYpt0cJT+W9AfEq
9BRbH06tDDinMNzZyRbbl1OrWGR1MKg9OjdACHgGEu5kehtdu+xgRtmqsvz2+Ur2
YDKXi2TgVy8mwlGM5sr72usM+ZhTxitIT1vEVRx1JTVOHgbomCgBHXxc9LzHAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUFOHUdOhrb2Q0yb20tb0JXQviuXYwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi8wDQYJKoZI
hvcNAQELBQADggEBACmAGZdlRgh5bWeShXoRiTi4D3eNCPq0IPxirUxeUNgLV7Er
HLTmM+lJ0p0zvS3E/mhZ8MRWR0RYfiuoUNOGILxAMgGzsfau3mWFegZAEtu5vpkr
rYn9ScR87ZrOTtbCmwnGZtoi9/sDBeuPxq4QdNamORFWJQD8o5/8/toZhMdjpuk/
XFqhMLR1jIheeIbhP5nejzb0bLFVyB38IB9V2zdadZ6Q+MaYnDbFSNgmQbDWsylh
zvl/MdHJmG+5NDuB34cMOvFZlrM+AHyAq5F657iYmKLsfBjxVQryO9WSWy9D9E48
IV+jssa6mxiGxFfKLQ6aT50xCxiT4fvX9Lt9Rm8=
-----END CERTIFICATE-----