Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e20323032393334.roa
File:                     33312e362e372e302f32342d3234203d3e20323032393334.roa (raw, json)
Hash identifier:          m72db9zLVSJQxgda3f/hbwbqO/RNn+GIgxy0g03dq90=
Subject key identifier:   17:07:39:E4:02:8D:AA:DB:A8:80:6D:96:07:9B:67:BA:6C:43:D6:25
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       5C76EA237B4896C59AA2EBADC4F386F5C9CA6380
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e20323032393334.roa
Signing time:             Mon 08 Jun 2026 08:42:04 +0000
ROA not before:           Mon 08 Jun 2026 08:37:04 +0000
ROA not after:            Mon 07 Jun 2027 08:42:04 +0000
asID:                     202934
IP address blocks:        31.6.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:76:ea:23:7b:48:96:c5:9a:a2:eb:ad:c4:f3:86:f5:c9:ca:63:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jun  8 08:37:04 2026 GMT
            Not After : Jun  7 08:42:04 2027 GMT
        Subject: CN=170739E4028DAADBA8806D96079B67BA6C43D625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:23:68:10:6f:ac:88:f9:18:ab:59:24:5a:19:
                    36:f8:f6:93:eb:06:70:9e:f2:50:91:70:22:48:4f:
                    6a:7d:55:0e:91:67:e0:66:0d:c2:1f:72:5d:80:88:
                    4e:7b:4d:95:7b:39:1a:b9:22:5f:97:45:32:c8:0e:
                    69:e6:dc:08:5d:40:8c:89:53:3e:00:1d:3e:0b:9d:
                    6a:75:5c:9e:71:7f:4d:b7:7e:56:94:9f:2e:63:ea:
                    b4:a3:61:63:9d:c8:d9:c2:ca:d8:a8:35:af:c5:97:
                    f7:f5:ac:fb:b7:a4:3f:d8:d0:f6:df:2e:0b:fd:e0:
                    c3:f7:ba:71:c5:51:7e:83:d1:bf:9f:a3:33:5a:bd:
                    6e:d0:40:d4:8b:05:1e:de:c3:b7:5d:04:57:77:e3:
                    dd:e4:8f:64:fc:02:ee:b6:ba:fd:01:81:b2:21:fc:
                    01:f1:12:ed:7f:97:da:f7:af:8f:41:e4:bd:68:0b:
                    df:e6:ff:d4:77:e7:c3:8c:b7:c4:88:58:27:d8:dc:
                    35:46:49:78:94:ce:89:98:68:19:6a:67:75:78:e3:
                    f0:ad:d6:31:4a:cb:4b:10:02:5a:2b:3b:8f:e8:cc:
                    98:00:f5:38:46:0f:ce:f9:1e:fd:1d:2c:0e:cb:92:
                    47:87:dc:81:05:dd:23:c8:f9:42:7d:8b:e7:ab:0d:
                    40:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:07:39:E4:02:8D:AA:DB:A8:80:6D:96:07:9B:67:BA:6C:43:D6:25
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e372e302f32342d3234203d3e20323032393334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:a1:77:de:8d:0b:03:ad:db:df:e1:22:6b:af:fe:f6:f2:ea:
         5a:64:a2:e7:2a:a6:2c:e8:37:b0:3e:aa:9c:ba:fe:57:cd:21:
         3b:5f:42:c6:10:22:06:fd:2b:5b:c3:89:2e:b5:c1:81:6f:36:
         27:95:e9:4e:da:ba:1f:11:1c:ea:aa:4a:48:a5:8b:5a:ac:5c:
         59:d1:ad:3c:03:38:a2:1e:43:98:ad:a0:65:fc:84:25:fd:f9:
         48:f2:24:2b:01:27:ed:7d:12:45:36:19:3f:22:b5:fc:05:34:
         a3:95:91:0f:eb:6e:78:74:54:4d:16:3e:b6:d4:d2:74:e9:cf:
         20:d5:ef:da:b0:6f:c1:05:1b:a2:c8:6c:33:30:6c:a8:dd:d7:
         cc:e7:af:58:18:42:6e:a8:24:b4:88:7a:20:35:f1:35:fe:70:
         60:54:bf:f1:b8:52:95:e6:82:ed:8a:17:15:75:78:c7:ec:96:
         96:3d:6d:50:bd:9b:f1:a1:93:7b:6f:3e:bd:9a:0c:12:59:fd:
         b4:30:2b:6b:71:ef:a3:c4:31:b4:25:f2:5c:94:67:8b:e3:d0:
         6b:33:09:68:3a:08:38:c1:7f:7f:66:0d:95:57:84:f4:29:07:
         1e:7e:93:22:62:bd:2b:0a:aa:20:5b:4f:c7:eb:b8:69:5c:6d:
         f2:d9:c9:5a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUXHbqI3tIlsWaouutxPOG9cnKY4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjA2MDgwODM3MDRaFw0yNzA2MDcwODQyMDRaMDMxMTAvBgNV
BAMTKDE3MDczOUU0MDI4REFBREJBODgwNkQ5NjA3OUI2N0JBNkM0M0Q2MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbI2gQb6yI+RirWSRaGTb49pPr
BnCe8lCRcCJIT2p9VQ6RZ+BmDcIfcl2AiE57TZV7ORq5Il+XRTLIDmnm3AhdQIyJ
Uz4AHT4LnWp1XJ5xf023flaUny5j6rSjYWOdyNnCytioNa/Fl/f1rPu3pD/Y0Pbf
Lgv94MP3unHFUX6D0b+fozNavW7QQNSLBR7ew7ddBFd3493kj2T8Au62uv0BgbIh
/AHxEu1/l9r3r49B5L1oC9/m/9R358OMt8SIWCfY3DVGSXiUzomYaBlqZ3V44/Ct
1jFKy0sQAlorO4/ozJgA9ThGD875Hv0dLA7LkkeH3IEF3SPI+UJ9i+erDUD7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUFwc55AKNqtuogG2WB5tnumxD1iUwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM3MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMDMyMzkzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYHMA0G
CSqGSIb3DQEBCwUAA4IBAQAzoXfejQsDrdvf4SJrr/728upaZKLnKqYs6DewPqqc
uv5XzSE7X0LGECIG/Stbw4kutcGBbzYnlelO2rofERzqqkpIpYtarFxZ0a08Azii
HkOYraBl/IQl/flI8iQrASftfRJFNhk/IrX8BTSjlZEP6254dFRNFj621NJ06c8g
1e/asG/BBRuiyGwzMGyo3dfM569YGEJuqCS0iHogNfE1/nBgVL/xuFKV5oLtihcV
dXjH7JaWPW1QvZvxoZN7bz69mgwSWf20MCtrce+jxDG0JfJclGeL49BrMwloOgg4
wX9/Zg2VV4T0KQcefpMiYr0rCqogW0/H67hpXG3y2cla
-----END CERTIFICATE-----