Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS31221.roa
File:                     AS31221.roa (raw, json)
Hash identifier:          qRp66KANrbTD2XDZkZ5ixOSFgS+gvQowNldEAUsXGBQ=
Subject key identifier:   52:16:A4:F2:C6:A1:CF:25:46:42:73:41:0A:15:71:CD:F9:7D:09:C9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5F623D705711D7A0A10DFD9A917997937F1C690A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS31221.roa
Signing time:             Fri 14 Feb 2025 10:55:00 +0000
ROA not before:           Fri 14 Feb 2025 10:50:00 +0000
ROA not after:            Fri 13 Feb 2026 10:55:00 +0000
asID:                     31221
IP address blocks:        5.252.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:62:3d:70:57:11:d7:a0:a1:0d:fd:9a:91:79:97:93:7f:1c:69:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 14 10:50:00 2025 GMT
            Not After : Feb 13 10:55:00 2026 GMT
        Subject: CN=5216A4F2C6A1CF25464273410A1571CDF97D09C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4d:30:9f:ee:3c:3d:47:5e:53:69:77:a3:47:
                    9b:f9:12:21:4b:ac:3a:ca:c1:28:49:da:44:c4:52:
                    81:06:c9:5b:2e:d9:a7:9b:a6:86:35:68:45:23:ef:
                    bf:a1:a1:8f:3e:3a:6c:ed:26:aa:63:31:9a:a2:23:
                    f6:75:9a:f8:6f:12:8d:dc:eb:4a:36:d2:ad:72:5a:
                    2d:67:b9:a0:c2:14:b0:be:44:0f:60:d0:f7:c5:86:
                    4b:51:3e:00:63:88:27:11:75:8d:7a:d9:49:73:ba:
                    bf:43:b9:c3:66:cd:4e:81:6f:9b:84:6b:04:6d:2c:
                    a2:b7:6e:8f:58:26:ee:83:9f:58:f2:61:19:35:72:
                    3f:8b:7f:32:74:67:e2:97:48:09:fa:3c:c3:e3:15:
                    97:e9:89:66:06:6d:3b:78:1f:cc:2f:d5:58:6d:17:
                    c8:5a:b5:ed:ba:21:de:9b:98:86:58:e5:4e:fd:00:
                    5a:72:37:b4:29:ae:a2:b5:8a:57:88:bb:ed:3b:cc:
                    27:8c:76:0a:29:b9:c0:b5:c8:8d:28:ed:39:6d:22:
                    f3:5e:40:81:8c:c5:41:bc:16:1f:75:29:4c:fb:3c:
                    ad:a3:ce:86:d1:eb:85:d8:79:b0:72:ca:4c:e2:db:
                    69:c4:c3:7e:74:a9:ce:7e:b4:cc:2b:4e:a3:2d:cc:
                    70:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:16:A4:F2:C6:A1:CF:25:46:42:73:41:0A:15:71:CD:F9:7D:09:C9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS31221.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:72:75:43:03:4b:a9:be:b3:32:71:03:08:bb:3e:e3:44:af:
         4b:ee:9f:da:25:8a:be:dd:9f:ed:c6:50:83:5d:fb:d3:4f:f1:
         65:68:44:3f:5c:1e:54:09:d1:5c:90:46:3f:72:23:f5:01:74:
         d6:34:6f:33:d4:0c:01:22:4a:77:df:8a:6a:bb:dd:3b:46:6b:
         37:76:22:74:6e:71:da:54:1e:0e:a3:1d:1c:8d:e0:63:5d:bf:
         5e:0b:9c:ed:37:2d:8e:87:43:1c:5e:2c:5d:43:15:ed:40:c6:
         d4:1c:af:2b:16:f9:62:1a:46:bf:2f:0f:72:a2:39:87:3f:20:
         da:d8:74:1c:fe:66:03:1f:cc:2e:7b:27:5a:43:0c:78:f0:bb:
         45:c5:95:1e:d7:23:82:f7:6c:ba:bd:24:c5:27:0a:26:e2:8c:
         1d:5d:6c:a1:c9:31:a0:bf:ce:02:4b:37:48:f8:f8:66:26:8b:
         f8:88:8c:3f:2d:34:75:31:d2:5b:0a:d7:37:b4:d4:fb:83:62:
         35:0b:19:f5:bc:4d:35:f6:26:a7:a4:b9:95:51:b2:bf:ec:29:
         7a:08:24:50:30:5b:b6:7a:b2:46:ad:75:ae:7d:eb:61:bd:b4:
         24:fb:29:7a:c9:bd:85:b2:fb:80:bc:f7:39:9e:7e:66:fe:2e:
         db:bb:67:77
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUX2I9cFcR16ChDf2akXmXk38caQowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMTQxMDUwMDBaFw0yNjAyMTMxMDU1MDBaMDMxMTAvBgNV
BAMTKDUyMTZBNEYyQzZBMUNGMjU0NjQyNzM0MTBBMTU3MUNERjk3RDA5QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBTTCf7jw9R15TaXejR5v5EiFL
rDrKwShJ2kTEUoEGyVsu2aebpoY1aEUj77+hoY8+OmztJqpjMZqiI/Z1mvhvEo3c
60o20q1yWi1nuaDCFLC+RA9g0PfFhktRPgBjiCcRdY162Ulzur9DucNmzU6Bb5uE
awRtLKK3bo9YJu6Dn1jyYRk1cj+LfzJ0Z+KXSAn6PMPjFZfpiWYGbTt4H8wv1Vht
F8hate26Id6bmIZY5U79AFpyN7QprqK1ileIu+07zCeMdgopucC1yI0o7TltIvNe
QIGMxUG8Fh91KUz7PK2jzobR64XYebByykzi22nEw350qc5+tMwrTqMtzHCJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUUhak8sahzyVGQnNBChVxzfl9CckwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzEyMjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF/FIw
DQYJKoZIhvcNAQELBQADggEBAHdydUMDS6m+szJxAwi7PuNEr0vun9olir7dn+3G
UINd+9NP8WVoRD9cHlQJ0VyQRj9yI/UBdNY0bzPUDAEiSnffimq73TtGazd2InRu
cdpUHg6jHRyN4GNdv14LnO03LY6HQxxeLF1DFe1AxtQcrysW+WIaRr8vD3KiOYc/
INrYdBz+ZgMfzC57J1pDDHjwu0XFlR7XI4L3bLq9JMUnCibijB1dbKHJMaC/zgJL
N0j4+GYmi/iIjD8tNHUx0lsK1ze01PuDYjULGfW8TTX2JqekuZVRsr/sKXoIJFAw
W7Z6skatda5962G9tCT7KXrJvYWy+4C89zmefmb+Ltu7Z3c=
-----END CERTIFICATE-----