Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS31924.roa
File:                     AS31924.roa (raw, json)
Hash identifier:          WUGyoaTRPUZMT772GxrJ0EUaM0KNjehelnb2JiK13ZE=
Subject key identifier:   8D:49:2F:42:4F:C9:DD:CF:7D:10:AA:35:CF:BC:ED:F7:22:FC:A4:F2
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       444671E7AFCF4D3F2CE9EED9D07AB1B02D6BEF40
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS31924.roa
Signing time:             Tue 26 May 2026 09:07:53 +0000
ROA not before:           Tue 26 May 2026 09:02:53 +0000
ROA not after:            Tue 25 May 2027 09:07:53 +0000
asID:                     31924
IP address blocks:        82.139.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:46:71:e7:af:cf:4d:3f:2c:e9:ee:d9:d0:7a:b1:b0:2d:6b:ef:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 26 09:02:53 2026 GMT
            Not After : May 25 09:07:53 2027 GMT
        Subject: CN=8D492F424FC9DDCF7D10AA35CFBCEDF722FCA4F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c3:79:77:48:26:55:25:88:9d:eb:db:15:63:
                    ba:cd:3a:d1:38:42:da:3e:d2:20:43:f5:19:cd:7b:
                    b6:07:16:32:fc:71:ba:2e:97:41:f4:88:eb:30:84:
                    94:fd:6e:f2:a4:da:1a:48:49:c6:43:31:31:8d:19:
                    f7:fa:d8:31:e2:53:82:05:f9:6b:3d:e4:84:e5:7b:
                    d1:4a:88:94:3f:00:ea:17:ef:93:78:b0:c9:a9:78:
                    ee:fa:2a:92:4b:28:6b:19:69:c0:cb:02:96:2f:55:
                    45:3f:73:6d:fd:bf:9f:66:cb:88:64:bd:af:47:40:
                    09:f3:50:c2:d2:52:1e:36:9a:05:32:54:e8:ee:72:
                    04:cf:4a:a0:18:a2:90:23:8d:f5:12:5a:ff:1e:3f:
                    3e:2e:10:91:9e:18:a5:fe:bf:d4:f7:3c:03:bb:f4:
                    52:ae:e3:4f:7d:d5:7d:d1:d6:65:9c:00:d9:04:4b:
                    3a:25:32:a5:30:6e:dc:8a:fe:22:00:6c:25:4d:e7:
                    72:f1:df:ef:ca:63:8f:6c:67:df:b3:ba:b7:fe:f2:
                    a7:b3:ca:05:d3:84:26:20:eb:35:79:75:d7:33:85:
                    f2:14:5a:4b:6e:4c:99:4a:e8:d9:c6:24:f3:dc:dc:
                    0a:7f:0f:1c:e5:f6:6d:ad:de:3b:a1:69:48:2d:4e:
                    6c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:49:2F:42:4F:C9:DD:CF:7D:10:AA:35:CF:BC:ED:F7:22:FC:A4:F2
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS31924.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:fc:df:94:2f:da:b0:88:04:dd:02:b9:34:24:7a:13:37:ed:
         fa:e0:0c:14:44:4d:4d:8e:e4:df:40:18:76:2e:9e:a2:82:44:
         5e:c4:d7:b4:ff:0b:07:ee:9c:b3:8d:81:5a:cb:68:6b:e2:95:
         90:28:ad:d1:3e:8a:a3:c4:f5:6b:9a:87:8a:73:cb:1d:44:ce:
         fc:b2:f5:0c:b1:58:3f:b3:d6:87:95:ed:35:13:77:b7:b4:36:
         19:b3:fe:e3:76:72:0b:39:55:c0:a1:81:a6:b2:fa:29:00:f1:
         da:42:2e:c8:0b:0b:76:d7:89:05:62:e9:73:74:51:8a:73:f5:
         36:de:41:1c:75:96:a9:a0:e2:5d:68:99:1a:cb:38:a7:b4:c5:
         7c:f0:45:49:75:ac:ee:83:a6:37:3c:ea:0e:81:c2:16:ac:bf:
         88:fe:9f:58:6d:b7:0e:6c:1d:56:7d:0c:7a:b1:47:4f:e4:30:
         57:32:39:1e:7f:73:c3:d6:6f:3c:bd:5c:b5:7d:34:68:b3:93:
         ab:43:54:54:8c:8a:13:74:80:79:86:2e:70:1e:36:8d:36:8d:
         2b:43:15:92:f3:b6:dc:1b:f0:34:e4:7f:f8:ee:f6:c7:8e:f7:
         1c:b1:2c:4e:9e:f8:6e:a0:64:eb:16:d6:fc:85:ba:5e:a5:25:
         22:21:66:b7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUREZx56/PTT8s6e7Z0HqxsC1r70AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MjYwOTAyNTNaFw0yNzA1MjUwOTA3NTNaMDMxMTAvBgNV
BAMTKDhENDkyRjQyNEZDOUREQ0Y3RDEwQUEzNUNGQkNFREY3MjJGQ0E0RjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbw3l3SCZVJYid69sVY7rNOtE4
Qto+0iBD9RnNe7YHFjL8cboul0H0iOswhJT9bvKk2hpIScZDMTGNGff62DHiU4IF
+Ws95ITle9FKiJQ/AOoX75N4sMmpeO76KpJLKGsZacDLApYvVUU/c239v59my4hk
va9HQAnzUMLSUh42mgUyVOjucgTPSqAYopAjjfUSWv8ePz4uEJGeGKX+v9T3PAO7
9FKu40991X3R1mWcANkESzolMqUwbtyK/iIAbCVN53Lx3+/KY49sZ9+zurf+8qez
ygXThCYg6zV5ddczhfIUWktuTJlK6NnGJPPc3Ap/Dxzl9m2t3juhaUgtTmwHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUjUkvQk/J3c99EKo1z7zt9yL8pPIwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMzE5MjQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSi/Mw
DQYJKoZIhvcNAQELBQADggEBAEP835Qv2rCIBN0CuTQkehM37frgDBRETU2O5N9A
GHYunqKCRF7E17T/CwfunLONgVrLaGvilZAordE+iqPE9Wuah4pzyx1Ezvyy9Qyx
WD+z1oeV7TUTd7e0Nhmz/uN2cgs5VcChgaay+ikA8dpCLsgLC3bXiQVi6XN0UYpz
9TbeQRx1lqmg4l1omRrLOKe0xXzwRUl1rO6Dpjc86g6Bwhasv4j+n1httw5sHVZ9
DHqxR0/kMFcyOR5/c8PWbzy9XLV9NGizk6tDVFSMihN0gHmGLnAeNo02jStDFZLz
ttwb8DTkf/ju9seO9xyxLE6e+G6gZOsW1vyFul6lJSIhZrc=
-----END CERTIFICATE-----