Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35392e302f32342d3234203d3e20323033303534.roa
File:                     33312e362e35392e302f32342d3234203d3e20323033303534.roa (raw, json)
Hash identifier:          gOxDerWmWVWP3xhZxHP9y6DF8FCcl68Xfinieufn8ws=
Subject key identifier:   F2:E7:5D:6D:04:C0:EE:23:49:C8:03:8F:1B:36:EB:A8:5B:0C:4C:03
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       41635BD5B19C94CB9A7FBE166139484A8E24AA0A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35392e302f32342d3234203d3e20323033303534.roa
Signing time:             Sun 29 Mar 2026 01:07:43 +0000
ROA not before:           Sun 29 Mar 2026 01:02:43 +0000
ROA not after:            Sun 28 Mar 2027 01:07:43 +0000
asID:                     203054
IP address blocks:        31.6.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:63:5b:d5:b1:9c:94:cb:9a:7f:be:16:61:39:48:4a:8e:24:aa:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 29 01:02:43 2026 GMT
            Not After : Mar 28 01:07:43 2027 GMT
        Subject: CN=F2E75D6D04C0EE2349C8038F1B36EBA85B0C4C03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:80:69:44:3e:cb:d4:6f:32:9a:ad:4a:59:49:
                    6b:f4:11:e1:7f:6c:61:70:f5:ca:5e:38:ef:ed:82:
                    53:54:d9:e5:a9:1d:73:90:35:33:72:f9:4b:f5:b0:
                    94:7b:c8:03:04:af:7e:a8:1d:78:62:94:fd:a8:56:
                    67:9e:be:24:52:84:3e:03:f7:42:2f:16:20:44:17:
                    fe:cf:50:c2:1a:4e:bb:5b:29:3f:65:7a:e7:77:ee:
                    b1:2e:cb:3d:a5:4d:16:fc:ef:ba:4b:b2:3d:dc:4a:
                    e3:ff:54:b7:d3:ba:e2:fd:b0:1c:c3:a6:13:51:69:
                    0d:ab:09:a7:d9:e5:d5:f4:27:94:24:0d:fe:56:36:
                    d1:f7:48:a6:ac:55:66:00:ed:65:01:76:73:4d:16:
                    dd:ce:9c:d2:39:c5:77:b9:72:02:fb:6a:8d:e8:54:
                    46:69:bd:8b:24:76:ea:11:87:ee:65:78:19:0b:ca:
                    76:b6:24:d6:d6:53:4f:e6:12:fb:03:14:f1:d4:bf:
                    b3:66:e8:3e:d3:41:c6:71:85:49:0a:05:10:6e:a5:
                    4d:23:04:ee:15:01:16:42:fc:0e:fa:6b:33:5b:b0:
                    e1:70:07:e5:72:2a:3e:ee:40:d6:d0:05:34:eb:b1:
                    d2:53:72:e7:47:f8:53:66:79:a1:51:9c:eb:8b:bf:
                    a1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E7:5D:6D:04:C0:EE:23:49:C8:03:8F:1B:36:EB:A8:5B:0C:4C:03
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e35392e302f32342d3234203d3e20323033303534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:98:16:0f:a8:0c:d8:0e:1b:fc:40:25:24:9e:18:61:d3:88:
         4c:3a:e1:d3:49:f8:ce:f9:53:e0:11:99:2d:e4:82:d7:52:24:
         4a:79:c5:57:2a:8a:bb:16:e2:9a:1b:9f:ca:80:63:c6:c3:77:
         27:0c:6c:de:01:cc:f4:64:ac:19:7e:af:41:7f:d8:0e:b8:95:
         65:4a:83:0d:3d:49:d7:64:13:11:ea:f6:dd:e6:32:db:45:5a:
         57:30:6d:e0:d1:59:d8:90:9d:87:7d:09:65:23:4b:2f:8d:a2:
         95:c6:f0:1f:43:ab:11:ef:82:fc:de:a9:34:3a:aa:19:62:61:
         3a:bd:aa:1a:bb:db:0d:f3:96:b3:6e:a2:63:f6:3e:6e:f0:5e:
         b1:9e:9c:5f:e5:41:40:fa:87:fb:1e:3d:2a:f5:bf:1d:46:f1:
         89:9d:c8:33:42:ed:13:aa:cd:9a:6f:e9:cd:0b:bb:e4:3d:d8:
         c1:2d:a6:27:70:f7:c5:27:84:1f:5a:0f:c9:50:05:22:b1:6d:
         05:ac:d1:9a:14:22:a9:89:c6:35:d8:51:f9:47:95:3f:cf:65:
         2d:8b:56:48:20:6c:00:ec:b8:a3:e5:4a:99:94:95:dd:8f:a2:
         4b:14:34:c8:0e:8f:9a:8f:ff:4e:cd:36:5f:3b:3f:1b:51:42:
         92:02:0a:4e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQWNb1bGclMuaf74WYTlISo4kqgowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMjkwMTAyNDNaFw0yNzAzMjgwMTA3NDNaMDMxMTAvBgNV
BAMTKEYyRTc1RDZEMDRDMEVFMjM0OUM4MDM4RjFCMzZFQkE4NUIwQzRDMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDygGlEPsvUbzKarUpZSWv0EeF/
bGFw9cpeOO/tglNU2eWpHXOQNTNy+Uv1sJR7yAMEr36oHXhilP2oVmeeviRShD4D
90IvFiBEF/7PUMIaTrtbKT9leud37rEuyz2lTRb877pLsj3cSuP/VLfTuuL9sBzD
phNRaQ2rCafZ5dX0J5QkDf5WNtH3SKasVWYA7WUBdnNNFt3OnNI5xXe5cgL7ao3o
VEZpvYskduoRh+5leBkLyna2JNbWU0/mEvsDFPHUv7Nm6D7TQcZxhUkKBRBupU0j
BO4VARZC/A76azNbsOFwB+VyKj7uQNbQBTTrsdJTcudH+FNmeaFRnOuLv6EJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU8uddbQTA7iNJyAOPGzbrqFsMTAMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM1MzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzMzMDM1MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBjsw
DQYJKoZIhvcNAQELBQADggEBAKKYFg+oDNgOG/xAJSSeGGHTiEw64dNJ+M75U+AR
mS3kgtdSJEp5xVcqirsW4pobn8qAY8bDdycMbN4BzPRkrBl+r0F/2A64lWVKgw09
SddkExHq9t3mMttFWlcwbeDRWdiQnYd9CWUjSy+NopXG8B9DqxHvgvzeqTQ6qhli
YTq9qhq72w3zlrNuomP2Pm7wXrGenF/lQUD6h/sePSr1vx1G8YmdyDNC7ROqzZpv
6c0Lu+Q92MEtpidw98UnhB9aD8lQBSKxbQWs0ZoUIqmJxjXYUflHlT/PZS2LVkgg
bADsuKPlSpmUld2PoksUNMgOj5qP/07NNl87PxtRQpICCk4=
-----END CERTIFICATE-----