Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20343031373736.roa
File:                     33312e362e35322e302f32342d3234203d3e20343031373736.roa (raw, json)
Hash identifier:          OySrszmL1Vd+owMLYZ7rtNBxJxoFKhgQwOQVTVOLzK8=
Subject key identifier:   04:52:EC:34:A4:68:FD:60:C0:F4:69:FD:6C:6E:33:65:5B:C2:D1:1A
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       27F8DD3F50D0F451199CBEC040381214FC94F963
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20343031373736.roa
Signing time:             Thu 26 Mar 2026 11:36:40 +0000
ROA not before:           Thu 26 Mar 2026 11:31:40 +0000
ROA not after:            Thu 25 Mar 2027 11:36:40 +0000
asID:                     401776
IP address blocks:        31.6.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:f8:dd:3f:50:d0:f4:51:19:9c:be:c0:40:38:12:14:fc:94:f9:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 26 11:31:40 2026 GMT
            Not After : Mar 25 11:36:40 2027 GMT
        Subject: CN=0452EC34A468FD60C0F469FD6C6E33655BC2D11A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1f:ec:cd:ea:75:f0:e1:a3:3a:b5:aa:0a:6d:
                    6f:d1:69:a5:d3:82:3b:ae:92:95:ff:32:0b:89:92:
                    99:24:88:30:a7:06:a4:d8:ab:11:f2:59:5a:61:02:
                    73:d1:73:40:28:d8:15:95:e1:de:fd:b7:48:ee:a2:
                    01:1d:81:56:68:d5:ca:09:ad:fc:0c:61:62:90:d0:
                    14:6a:c0:ff:8c:9f:5e:50:81:8b:27:7b:94:2f:33:
                    74:34:c4:a1:d4:a5:92:ec:ef:b2:e3:32:0c:d2:86:
                    28:fc:a8:d0:47:4c:9d:77:aa:f7:41:61:6d:13:ce:
                    c0:67:11:3e:1e:9d:84:0d:08:1e:19:d0:7d:85:10:
                    43:46:f4:26:d8:57:14:34:40:90:2c:19:63:95:47:
                    b9:6b:21:53:37:64:9e:96:14:23:9d:bb:17:02:80:
                    06:02:13:7f:1b:11:67:bc:55:3e:c2:a9:5a:a2:1a:
                    07:8d:9e:9d:e8:a1:ad:1c:14:39:89:36:0f:bc:f6:
                    56:f6:70:55:3a:71:7b:ff:33:59:9f:24:0c:17:ea:
                    78:1f:c6:e7:82:6d:a8:d9:00:d0:4c:72:7c:82:3d:
                    64:40:2b:97:03:d3:94:59:3f:0a:8d:6c:64:0f:b8:
                    6c:70:e3:26:b4:5f:67:ff:b1:09:3f:23:48:5e:ac:
                    4a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:52:EC:34:A4:68:FD:60:C0:F4:69:FD:6C:6E:33:65:5B:C2:D1:1A
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35322e302f32342d3234203d3e20343031373736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:f9:e6:3a:9b:71:6f:d4:43:6a:89:13:95:9a:b8:58:b0:9a:
         4a:44:ed:bf:96:33:91:c1:7e:74:b9:6d:54:10:93:a7:ea:11:
         13:f2:25:2c:27:5f:b5:3a:c1:c9:4f:89:47:ba:ef:1d:07:5a:
         ae:45:3d:70:8f:34:8d:18:b2:21:10:3b:21:e4:ba:25:a1:7a:
         2f:f1:b3:a6:81:3c:fa:fc:8f:a2:3f:24:f9:a5:86:f8:1e:b3:
         e6:36:4a:b2:35:5d:4c:aa:9b:65:7d:9b:de:82:8c:2b:1d:d4:
         49:84:1e:55:e1:58:e5:b2:be:b6:cf:9f:d4:c5:ce:96:a9:f2:
         52:7f:67:2e:d7:90:54:c8:90:ee:ee:b5:d7:67:94:2f:22:c4:
         fd:51:a0:2c:f3:68:cc:99:47:60:27:d0:70:2a:59:6f:51:83:
         94:a4:37:3e:27:54:7b:d0:35:81:92:ea:1c:5b:14:e0:9f:c0:
         09:01:4a:dd:4b:c8:0c:d3:b0:b3:62:53:e1:fb:05:96:07:77:
         b4:9f:43:e2:b5:92:55:e5:d1:73:0e:a5:75:55:4a:b0:a4:41:
         83:30:7c:9b:a2:50:67:4c:34:81:d7:12:ab:29:3a:c4:ec:18:
         c0:b2:0c:27:18:da:76:18:b6:f4:53:c2:ab:1a:f6:b7:23:cd:
         d1:a5:e1:d5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJ/jdP1DQ9FEZnL7AQDgSFPyU+WMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMjYxMTMxNDBaFw0yNzAzMjUxMTM2NDBaMDMxMTAvBgNV
BAMTKDA0NTJFQzM0QTQ2OEZENjBDMEY0NjlGRDZDNkUzMzY1NUJDMkQxMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClH+zN6nXw4aM6taoKbW/RaaXT
gjuukpX/MguJkpkkiDCnBqTYqxHyWVphAnPRc0Ao2BWV4d79t0juogEdgVZo1coJ
rfwMYWKQ0BRqwP+Mn15QgYsne5QvM3Q0xKHUpZLs77LjMgzShij8qNBHTJ13qvdB
YW0TzsBnET4enYQNCB4Z0H2FEENG9CbYVxQ0QJAsGWOVR7lrIVM3ZJ6WFCOduxcC
gAYCE38bEWe8VT7CqVqiGgeNnp3ooa0cFDmJNg+89lb2cFU6cXv/M1mfJAwX6ngf
xueCbajZANBMcnyCPWRAK5cD05RZPwqNbGQPuGxw4ya0X2f/sQk/I0herEqpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBFLsNKRo/WDA9Gn9bG4zZVvC0RowHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzEzNzM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjQw
DQYJKoZIhvcNAQELBQADggEBAF355jqbcW/UQ2qJE5WauFiwmkpE7b+WM5HBfnS5
bVQQk6fqERPyJSwnX7U6wclPiUe67x0HWq5FPXCPNI0YsiEQOyHkuiWhei/xs6aB
PPr8j6I/JPmlhvges+Y2SrI1XUyqm2V9m96CjCsd1EmEHlXhWOWyvrbPn9TFzpap
8lJ/Zy7XkFTIkO7utddnlC8ixP1RoCzzaMyZR2An0HAqWW9Rg5SkNz4nVHvQNYGS
6hxbFOCfwAkBSt1LyAzTsLNiU+H7BZYHd7SfQ+K1klXl0XMOpXVVSrCkQYMwfJui
UGdMNIHXEqspOsTsGMCyDCcY2nYYtvRTwqsa9rcjzdGl4dU=
-----END CERTIFICATE-----