Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33392e302f32342d3234203d3e20323134343332.roa
File:                     33312e362e33392e302f32342d3234203d3e20323134343332.roa (raw, json)
Hash identifier:          G3YjCkgzTDScCyQmbsbhDJqeJo2gTIcuu9zQxvFa7Z4=
Subject key identifier:   5B:00:33:16:54:53:86:72:CE:A7:BC:AE:60:B2:6C:F3:30:D5:37:6B
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       2E28EAF345F081FF2D65D6223D3E3071286FDE89
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33392e302f32342d3234203d3e20323134343332.roa
Signing time:             Sun 22 Jun 2025 09:36:23 +0000
ROA not before:           Sun 22 Jun 2025 09:31:23 +0000
ROA not after:            Sun 21 Jun 2026 09:36:23 +0000
asID:                     214432
IP address blocks:        31.6.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 18:42:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:28:ea:f3:45:f0:81:ff:2d:65:d6:22:3d:3e:30:71:28:6f:de:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jun 22 09:31:23 2025 GMT
            Not After : Jun 21 09:36:23 2026 GMT
        Subject: CN=5B00331654538672CEA7BCAE60B26CF330D5376B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3a:e4:c1:93:33:65:49:06:9d:ad:41:1b:91:
                    2b:b9:55:67:4c:d0:e4:b2:45:a0:87:82:44:68:c8:
                    d2:25:76:5d:e0:0c:40:94:50:8d:e0:1d:35:ec:14:
                    62:d0:c4:17:77:c8:32:85:8a:bd:14:da:85:95:b7:
                    de:d0:3b:a3:f8:11:de:59:57:9a:46:9f:c8:3d:d8:
                    c7:98:72:13:7e:29:53:9d:e2:85:1b:8f:04:cf:06:
                    0e:06:b8:99:62:5d:5c:2a:29:73:5d:d1:ee:1e:83:
                    73:ec:65:45:c7:9e:db:e3:d1:7d:6f:93:2b:08:9a:
                    37:ed:94:1e:19:68:1a:8e:09:48:df:d9:e4:e8:7d:
                    cb:9b:a2:24:68:af:83:ac:c6:83:7c:32:52:dc:b2:
                    0f:dd:dd:51:81:53:0c:26:a3:83:73:84:f3:ff:b6:
                    e9:31:d9:0a:fb:6a:6a:b4:b3:da:d0:fd:ca:35:88:
                    0c:e1:f9:81:71:e4:c5:91:e6:5f:3f:ac:cc:93:09:
                    b7:61:71:9d:ce:ec:ed:1a:eb:35:47:e6:00:60:11:
                    7c:b9:c7:d8:c1:37:ec:42:1e:97:a7:d2:ef:36:0b:
                    4a:6c:c3:8e:29:70:41:03:a7:c0:a6:cd:55:e3:14:
                    c9:2c:1e:ea:f4:a4:d7:56:34:ed:8f:36:db:d6:6a:
                    85:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:00:33:16:54:53:86:72:CE:A7:BC:AE:60:B2:6C:F3:30:D5:37:6B
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e33392e302f32342d3234203d3e20323134343332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:13:23:31:be:ed:29:00:f0:de:af:96:de:3a:b9:8b:3f:4d:
         82:64:af:38:06:d0:da:9e:ed:da:23:0b:49:05:73:af:69:aa:
         be:e8:38:1b:f5:e8:e4:33:3d:22:fe:fa:47:ec:c0:5b:b1:49:
         11:be:09:99:68:34:d3:fd:ad:64:68:29:22:d1:dc:65:6c:b2:
         9b:6d:31:9f:1f:4b:27:4c:06:3f:4a:69:f1:2b:72:a1:30:32:
         22:14:c2:e8:c9:18:96:aa:b2:f5:1e:d8:c3:f0:98:64:47:a9:
         c4:da:b1:db:cd:9d:8b:c9:00:c2:c2:09:34:25:c0:7b:a5:de:
         e8:84:73:b2:f0:52:78:d4:e9:ac:ac:9b:1a:71:cf:03:5c:97:
         14:d9:bc:c1:3a:e4:51:4f:58:16:fa:4c:d4:a6:67:36:41:43:
         30:85:41:a4:d8:53:2a:1b:6b:e3:d4:10:7e:09:69:7d:72:28:
         69:dd:b4:3d:f2:7d:ce:d0:e8:70:55:44:49:e2:6b:bb:a2:3b:
         39:15:91:96:75:ba:ac:46:32:72:71:54:6b:0d:8e:49:c9:c5:
         db:54:43:52:90:9e:83:09:04:13:15:f8:3d:f7:b9:14:52:bd:
         b5:e2:5e:90:4c:70:1d:48:f0:87:89:21:f7:cf:02:86:a9:c6:
         3f:f5:4d:46
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIULijq80Xwgf8tZdYiPT4wcShv3okwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA2MjIwOTMxMjNaFw0yNjA2MjEwOTM2MjNaMDMxMTAvBgNV
BAMTKDVCMDAzMzE2NTQ1Mzg2NzJDRUE3QkNBRTYwQjI2Q0YzMzBENTM3NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvOuTBkzNlSQadrUEbkSu5VWdM
0OSyRaCHgkRoyNIldl3gDECUUI3gHTXsFGLQxBd3yDKFir0U2oWVt97QO6P4Ed5Z
V5pGn8g92MeYchN+KVOd4oUbjwTPBg4GuJliXVwqKXNd0e4eg3PsZUXHntvj0X1v
kysImjftlB4ZaBqOCUjf2eTofcuboiRor4OsxoN8MlLcsg/d3VGBUwwmo4NzhPP/
tukx2Qr7amq0s9rQ/co1iAzh+YFx5MWR5l8/rMyTCbdhcZ3O7O0a6zVH5gBgEXy5
x9jBN+xCHpen0u82C0psw44pcEEDp8CmzVXjFMksHur0pNdWNO2PNtvWaoUJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUWwAzFlRThnLOp7yuYLJs8zDVN2swHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMzMzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzNDMzMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBicw
DQYJKoZIhvcNAQELBQADggEBAFgTIzG+7SkA8N6vlt46uYs/TYJkrzgG0Nqe7doj
C0kFc69pqr7oOBv16OQzPSL++kfswFuxSRG+CZloNNP9rWRoKSLR3GVsspttMZ8f
SydMBj9KafErcqEwMiIUwujJGJaqsvUe2MPwmGRHqcTasdvNnYvJAMLCCTQlwHul
3uiEc7LwUnjU6aysmxpxzwNclxTZvME65FFPWBb6TNSmZzZBQzCFQaTYUyoba+PU
EH4JaX1yKGndtD3yfc7Q6HBVREnia7uiOzkVkZZ1uqxGMnJxVGsNjknJxdtUQ1KQ
noMJBBMV+D33uRRSvbXiXpBMcB1I8IeJIffPAoapxj/1TUY=
-----END CERTIFICATE-----