Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa
File:                     33312e362e362e302f32342d3234203d3e203232333633.roa (raw, json)
Hash identifier:          UUsbK7j0e8k6Pb9Y0Je1zgHui/1XHV5XxSaGcDQoiy8=
Subject key identifier:   A3:04:69:67:38:15:D8:1D:18:A4:E4:A8:1E:F4:BC:B8:54:EC:95:14
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       071A1E2C9BC9666D370A3B5743FECBBB35E94836
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa
Signing time:             Mon 04 Aug 2025 06:54:13 +0000
ROA not before:           Mon 04 Aug 2025 06:49:13 +0000
ROA not after:            Mon 03 Aug 2026 06:54:13 +0000
asID:                     22363
IP address blocks:        31.6.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:1a:1e:2c:9b:c9:66:6d:37:0a:3b:57:43:fe:cb:bb:35:e9:48:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug  4 06:49:13 2025 GMT
            Not After : Aug  3 06:54:13 2026 GMT
        Subject: CN=A30469673815D81D18A4E4A81EF4BCB854EC9514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b3:6a:88:97:5a:45:ec:20:58:58:53:0e:5c:
                    57:a4:46:10:73:06:ca:8e:a2:9b:e9:88:ae:ce:46:
                    c1:6c:de:e4:64:f3:c0:37:b1:5e:a5:68:8e:b0:b1:
                    53:a8:27:c0:ac:a9:66:5a:96:95:2d:52:00:24:69:
                    7b:5e:3d:d1:31:78:d5:fd:a5:14:ed:82:b7:72:9a:
                    7a:cf:f8:99:ac:93:be:dd:48:23:60:ab:50:4a:7a:
                    d8:27:e9:8b:a0:d4:ce:db:76:b0:29:eb:27:60:04:
                    7e:2e:93:49:22:25:e6:55:16:e8:37:6a:74:35:9c:
                    4f:5d:15:0c:14:62:14:bd:61:b0:43:03:4d:89:44:
                    33:72:3b:8a:d8:b0:21:13:6f:1d:14:3d:35:de:8f:
                    c1:79:3a:c4:64:11:bc:0d:e1:33:26:30:a9:51:af:
                    f3:1b:db:6a:60:8e:79:89:5b:ac:71:88:14:3d:b3:
                    31:46:49:d7:71:53:fc:0a:22:53:da:a1:89:cd:db:
                    ac:b8:2c:6e:8e:7a:c3:c7:c7:21:a5:da:2d:94:51:
                    61:f1:0c:cc:23:b9:34:29:1a:36:2a:f7:87:1c:9c:
                    e4:21:58:5a:12:c9:7e:91:23:00:7a:34:2c:09:ff:
                    fa:82:23:98:ed:a0:d8:32:7a:9e:fe:81:f0:57:4d:
                    c2:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:04:69:67:38:15:D8:1D:18:A4:E4:A8:1E:F4:BC:B8:54:EC:95:14
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e362e302f32342d3234203d3e203232333633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:a4:8d:e8:01:0c:72:8a:3a:f5:db:0c:3d:c2:8d:b9:98:09:
         32:3a:81:b9:f8:04:b9:46:02:38:3a:88:93:48:f8:4a:6d:75:
         9b:3b:ef:97:01:f7:90:cf:4b:d0:8c:7f:0d:fc:80:37:32:84:
         96:db:1e:03:7d:c4:f1:ee:ba:9b:d8:b9:95:48:ea:cb:ec:7f:
         50:b4:97:ec:24:4d:c4:da:1b:d0:80:e0:91:c2:d8:3f:ba:9b:
         3f:7d:9b:61:38:94:ce:7c:c7:ab:a5:d2:1a:11:c4:5e:70:1a:
         2b:dd:bc:eb:c0:74:4e:37:11:00:26:9b:1a:e1:0a:cb:7d:ff:
         3b:bd:61:0a:32:c2:5b:08:24:a4:bf:15:27:b3:d8:ef:c2:01:
         d5:86:ff:f9:13:6a:e5:2a:30:e7:bc:d3:98:be:5c:1c:e2:45:
         10:88:b0:d6:9d:e2:9f:ed:89:e7:d6:9b:89:47:ed:fb:61:75:
         1a:2b:37:0b:d1:9c:36:ce:81:05:7d:bf:a7:85:d6:3b:1f:59:
         9b:42:33:7f:bc:ea:ea:26:0e:cd:b7:6a:83:fd:b6:70:48:37:
         26:90:63:3d:6e:b8:f5:7d:c0:47:76:22:74:6e:19:cc:fc:43:
         4e:a1:db:92:b4:d2:fb:41:9f:cc:2a:4c:66:5b:5a:66:82:e4:
         c0:63:d5:ca
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUBxoeLJvJZm03CjtXQ/7LuzXpSDYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MDQwNjQ5MTNaFw0yNjA4MDMwNjU0MTNaMDMxMTAvBgNV
BAMTKEEzMDQ2OTY3MzgxNUQ4MUQxOEE0RTRBODFFRjRCQ0I4NTRFQzk1MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbs2qIl1pF7CBYWFMOXFekRhBz
BsqOopvpiK7ORsFs3uRk88A3sV6laI6wsVOoJ8CsqWZalpUtUgAkaXtePdExeNX9
pRTtgrdymnrP+Jmsk77dSCNgq1BKetgn6Yug1M7bdrAp6ydgBH4uk0kiJeZVFug3
anQ1nE9dFQwUYhS9YbBDA02JRDNyO4rYsCETbx0UPTXej8F5OsRkEbwN4TMmMKlR
r/Mb22pgjnmJW6xxiBQ9szFGSddxU/wKIlPaoYnN26y4LG6OesPHxyGl2i2UUWHx
DMwjuTQpGjYq94ccnOQhWFoSyX6RIwB6NCwJ//qCI5jtoNgyep7+gfBXTcLtAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUowRpZzgV2B0YpOSoHvS8uFTslRQwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMzMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GBjANBgkq
hkiG9w0BAQsFAAOCAQEAMaSN6AEMcoo69dsMPcKNuZgJMjqBufgEuUYCODqIk0j4
Sm11mzvvlwH3kM9L0Ix/DfyANzKEltseA33E8e66m9i5lUjqy+x/ULSX7CRNxNob
0IDgkcLYP7qbP32bYTiUznzHq6XSGhHEXnAaK92868B0TjcRACabGuEKy33/O71h
CjLCWwgkpL8VJ7PY78IB1Yb/+RNq5Sow57zTmL5cHOJFEIiw1p3in+2J59abiUft
+2F1Gis3C9GcNs6BBX2/p4XWOx9Zm0Izf7zq6iYOzbdqg/22cEg3JpBjPW649X3A
R3YidG4ZzPxDTqHbkrTS+0GfzCpMZltaZoLkwGPVyg==
-----END CERTIFICATE-----