Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS31715.roa
File:                     AS31715.roa (raw, json)
Hash identifier:          3lHIu07nsETOu8EZDYpWOQus+Iv28juO73L8fU9HAKo=
Subject key identifier:   85:63:33:E6:FF:07:07:C7:5D:78:44:CD:33:04:E7:AD:90:56:40:B9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       557169495F70D76C6244F1BACD2F659B3F11478D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS31715.roa
Signing time:             Thu 11 Sep 2025 00:09:09 +0000
ROA not before:           Thu 11 Sep 2025 00:04:09 +0000
ROA not after:            Thu 10 Sep 2026 00:09:09 +0000
asID:                     31715
IP address blocks:        82.23.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:71:69:49:5f:70:d7:6c:62:44:f1:ba:cd:2f:65:9b:3f:11:47:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 11 00:04:09 2025 GMT
            Not After : Sep 10 00:09:09 2026 GMT
        Subject: CN=856333E6FF0707C75D7844CD3304E7AD905640B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3d:6e:6c:be:d3:37:86:8f:be:3d:8b:ff:b4:
                    2a:04:74:6a:a3:68:f8:d2:22:8c:bd:bf:39:da:56:
                    39:cf:92:1b:96:da:fd:5c:1c:d8:a9:ac:40:f1:d4:
                    06:7c:8d:29:6d:e4:ba:b0:08:95:f0:be:fe:71:c6:
                    7e:b4:a6:0a:70:1d:72:c1:48:e7:4d:77:85:c1:06:
                    98:e4:41:94:5a:23:b4:ec:81:1a:9a:9e:8f:bc:7f:
                    75:73:20:04:cb:46:7b:a6:f2:2c:62:12:d8:09:01:
                    c1:9f:9f:fe:83:3f:17:04:d2:40:ee:25:b0:04:91:
                    e6:93:15:af:fe:3a:78:02:ba:2f:db:f8:7b:d9:8d:
                    2b:5e:6d:fb:21:17:02:38:66:d5:f7:03:ac:e8:fc:
                    bf:b8:8f:45:68:fc:e9:c2:ae:00:57:45:46:66:a6:
                    fd:6a:32:a8:1f:01:ca:e0:5b:65:cf:d8:40:22:aa:
                    d2:d3:e4:4c:77:6c:e4:aa:ef:2e:ce:e8:0c:05:54:
                    48:ff:e5:94:12:b1:de:fc:63:07:7f:04:71:bb:42:
                    61:c3:0d:29:dd:bb:65:67:77:00:c0:9d:37:bb:50:
                    ab:6f:57:12:be:a5:be:5d:6e:1a:36:09:08:ec:c5:
                    05:3d:3b:74:aa:fe:52:ec:7b:9a:6b:23:f4:73:40:
                    7b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:63:33:E6:FF:07:07:C7:5D:78:44:CD:33:04:E7:AD:90:56:40:B9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS31715.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e1:85:ae:f0:75:6a:ab:89:e8:c9:f5:c0:14:d2:79:e0:8b:
         d0:90:d2:0c:f6:c7:6a:9b:39:9a:24:3e:61:15:59:36:c6:d5:
         94:f9:7b:e7:98:d3:55:8b:d6:6e:6a:f1:22:d1:f4:ca:27:90:
         b2:26:76:28:8e:5f:7b:bd:9d:e7:b0:aa:4a:8e:d7:93:bf:06:
         e1:0a:12:ef:42:e5:5d:6f:14:d7:76:48:70:7c:04:5b:2f:0b:
         e6:ec:96:e6:ef:b1:fb:42:aa:d8:d0:34:98:f1:08:2c:46:b8:
         a2:2c:33:9c:1f:20:db:3c:8e:47:3b:c4:e0:5a:f5:2a:40:26:
         2a:ec:78:0a:00:41:64:6d:f4:e6:68:5c:fd:84:dd:57:c3:ba:
         0f:55:73:1a:90:97:13:46:58:ac:3d:c9:8f:df:2c:34:5c:96:
         95:fa:86:e7:8c:6e:56:93:8f:0d:ca:ec:04:cd:60:77:d4:7c:
         bf:8a:2e:2b:0f:4d:2c:b1:aa:89:4f:bd:68:78:01:0e:ab:28:
         d9:6f:f7:c8:35:df:cb:22:7d:f8:f8:2a:95:27:83:62:18:91:
         00:39:a0:f3:63:14:5c:6a:4a:84:a2:82:83:8f:6e:05:69:be:
         a7:42:1d:8c:ce:cf:2d:f0:e5:5f:cb:44:11:58:47:83:d7:dd:
         b9:94:7a:a5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVXFpSV9w12xiRPG6zS9lmz8RR40wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MTEwMDA0MDlaFw0yNjA5MTAwMDA5MDlaMDMxMTAvBgNV
BAMTKDg1NjMzM0U2RkYwNzA3Qzc1RDc4NDRDRDMzMDRFN0FEOTA1NjQwQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9PW5svtM3ho++PYv/tCoEdGqj
aPjSIoy9vznaVjnPkhuW2v1cHNiprEDx1AZ8jSlt5LqwCJXwvv5xxn60pgpwHXLB
SOdNd4XBBpjkQZRaI7TsgRqano+8f3VzIATLRnum8ixiEtgJAcGfn/6DPxcE0kDu
JbAEkeaTFa/+OngCui/b+HvZjStebfshFwI4ZtX3A6zo/L+4j0Vo/OnCrgBXRUZm
pv1qMqgfAcrgW2XP2EAiqtLT5Ex3bOSq7y7O6AwFVEj/5ZQSsd78Ywd/BHG7QmHD
DSndu2VndwDAnTe7UKtvVxK+pb5dbho2CQjsxQU9O3Sq/lLse5prI/RzQHtdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUhWMz5v8HB8ddeETNMwTnrZBWQLkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzE3MTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSF6ww
DQYJKoZIhvcNAQELBQADggEBAAvhha7wdWqriejJ9cAU0nngi9CQ0gz2x2qbOZok
PmEVWTbG1ZT5e+eY01WL1m5q8SLR9MonkLImdiiOX3u9neewqkqO15O/BuEKEu9C
5V1vFNd2SHB8BFsvC+bslubvsftCqtjQNJjxCCxGuKIsM5wfINs8jkc7xOBa9SpA
JirseAoAQWRt9OZoXP2E3VfDug9VcxqQlxNGWKw9yY/fLDRclpX6hueMblaTjw3K
7ATNYHfUfL+KLisPTSyxqolPvWh4AQ6rKNlv98g138siffj4KpUng2IYkQA5oPNj
FFxqSoSigoOPbgVpvqdCHYzOzy3w5V/LRBFYR4PX3bmUeqU=
-----END CERTIFICATE-----