Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20383334.roa
File:                     33312e362e35312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          2MXIry+Fj7K0ZclMpQ1cRdHbqk9vST8wc6OfRTzXn7E=
Subject key identifier:   D9:F3:41:3D:72:D0:9E:E4:C6:5F:30:D6:8C:D1:5C:3A:18:2C:E8:32
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4BDFE01E64D57BA3A11747B831A472F4F61DD567
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 04 Aug 2025 00:00:40 +0000
ROA not before:           Sun 03 Aug 2025 23:55:40 +0000
ROA not after:            Mon 03 Aug 2026 00:00:40 +0000
asID:                     834
IP address blocks:        31.6.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 04:15:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:df:e0:1e:64:d5:7b:a3:a1:17:47:b8:31:a4:72:f4:f6:1d:d5:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug  3 23:55:40 2025 GMT
            Not After : Aug  3 00:00:40 2026 GMT
        Subject: CN=D9F3413D72D09EE4C65F30D68CD15C3A182CE832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7d:ce:c2:83:ba:6f:37:bf:b8:72:ab:94:1e:
                    87:50:f0:76:e5:d3:31:88:4a:9c:0c:97:b6:6c:a7:
                    6e:bc:f6:e0:7c:c5:ba:b5:f8:81:72:2d:3f:47:94:
                    25:33:f4:86:ff:f8:40:17:41:01:7a:58:13:7d:44:
                    ae:a4:a3:e9:de:04:2d:11:27:da:24:ec:f5:99:5f:
                    95:52:c4:cc:15:07:e7:cd:0a:2c:7b:bc:fd:67:4c:
                    83:f3:1f:49:34:bc:4f:9e:94:e5:79:eb:96:a4:f4:
                    0e:0c:8f:76:d9:0b:03:5a:ce:67:aa:48:8b:9d:a6:
                    de:16:df:a4:94:06:07:50:ee:9e:15:20:5b:32:21:
                    84:a9:bb:08:9d:2d:36:8a:01:6e:3c:54:0a:ee:a1:
                    49:39:ea:91:a1:4b:54:d4:6a:a6:b2:b0:99:f9:a2:
                    ce:66:29:1e:d0:e7:72:71:7b:4b:f0:2a:e0:82:af:
                    73:61:1b:51:01:24:ad:d6:a5:66:e4:e3:a0:b0:6d:
                    86:70:aa:68:b2:a6:8e:57:98:b2:8f:97:80:4c:99:
                    43:17:75:2c:5b:98:a9:ff:dd:0d:2c:d1:e5:04:8d:
                    23:e2:b6:50:c3:0b:71:71:70:ac:50:f8:d2:3b:9b:
                    ae:dc:2d:e3:09:88:ed:19:a4:91:ca:57:f6:f4:d0:
                    b6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F3:41:3D:72:D0:9E:E4:C6:5F:30:D6:8C:D1:5C:3A:18:2C:E8:32
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:cc:f4:87:c8:71:0f:55:7a:c3:cf:1a:4d:5b:d8:7d:e6:50:
         dd:28:e1:14:88:bd:a0:cc:6a:18:8e:3a:3e:39:3b:3c:26:21:
         eb:77:78:99:ee:9c:75:08:b8:60:8d:3c:80:58:48:2a:e2:a4:
         32:d6:6f:f5:0f:96:10:f5:05:b2:f2:93:db:99:e9:24:f9:2e:
         51:94:bb:bb:71:f6:f6:a8:9b:88:19:09:95:1b:d2:18:50:fd:
         14:60:6e:a9:77:c8:67:10:8d:42:16:8d:42:41:31:c4:85:d3:
         f2:44:46:85:23:5e:27:1c:14:d9:b3:3a:63:93:dd:22:01:a5:
         16:43:ad:11:97:a3:e6:85:b2:0d:88:75:68:50:8e:60:0e:5b:
         d4:29:fd:fc:22:a4:95:2a:38:8d:c8:5a:61:a6:2b:d8:95:1c:
         62:c1:03:c3:df:93:3f:50:21:14:63:8c:bb:63:bb:2d:c8:34:
         99:55:40:9a:00:b7:31:d5:64:37:12:9e:32:f9:b8:6a:5b:69:
         f5:e1:39:e2:28:14:d3:55:1d:3f:23:d0:c5:71:2d:26:c3:df:
         48:da:5f:bd:d9:24:19:d7:c7:07:33:45:90:55:dd:3b:fd:11:
         51:b2:fa:bc:30:cf:1c:5e:51:f3:68:c1:95:30:da:f0:36:22:
         15:d2:e5:41
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUS9/gHmTVe6OhF0e4MaRy9PYd1WcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MDMyMzU1NDBaFw0yNjA4MDMwMDAwNDBaMDMxMTAvBgNV
BAMTKEQ5RjM0MTNENzJEMDlFRTRDNjVGMzBENjhDRDE1QzNBMTgyQ0U4MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDffc7Cg7pvN7+4cquUHodQ8Hbl
0zGISpwMl7Zsp2689uB8xbq1+IFyLT9HlCUz9Ib/+EAXQQF6WBN9RK6ko+neBC0R
J9ok7PWZX5VSxMwVB+fNCix7vP1nTIPzH0k0vE+elOV565ak9A4Mj3bZCwNazmeq
SIudpt4W36SUBgdQ7p4VIFsyIYSpuwidLTaKAW48VAruoUk56pGhS1TUaqaysJn5
os5mKR7Q53Jxe0vwKuCCr3NhG1EBJK3WpWbk46CwbYZwqmiypo5XmLKPl4BMmUMX
dSxbmKn/3Q0s0eUEjSPitlDDC3FxcKxQ+NI7m67cLeMJiO0ZpJHKV/b00LZzAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQU2fNBPXLQnuTGXzDWjNFcOhgs6DIwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjMwDQYJKoZI
hvcNAQELBQADggEBAJrM9IfIcQ9VesPPGk1b2H3mUN0o4RSIvaDMahiOOj45Ozwm
Iet3eJnunHUIuGCNPIBYSCripDLWb/UPlhD1BbLyk9uZ6ST5LlGUu7tx9vaom4gZ
CZUb0hhQ/RRgbql3yGcQjUIWjUJBMcSF0/JERoUjXiccFNmzOmOT3SIBpRZDrRGX
o+aFsg2IdWhQjmAOW9Qp/fwipJUqOI3IWmGmK9iVHGLBA8Pfkz9QIRRjjLtjuy3I
NJlVQJoAtzHVZDcSnjL5uGpbafXhOeIoFNNVHT8j0MVxLSbD30jaX73ZJBnXxwcz
RZBV3Tv9EVGy+rwwzxxeUfNowZUw2vA2IhXS5UE=
-----END CERTIFICATE-----