Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS31924.roa
File:                     AS31924.roa (raw, json)
Hash identifier:          Ds1u+e5+oO4kFEFow+pDNcHOogGG480w2ON7hEHw+30=
Subject key identifier:   56:6E:2B:E4:7A:F7:C5:97:D9:26:9D:06:A8:AA:91:C2:59:7E:F7:52
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       3869466CF9786B39DD89813119E37E098E93D1B9
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS31924.roa
Signing time:             Thu 04 Jun 2026 11:31:47 +0000
ROA not before:           Thu 04 Jun 2026 11:26:47 +0000
ROA not after:            Thu 03 Jun 2027 11:31:47 +0000
asID:                     31924
IP address blocks:        188.220.222.0/24 maxlen: 24
                          188.220.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:69:46:6c:f9:78:6b:39:dd:89:81:31:19:e3:7e:09:8e:93:d1:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  4 11:26:47 2026 GMT
            Not After : Jun  3 11:31:47 2027 GMT
        Subject: CN=566E2BE47AF7C597D9269D06A8AA91C2597EF752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d8:77:3f:f6:de:b6:38:7e:81:b2:eb:d1:0e:
                    e5:de:8c:03:3c:3d:0e:50:ee:bb:0f:58:03:13:75:
                    05:68:30:58:63:7d:d2:5b:84:42:7a:3d:e4:5b:19:
                    39:43:dc:75:72:24:d3:20:30:7d:c8:5c:3a:d7:37:
                    40:3d:c9:92:bd:86:3c:3e:00:55:16:9d:5f:ad:af:
                    76:58:3b:37:b0:43:56:b7:c7:36:4f:e9:a4:1c:de:
                    51:6b:d5:3d:44:71:56:23:fb:15:e3:e5:a0:ac:e9:
                    ab:16:50:bf:66:7a:54:f3:de:32:4e:b3:c6:0f:fc:
                    cd:36:a4:3b:ba:5e:e2:e4:c0:56:b0:af:46:c9:4b:
                    e8:a8:1b:a3:cc:e8:0d:5d:f1:29:32:3a:50:65:5c:
                    2a:bb:ce:95:ee:b8:0f:59:8d:f4:e0:30:40:11:42:
                    58:c2:51:61:f4:c4:b9:2c:86:bd:b4:7b:8f:cc:62:
                    3a:e3:e4:03:e4:4f:1f:5e:7a:50:3b:b7:95:d0:26:
                    4f:c1:cf:64:17:bb:31:60:a9:66:34:03:7a:85:47:
                    eb:c1:53:fb:e4:74:0c:fe:e8:b6:7e:b5:1a:0c:e2:
                    48:2e:64:5f:64:4d:9c:3a:42:67:4b:4d:30:93:d8:
                    5b:72:1c:ac:c3:59:f3:e4:88:b5:65:87:2b:f6:a3:
                    e1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:6E:2B:E4:7A:F7:C5:97:D9:26:9D:06:A8:AA:91:C2:59:7E:F7:52
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS31924.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.222.0/24
                  188.220.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:10:e4:dc:40:5c:c1:d5:5c:3b:46:7f:e9:e3:5d:02:df:a4:
         30:7c:9f:9d:63:4e:4d:a7:33:18:11:fb:4d:c0:49:f2:e5:07:
         5a:30:81:e0:79:b7:0c:fd:47:b7:bf:d4:0c:6e:97:2c:fb:f0:
         cf:00:85:b8:89:28:2b:d5:63:53:c6:8d:a2:8f:74:41:a0:f7:
         08:ed:e6:e8:4b:8e:f1:92:7b:7b:e3:83:eb:39:01:fb:d7:d9:
         d6:75:e1:65:80:f1:6f:42:f3:8d:df:7a:f9:b9:1d:26:df:bd:
         ba:48:05:d7:38:ce:d1:06:4e:fb:9b:54:a5:85:0e:16:32:99:
         0b:dc:2b:da:66:fc:be:8b:4c:c8:26:49:cb:e7:1d:4b:09:64:
         55:14:2a:3a:2b:fa:a6:62:4e:22:f1:48:77:3e:14:7b:e8:01:
         ed:6f:74:1b:2f:7b:bb:eb:e5:b8:64:d3:26:5a:8a:9f:c8:1b:
         e8:c0:2c:bf:83:13:dd:50:84:54:0f:42:f0:14:a0:c5:03:c1:
         5a:fd:b4:e5:74:f7:2b:0d:a8:b7:ff:de:08:b2:6a:99:e6:eb:
         7f:e8:04:c1:ae:ba:04:34:f5:2f:4c:e7:ea:2c:32:d7:2a:15:
         04:a8:89:b6:05:36:0c:e1:b7:92:f3:e7:c6:89:97:9b:79:c2:
         91:93:f0:af
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUOGlGbPl4azndiYExGeN+CY6T0bkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDQxMTI2NDdaFw0yNzA2MDMxMTMxNDdaMDMxMTAvBgNV
BAMTKDU2NkUyQkU0N0FGN0M1OTdEOTI2OUQwNkE4QUE5MUMyNTk3RUY3NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz2Hc/9t62OH6BsuvRDuXejAM8
PQ5Q7rsPWAMTdQVoMFhjfdJbhEJ6PeRbGTlD3HVyJNMgMH3IXDrXN0A9yZK9hjw+
AFUWnV+tr3ZYOzewQ1a3xzZP6aQc3lFr1T1EcVYj+xXj5aCs6asWUL9melTz3jJO
s8YP/M02pDu6XuLkwFawr0bJS+ioG6PM6A1d8SkyOlBlXCq7zpXuuA9ZjfTgMEAR
QljCUWH0xLkshr20e4/MYjrj5APkTx9eelA7t5XQJk/Bz2QXuzFgqWY0A3qFR+vB
U/vkdAz+6LZ+tRoM4kguZF9kTZw6QmdLTTCT2FtyHKzDWfPkiLVlhyv2o+FFAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUVm4r5Hr3xZfZJp0GqKqRwll+91IwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMzE5MjQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC83N4D
BAC83OUwDQYJKoZIhvcNAQELBQADggEBAJ8Q5NxAXMHVXDtGf+njXQLfpDB8n51j
Tk2nMxgR+03ASfLlB1owgeB5twz9R7e/1Axulyz78M8AhbiJKCvVY1PGjaKPdEGg
9wjt5uhLjvGSe3vjg+s5AfvX2dZ14WWA8W9C843fevm5HSbfvbpIBdc4ztEGTvub
VKWFDhYymQvcK9pm/L6LTMgmScvnHUsJZFUUKjor+qZiTiLxSHc+FHvoAe1vdBsv
e7vr5bhk0yZaip/IG+jALL+DE91QhFQPQvAUoMUDwVr9tOV09ysNqLf/3giyapnm
63/oBMGuugQ09S9M5+osMtcqFQSoibYFNgzht5Lz58aJl5t5wpGT8K8=
-----END CERTIFICATE-----