Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS31715.roa
File:                     AS31715.roa (raw, json)
Hash identifier:          SHJDBeH+Fhig9phmdUSVeZhByeOTDtsPDz1Nvr9N8Do=
Subject key identifier:   20:08:7B:6E:B1:EC:26:0C:E1:11:18:37:EB:76:91:9D:28:58:55:5C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       771DE6BC550692EEE3A1727340CBD00ECD59DEF0
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS31715.roa
Signing time:             Thu 26 Feb 2026 02:13:28 +0000
ROA not before:           Thu 26 Feb 2026 02:08:28 +0000
ROA not after:            Thu 25 Feb 2027 02:13:28 +0000
asID:                     31715
IP address blocks:        91.124.175.0/24 maxlen: 24
                          95.134.107.0/24 maxlen: 24
                          178.92.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:09:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:1d:e6:bc:55:06:92:ee:e3:a1:72:73:40:cb:d0:0e:cd:59:de:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 26 02:08:28 2026 GMT
            Not After : Feb 25 02:13:28 2027 GMT
        Subject: CN=20087B6EB1EC260CE1111837EB76919D2858555C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e9:a4:72:cb:d7:58:75:67:fd:a6:16:67:c7:
                    c7:8d:bd:19:d1:40:a0:36:0a:5a:bd:de:0f:06:42:
                    cb:d3:34:7e:6f:61:15:78:15:ee:f1:aa:7e:64:da:
                    4b:c1:eb:05:16:e7:06:d8:3d:bc:cb:0d:15:a7:9d:
                    73:ef:4d:a2:2e:01:93:f7:cb:e0:2d:d0:d0:ec:2a:
                    68:0f:37:b6:38:07:8b:58:d4:da:08:e0:e4:6e:3f:
                    4d:45:cc:25:d3:ae:bb:a2:dc:8e:4e:91:b7:a2:de:
                    a7:4a:66:0f:f1:92:ee:c7:27:53:c9:45:fb:59:e7:
                    f7:a2:8a:af:de:c7:e8:a9:df:55:f6:f7:84:80:f8:
                    2d:3f:22:02:9c:7f:bd:a9:ad:75:f6:e0:6a:48:3d:
                    84:c7:92:43:e8:70:fb:ea:fb:bf:14:66:77:a2:4a:
                    3f:7e:ec:77:78:ad:30:87:60:f1:16:a3:ec:51:32:
                    35:93:73:e8:5b:d2:ed:29:bc:a3:65:70:40:07:b8:
                    c4:a5:af:ab:0e:a8:8c:59:80:a7:e6:fe:2d:77:e1:
                    6c:42:03:6c:2f:65:3b:69:81:73:56:f3:a8:9d:e2:
                    fa:ba:d8:4e:7a:24:dd:ec:ad:0d:e6:ed:71:00:a8:
                    40:af:36:8d:c7:ad:ca:06:47:95:00:5c:29:e7:e5:
                    ec:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:08:7B:6E:B1:EC:26:0C:E1:11:18:37:EB:76:91:9D:28:58:55:5C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS31715.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.175.0/24
                  95.134.107.0/24
                  178.92.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:ff:9e:a8:0b:a5:5b:90:50:71:27:8c:cf:35:9f:c9:fe:c4:
         e1:6f:fb:92:df:4d:59:eb:b6:90:1e:ca:e6:50:61:55:75:ac:
         93:a4:02:55:15:e2:6f:f4:43:80:2f:0e:01:ce:65:da:3e:e5:
         0a:d9:07:a1:b5:34:0b:95:89:87:37:71:1b:fa:52:40:27:33:
         a4:f4:b9:fb:fd:38:b9:d0:1f:df:4d:40:13:e2:57:b9:46:fb:
         3a:ef:0a:4b:cc:29:55:cb:19:0f:11:8b:e3:64:a4:74:cb:a9:
         79:4d:a6:e8:59:9e:f0:58:d8:a5:95:c3:18:7b:03:bc:43:19:
         59:df:c3:80:79:72:09:3a:60:8e:37:ed:f0:02:f7:b5:58:52:
         0c:b0:27:45:63:51:4a:be:9f:b3:1b:5b:4e:b0:cd:3c:d5:77:
         30:27:01:4d:92:1d:46:0a:1f:ae:69:13:e1:4a:bc:e3:15:96:
         06:10:73:1b:f9:c2:30:1c:45:45:d9:2d:d9:ca:7d:3d:af:53:
         e7:a8:ea:48:46:e4:5e:9e:b9:62:55:e5:37:39:e3:64:c8:91:
         a0:51:bd:3a:09:c1:3a:8b:99:b5:f3:5e:ac:8b:22:a8:63:f7:
         e1:b1:c5:20:47:9c:5c:a9:d2:f8:e9:74:9f:f7:d8:ed:36:98:
         d7:dc:d8:71
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUdx3mvFUGku7joXJzQMvQDs1Z3vAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAyMjYwMjA4MjhaFw0yNzAyMjUwMjEzMjhaMDMxMTAvBgNV
BAMTKDIwMDg3QjZFQjFFQzI2MENFMTExMTgzN0VCNzY5MTlEMjg1ODU1NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCM6aRyy9dYdWf9phZnx8eNvRnR
QKA2Clq93g8GQsvTNH5vYRV4Fe7xqn5k2kvB6wUW5wbYPbzLDRWnnXPvTaIuAZP3
y+At0NDsKmgPN7Y4B4tY1NoI4ORuP01FzCXTrrui3I5Okbei3qdKZg/xku7HJ1PJ
RftZ5/eiiq/ex+ip31X294SA+C0/IgKcf72prXX24GpIPYTHkkPocPvq+78UZnei
Sj9+7Hd4rTCHYPEWo+xRMjWTc+hb0u0pvKNlcEAHuMSlr6sOqIxZgKfm/i134WxC
A2wvZTtpgXNW86id4vq62E56JN3srQ3m7XEAqECvNo3HrcoGR5UAXCnn5eyTAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUIAh7brHsJgzhERg363aRnShYVVwwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzE3MTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABbfK8D
BABfhmsDBACyXKgwDQYJKoZIhvcNAQELBQADggEBAHD/nqgLpVuQUHEnjM81n8n+
xOFv+5LfTVnrtpAeyuZQYVV1rJOkAlUV4m/0Q4AvDgHOZdo+5QrZB6G1NAuViYc3
cRv6UkAnM6T0ufv9OLnQH99NQBPiV7lG+zrvCkvMKVXLGQ8Ri+NkpHTLqXlNpuhZ
nvBY2KWVwxh7A7xDGVnfw4B5cgk6YI437fAC97VYUgywJ0VjUUq+n7MbW06wzTzV
dzAnAU2SHUYKH65pE+FKvOMVlgYQcxv5wjAcRUXZLdnKfT2vU+eo6khG5F6euWJV
5Tc542TIkaBRvToJwTqLmbXzXqyLIqhj9+GxxSBHnFyp0vjpdJ/32O02mNfc2HE=
-----END CERTIFICATE-----