Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e20323134373935.roa
File:                     33312e362e32352e302f32342d3234203d3e20323134373935.roa (raw, json)
Hash identifier:          qz11+SB6mrpLWQ5rVFqt9M4LAYnAUb2YQkjXy7lLlfQ=
Subject key identifier:   24:71:EF:B9:1E:E3:18:0D:25:9F:72:89:95:9E:F1:CE:6E:55:0A:DB
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4467034B6BA6B9DC1D1DF65202569B63A7C5DD84
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e20323134373935.roa
Signing time:             Thu 24 Jul 2025 17:54:13 +0000
ROA not before:           Thu 24 Jul 2025 17:49:13 +0000
ROA not after:            Thu 23 Jul 2026 17:54:13 +0000
asID:                     214795
IP address blocks:        31.6.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 21:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:67:03:4b:6b:a6:b9:dc:1d:1d:f6:52:02:56:9b:63:a7:c5:dd:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jul 24 17:49:13 2025 GMT
            Not After : Jul 23 17:54:13 2026 GMT
        Subject: CN=2471EFB91EE3180D259F7289959EF1CE6E550ADB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2e:ad:67:7a:9b:3a:57:d1:a3:ad:7e:f6:62:
                    69:aa:5e:4c:9f:bd:e5:2f:03:4f:35:eb:b6:cc:64:
                    3d:e6:ba:9c:ea:d0:6b:a7:6f:b5:bb:8c:1c:42:77:
                    c2:b4:a7:6b:47:ba:c4:ea:f4:ba:8d:b9:41:43:a9:
                    0b:4c:a7:f0:ef:cb:2d:63:0c:af:c0:8e:65:2a:b1:
                    e8:9a:6a:4f:4e:51:8b:54:93:69:04:ac:ac:a2:10:
                    47:66:42:c3:f8:c0:49:ca:e4:8c:f3:44:a0:d4:34:
                    0a:62:0a:37:32:05:bd:7c:62:de:fc:8a:47:cc:7d:
                    f0:9b:64:17:a0:fa:37:9d:03:47:17:47:b6:1c:a8:
                    69:af:a4:b1:f7:59:c7:32:f9:7e:30:81:82:21:bd:
                    db:41:07:35:9e:59:33:bb:56:6f:f7:41:3f:f9:9d:
                    0c:6a:f2:e3:bb:63:66:05:06:c7:3a:50:82:30:8e:
                    ba:b7:ec:34:31:3a:ea:87:ac:dd:49:87:31:04:1b:
                    00:f4:c1:8f:ba:78:a2:3f:ed:86:c4:bd:6f:cc:fc:
                    64:d2:6b:4a:f5:db:96:01:66:2e:75:65:10:e3:57:
                    52:40:2e:0b:b2:64:47:d1:b9:df:4c:14:d0:91:e9:
                    79:c2:a7:c8:43:63:41:59:4d:88:72:54:b9:0a:e2:
                    bf:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:71:EF:B9:1E:E3:18:0D:25:9F:72:89:95:9E:F1:CE:6E:55:0A:DB
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e32352e302f32342d3234203d3e20323134373935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:0c:a8:7d:ac:77:35:19:22:be:9f:b3:b9:08:d7:03:bf:e6:
         26:fd:92:cb:2e:fd:75:bf:88:2d:7e:1a:fc:9d:f3:e9:23:7e:
         a8:54:67:af:52:17:bd:e6:34:06:9d:56:88:02:07:86:f2:04:
         34:ea:8b:df:8e:db:2e:c2:2e:a5:6f:e9:d6:ab:0f:53:0b:13:
         bd:a1:4f:13:9c:1f:d2:7b:51:1d:bf:67:77:87:e3:29:05:86:
         04:26:5f:f8:b3:60:1c:de:dd:88:8a:d7:6b:08:d2:b1:fa:07:
         d8:0b:ec:6b:db:fc:0c:39:a0:92:7b:fd:a3:11:7d:c0:96:4f:
         6c:8b:77:67:84:30:0c:ca:e1:df:b5:24:ae:bb:c0:c4:22:21:
         d2:97:bb:c1:96:85:ae:cd:c1:4e:54:6e:f8:4c:ba:8e:58:67:
         28:3a:14:f9:a6:fa:c1:ae:85:e7:a3:7a:20:90:e0:89:22:52:
         57:10:7c:73:e6:12:8a:bc:2e:1c:94:58:f8:8c:f2:d0:86:79:
         f3:34:c9:2a:b0:3c:a7:cb:3d:d0:77:25:10:53:86:89:33:64:
         58:b1:cb:93:2f:00:cc:6a:52:6a:b3:e6:0d:1a:cd:ae:65:80:
         30:7c:9e:69:05:8c:83:97:49:97:c8:f7:2d:a4:7c:45:4c:52:
         89:0d:2b:82
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURGcDS2umudwdHfZSAlabY6fF3YQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA3MjQxNzQ5MTNaFw0yNjA3MjMxNzU0MTNaMDMxMTAvBgNV
BAMTKDI0NzFFRkI5MUVFMzE4MEQyNTlGNzI4OTk1OUVGMUNFNkU1NTBBREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Lq1neps6V9GjrX72YmmqXkyf
veUvA08167bMZD3mupzq0Gunb7W7jBxCd8K0p2tHusTq9LqNuUFDqQtMp/Dvyy1j
DK/AjmUqseiaak9OUYtUk2kErKyiEEdmQsP4wEnK5IzzRKDUNApiCjcyBb18Yt78
ikfMffCbZBeg+jedA0cXR7YcqGmvpLH3Wccy+X4wgYIhvdtBBzWeWTO7Vm/3QT/5
nQxq8uO7Y2YFBsc6UIIwjrq37DQxOuqHrN1JhzEEGwD0wY+6eKI/7YbEvW/M/GTS
a0r125YBZi51ZRDjV1JALguyZEfRud9MFNCR6XnCp8hDY0FZTYhyVLkK4r93AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJHHvuR7jGA0ln3KJlZ7xzm5VCtswHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzNzM5MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBhkw
DQYJKoZIhvcNAQELBQADggEBAJkMqH2sdzUZIr6fs7kI1wO/5ib9kssu/XW/iC1+
Gvyd8+kjfqhUZ69SF73mNAadVogCB4byBDTqi9+O2y7CLqVv6darD1MLE72hTxOc
H9J7UR2/Z3eH4ykFhgQmX/izYBze3YiK12sI0rH6B9gL7Gvb/Aw5oJJ7/aMRfcCW
T2yLd2eEMAzK4d+1JK67wMQiIdKXu8GWha7NwU5UbvhMuo5YZyg6FPmm+sGuheej
eiCQ4IkiUlcQfHPmEoq8LhyUWPiM8tCGefM0ySqwPKfLPdB3JRBThokzZFixy5Mv
AMxqUmqz5g0aza5lgDB8nmkFjIOXSZfI9y2kfEVMUokNK4I=
-----END CERTIFICATE-----