Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203430383631.roa
File:                     33312e362e34312e302f32342d3234203d3e203430383631.roa (raw, json)
Hash identifier:          12iTlgC2dP2hdKZPDFFF4Twr+Ffa/g9Q+o/c92kVhZA=
Subject key identifier:   F4:CD:BD:2A:EA:CA:5D:05:2A:A3:6C:BA:4B:93:DC:06:BF:9F:FD:33
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       48857217749434E85D400223AA9EBBE76D828312
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203430383631.roa
Signing time:             Fri 29 Aug 2025 15:54:58 +0000
ROA not before:           Fri 29 Aug 2025 15:49:58 +0000
ROA not after:            Fri 28 Aug 2026 15:54:58 +0000
asID:                     40861
IP address blocks:        31.6.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Oct 2025 14:20:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:85:72:17:74:94:34:e8:5d:40:02:23:aa:9e:bb:e7:6d:82:83:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Aug 29 15:49:58 2025 GMT
            Not After : Aug 28 15:54:58 2026 GMT
        Subject: CN=F4CDBD2AEACA5D052AA36CBA4B93DC06BF9FFD33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b7:aa:a5:94:5f:0b:39:03:5a:df:f4:33:ac:
                    90:35:d0:fc:86:b6:e2:b1:e8:d9:23:e3:c4:2c:ba:
                    98:3b:2c:65:c0:40:91:e9:f6:81:29:7e:af:ce:9b:
                    b4:40:9a:0a:0f:b2:e3:e6:19:2a:dd:25:9b:19:b4:
                    a1:7f:85:71:e8:88:cb:5b:13:71:c5:7a:27:8b:15:
                    0d:ee:48:3d:66:9b:05:ae:24:64:bf:f7:1c:83:a5:
                    94:30:91:bb:cb:93:9c:55:f1:36:ce:1e:d5:a7:51:
                    3a:dc:64:84:89:a3:d4:d3:1e:48:b6:39:a1:3b:4c:
                    59:9a:f3:19:a6:64:4f:af:27:aa:a7:a2:8e:a3:ee:
                    31:43:03:38:8f:4a:2e:95:77:d8:0d:06:90:e6:40:
                    43:30:89:38:06:db:f8:39:2c:84:a7:0c:e0:30:f0:
                    26:3e:c3:c5:5a:5a:ab:7f:e1:f7:dc:95:71:ba:ea:
                    42:f2:a8:95:9c:e3:c4:49:e8:79:3f:e2:52:1b:c9:
                    8b:5e:60:27:87:af:41:0c:13:5c:86:3d:6f:9d:f7:
                    b4:68:de:d3:c9:3e:36:ae:8f:25:9a:8f:26:f3:1b:
                    c6:b0:86:4f:fa:95:ca:5d:9e:d4:66:b1:c3:3e:af:
                    46:75:bc:12:f5:18:d8:ea:bc:07:3d:f7:d6:34:40:
                    e4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:CD:BD:2A:EA:CA:5D:05:2A:A3:6C:BA:4B:93:DC:06:BF:9F:FD:33
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34312e302f32342d3234203d3e203430383631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:2e:e5:44:e2:59:02:56:31:0a:d4:b3:ae:b8:34:2e:16:3a:
         20:c0:f8:4f:c8:4a:a1:b9:29:86:a8:7f:35:c2:b3:8f:85:8d:
         28:68:fa:25:2d:2f:63:67:40:95:7b:e2:66:f8:10:43:56:84:
         48:6e:27:c0:f4:7b:12:d7:8d:7c:76:0d:5e:77:a4:32:3e:e5:
         f6:38:4c:ea:8f:94:dc:4a:0c:55:df:0f:dd:26:fa:74:97:53:
         19:cb:fa:85:fd:d0:40:a3:c3:45:74:04:22:33:74:b9:69:02:
         4f:bb:bb:dd:32:cf:fe:c3:8e:23:65:d3:90:fa:fc:94:af:46:
         c5:c1:7c:2e:a7:f3:5a:a9:e8:46:96:f0:f1:74:cc:57:ed:bb:
         47:5a:d5:ba:e6:d0:d0:8b:a3:d5:21:d4:0c:4f:93:a2:6a:03:
         8d:d4:d3:96:9b:1a:eb:a3:70:c5:42:69:57:8b:f3:47:cf:de:
         96:04:b6:7f:c0:c2:a3:c7:89:3c:c7:02:04:1c:c1:5b:47:17:
         47:57:eb:62:88:33:07:04:35:1b:b8:e5:f7:ef:66:d6:a9:20:
         36:ec:a5:2d:29:c1:2d:06:70:91:08:14:5a:df:a0:26:ae:43:
         2b:01:ef:62:df:01:63:16:a4:44:eb:67:9f:26:bc:9f:d7:fb:
         10:a1:3e:c4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSIVyF3SUNOhdQAIjqp67522CgxIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA4MjkxNTQ5NThaFw0yNjA4MjgxNTU0NThaMDMxMTAvBgNV
BAMTKEY0Q0RCRDJBRUFDQTVEMDUyQUEzNkNCQTRCOTNEQzA2QkY5RkZEMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXt6qllF8LOQNa3/QzrJA10PyG
tuKx6Nkj48Qsupg7LGXAQJHp9oEpfq/Om7RAmgoPsuPmGSrdJZsZtKF/hXHoiMtb
E3HFeieLFQ3uSD1mmwWuJGS/9xyDpZQwkbvLk5xV8TbOHtWnUTrcZISJo9TTHki2
OaE7TFma8xmmZE+vJ6qnoo6j7jFDAziPSi6Vd9gNBpDmQEMwiTgG2/g5LISnDOAw
8CY+w8VaWqt/4ffclXG66kLyqJWc48RJ6Hk/4lIbyYteYCeHr0EME1yGPW+d97Ro
3tPJPjaujyWajybzG8awhk/6lcpdntRmscM+r0Z1vBL1GNjqvAc999Y0QOQrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU9M29KurKXQUqo2y6S5PcBr+f/TMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzgzNjMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYpMA0G
CSqGSIb3DQEBCwUAA4IBAQCmLuVE4lkCVjEK1LOuuDQuFjogwPhPyEqhuSmGqH81
wrOPhY0oaPolLS9jZ0CVe+Jm+BBDVoRIbifA9HsS1418dg1ed6QyPuX2OEzqj5Tc
SgxV3w/dJvp0l1MZy/qF/dBAo8NFdAQiM3S5aQJPu7vdMs/+w44jZdOQ+vyUr0bF
wXwup/NaqehGlvDxdMxX7btHWtW65tDQi6PVIdQMT5OiagON1NOWmxrro3DFQmlX
i/NHz96WBLZ/wMKjx4k8xwIEHMFbRxdHV+tiiDMHBDUbuOX372bWqSA27KUtKcEt
BnCRCBRa36AmrkMrAe9i3wFjFqRE62efJryf1/sQoT7E
-----END CERTIFICATE-----