Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203137343937.roa
File:                     33312e32342e3235332e302f32342d3234203d3e203137343937.roa (raw, json)
Hash identifier:          wTztCnaL9YOZ3UHBbmcPps2JmtiVZ8m0oFwlUM76cZo=
Subject key identifier:   00:20:A4:CB:63:61:E3:41:AB:4A:91:16:EA:FB:8A:90:CE:D2:A3:F3
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       1384EF0582FE08B8ABADEA54EC43DA0758DC2C91
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203137343937.roa
Signing time:             Fri 27 Feb 2026 09:17:01 +0000
ROA not before:           Fri 27 Feb 2026 09:12:01 +0000
ROA not after:            Fri 26 Feb 2027 09:17:01 +0000
asID:                     17497
IP address blocks:        31.24.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Mar 2026 02:41:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:84:ef:05:82:fe:08:b8:ab:ad:ea:54:ec:43:da:07:58:dc:2c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Feb 27 09:12:01 2026 GMT
            Not After : Feb 26 09:17:01 2027 GMT
        Subject: CN=0020A4CB6361E341AB4A9116EAFB8A90CED2A3F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3b:4c:ef:5f:15:21:56:b0:a9:e3:51:ba:c0:
                    c6:1f:7b:e4:cd:fb:55:e6:f6:4f:c8:c7:73:46:50:
                    ad:d1:f0:37:78:b9:41:1f:68:e0:38:8b:50:1e:4e:
                    8b:64:8e:73:81:ba:cb:85:77:c3:32:ee:51:1d:60:
                    55:b1:35:59:41:53:97:20:01:50:12:1f:bf:8a:d5:
                    3f:e6:b1:60:09:40:62:38:01:ca:44:ee:c9:03:30:
                    2c:dd:a2:34:b8:3b:14:fd:0d:98:88:81:50:05:29:
                    69:c0:75:b5:7c:2b:f4:35:19:7d:23:f7:26:af:3c:
                    a4:13:b2:d3:5e:e5:75:36:0f:39:24:e9:c1:09:81:
                    c1:c5:34:f6:28:3b:e2:e2:c2:c9:71:ab:9f:cc:36:
                    93:68:4a:bb:51:93:7c:b4:12:86:f0:57:ec:51:92:
                    d9:6d:de:a2:9c:20:15:b0:20:75:b0:d7:a3:a1:32:
                    29:9f:0e:fc:fa:71:8f:f8:e5:f4:26:5a:4d:11:bd:
                    17:c9:ed:bf:bd:29:ad:6e:3b:c4:ab:e6:1f:01:ac:
                    3c:a3:3a:1e:49:b2:c6:0a:93:1d:9e:19:a2:ff:b2:
                    a7:4e:03:87:ba:7a:b7:40:24:81:6f:c4:24:d9:b9:
                    6f:08:5b:b9:80:79:63:76:b8:74:81:16:65:c9:77:
                    dc:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:20:A4:CB:63:61:E3:41:AB:4A:91:16:EA:FB:8A:90:CE:D2:A3:F3
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/33312e32342e3235332e302f32342d3234203d3e203137343937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b9:14:96:a6:ac:a1:87:b0:b6:23:7d:4e:7e:a9:53:b6:5f:
         61:04:13:16:8d:a8:d2:68:23:10:c0:7a:19:c5:1b:7c:3a:5e:
         11:73:61:e3:79:8d:1f:67:2f:76:4e:e1:1c:75:93:f1:80:60:
         8c:1b:9c:1d:69:1d:38:9a:3b:8d:ed:70:65:90:cc:2b:81:0f:
         2f:39:d9:a0:d3:50:a0:9d:de:0e:0f:ac:6b:62:51:f4:58:f3:
         45:55:9d:7f:db:14:32:ee:f3:bb:05:2c:d1:ab:6b:83:00:f9:
         d3:90:c5:78:7a:93:81:b0:d6:a8:82:77:02:26:1a:51:e4:68:
         de:ee:fd:60:c1:f1:11:0a:41:0e:52:1d:6e:33:6e:32:96:ef:
         92:00:50:02:fc:51:32:32:2d:ab:5d:cb:eb:d9:08:0c:bc:da:
         7d:e7:da:e1:b9:34:dc:87:e8:de:84:27:bb:33:15:ed:8e:91:
         4f:3a:ec:11:0e:39:f7:44:39:a2:24:22:8b:59:42:ea:9e:a9:
         24:5c:c6:fa:38:d7:e5:ab:88:3d:e8:23:e6:4b:5c:c7:97:82:
         cc:be:52:45:c2:67:75:40:42:dd:d4:6e:ce:66:b5:a2:7a:39:
         28:a6:a8:aa:b4:de:9e:e9:e5:20:88:13:cf:d9:fd:78:bb:08:
         47:16:29:01
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE4TvBYL+CLirrepU7EPaB1jcLJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNjAyMjcwOTEyMDFaFw0yNzAyMjYwOTE3MDFaMDMxMTAvBgNV
BAMTKDAwMjBBNENCNjM2MUUzNDFBQjRBOTExNkVBRkI4QTkwQ0VEMkEzRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCO0zvXxUhVrCp41G6wMYfe+TN
+1Xm9k/Ix3NGUK3R8Dd4uUEfaOA4i1AeTotkjnOBusuFd8My7lEdYFWxNVlBU5cg
AVASH7+K1T/msWAJQGI4AcpE7skDMCzdojS4OxT9DZiIgVAFKWnAdbV8K/Q1GX0j
9yavPKQTstNe5XU2Dzkk6cEJgcHFNPYoO+Liwslxq5/MNpNoSrtRk3y0EobwV+xR
ktlt3qKcIBWwIHWw16OhMimfDvz6cY/45fQmWk0RvRfJ7b+9Ka1uO8Sr5h8BrDyj
Oh5JssYKkx2eGaL/sqdOA4e6erdAJIFvxCTZuW8IW7mAeWN2uHSBFmXJd9zLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUACCky2Nh40GrSpEW6vuKkM7So/MwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzMzMTJlMzIzNDJlMzIzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM0MzkzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8Y
/TANBgkqhkiG9w0BAQsFAAOCAQEAGrkUlqasoYewtiN9Tn6pU7ZfYQQTFo2o0mgj
EMB6GcUbfDpeEXNh43mNH2cvdk7hHHWT8YBgjBucHWkdOJo7je1wZZDMK4EPLznZ
oNNQoJ3eDg+sa2JR9FjzRVWdf9sUMu7zuwUs0atrgwD505DFeHqTgbDWqIJ3AiYa
UeRo3u79YMHxEQpBDlIdbjNuMpbvkgBQAvxRMjItq13L69kIDLzafefa4bk03Ifo
3oQnuzMV7Y6RTzrsEQ4590Q5oiQii1lC6p6pJFzG+jjX5auIPegj5ktcx5eCzL5S
RcJndUBC3dRuzma1ono5KKaoqrTenunlIIgTz9n9eLsIRxYpAQ==
-----END CERTIFICATE-----