Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS31715.roa
File:                     AS31715.roa (raw, json)
Hash identifier:          9RCMv3VMV0YTIC34shRyoh8Vu/UfVZ56zSSoCM1+WGM=
Subject key identifier:   AF:54:90:8F:2D:D4:89:AF:34:B6:2A:BC:4E:17:6F:01:84:10:1F:F5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       07E29E0B4FB4F360DFDA2FD3E84D00FE09C9072C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS31715.roa
Signing time:             Thu 19 Mar 2026 01:44:21 +0000
ROA not before:           Thu 19 Mar 2026 01:39:21 +0000
ROA not after:            Thu 18 Mar 2027 01:44:21 +0000
asID:                     31715
IP address blocks:        45.155.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 16:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:e2:9e:0b:4f:b4:f3:60:df:da:2f:d3:e8:4d:00:fe:09:c9:07:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 19 01:39:21 2026 GMT
            Not After : Mar 18 01:44:21 2027 GMT
        Subject: CN=AF54908F2DD489AF34B62ABC4E176F0184101FF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5c:77:c7:55:8f:62:53:ec:51:48:f6:71:d8:
                    3c:47:aa:18:f8:23:50:93:47:a9:a9:c4:34:33:67:
                    60:54:4f:c0:23:14:4d:af:8c:7a:84:61:21:01:50:
                    02:0e:93:d2:95:96:e6:ba:fc:3d:65:d9:69:2c:e9:
                    cd:61:e7:ff:64:40:7b:a9:a7:be:82:6b:2a:94:39:
                    aa:a8:e1:ab:b1:38:99:2b:38:bb:1a:85:7b:91:c1:
                    6d:8c:af:1a:2d:ab:71:83:42:fc:d0:7c:62:40:ca:
                    40:20:50:17:0d:9c:8e:54:38:7c:de:b2:f6:1b:d3:
                    41:4f:d0:ea:2a:05:c5:b5:95:2a:c1:ba:d8:5d:78:
                    9f:23:42:91:7c:64:1e:b1:a1:72:eb:3e:87:2d:00:
                    75:19:35:c2:17:b2:e9:73:44:d7:c1:ee:1e:44:d8:
                    dc:7d:d8:30:02:86:65:ce:7d:79:8a:0e:84:b1:6f:
                    09:e5:8c:d4:5f:7d:93:a9:3c:e4:57:1d:4e:35:db:
                    0c:0a:97:f0:4b:0c:cd:13:2a:07:25:a4:9d:39:02:
                    33:0c:1e:a0:99:8d:02:f3:8f:aa:73:84:c0:01:23:
                    ee:60:21:4b:11:6d:5d:18:ca:85:98:bc:e3:96:41:
                    47:a7:e9:60:2d:96:d6:86:d5:d7:cf:14:f2:57:f4:
                    38:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:54:90:8F:2D:D4:89:AF:34:B6:2A:BC:4E:17:6F:01:84:10:1F:F5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS31715.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:07:c6:ed:92:f3:06:26:ad:1d:5c:0a:bc:f2:da:bb:11:57:
         3c:4a:93:f9:79:20:e4:b8:6f:33:4f:d0:17:2c:76:bd:69:8b:
         e9:ce:b4:29:ab:f7:0b:aa:3a:a2:96:0c:a1:a7:8e:1b:63:06:
         0d:f6:ff:4d:e2:ec:72:29:45:e1:1e:a6:5b:84:06:61:89:c4:
         70:e2:5d:b2:ca:46:be:c1:76:b8:76:42:8c:64:d0:f4:c4:79:
         ac:13:85:cc:89:cd:69:79:9b:39:7c:b8:36:8c:cd:50:64:39:
         f0:d6:6c:f0:d0:ff:35:16:bb:f2:b3:a4:9a:e6:e5:92:6e:52:
         b4:34:c9:a2:ac:75:db:02:c0:95:36:fe:76:4e:49:84:8c:cc:
         60:95:4d:68:06:a4:f4:7c:5a:95:88:da:ff:1f:1e:63:9a:84:
         16:8c:0b:01:32:60:96:70:c4:86:68:e1:84:68:7c:58:17:14:
         18:0d:f7:74:ca:6f:6f:ff:e3:e0:4d:5a:84:9c:9f:d1:70:76:
         f5:78:23:cb:42:96:30:c6:5c:e0:06:ba:ed:a0:3f:0a:73:38:
         b8:61:03:c1:35:d1:81:c2:00:61:1f:2a:49:94:ec:dc:60:45:
         25:5c:28:bc:20:32:fe:8d:7e:f4:f3:64:3b:81:62:5d:be:a6:
         e1:07:7f:0c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUB+KeC0+082Df2i/T6E0A/gnJBywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTkwMTM5MjFaFw0yNzAzMTgwMTQ0MjFaMDMxMTAvBgNV
BAMTKEFGNTQ5MDhGMkRENDg5QUYzNEI2MkFCQzRFMTc2RjAxODQxMDFGRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcXHfHVY9iU+xRSPZx2DxHqhj4
I1CTR6mpxDQzZ2BUT8AjFE2vjHqEYSEBUAIOk9KVlua6/D1l2Wks6c1h5/9kQHup
p76CayqUOaqo4auxOJkrOLsahXuRwW2Mrxotq3GDQvzQfGJAykAgUBcNnI5UOHze
svYb00FP0OoqBcW1lSrButhdeJ8jQpF8ZB6xoXLrPoctAHUZNcIXsulzRNfB7h5E
2Nx92DAChmXOfXmKDoSxbwnljNRffZOpPORXHU412wwKl/BLDM0TKgclpJ05AjMM
HqCZjQLzj6pzhMABI+5gIUsRbV0YyoWYvOOWQUen6WAtltaG1dfPFPJX9DjdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUr1SQjy3Uia80tiq8ThdvAYQQH/UwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzE3MTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtmxIw
DQYJKoZIhvcNAQELBQADggEBAHAHxu2S8wYmrR1cCrzy2rsRVzxKk/l5IOS4bzNP
0Bcsdr1pi+nOtCmr9wuqOqKWDKGnjhtjBg32/03i7HIpReEepluEBmGJxHDiXbLK
Rr7Bdrh2Qoxk0PTEeawThcyJzWl5mzl8uDaMzVBkOfDWbPDQ/zUWu/KzpJrm5ZJu
UrQ0yaKsddsCwJU2/nZOSYSMzGCVTWgGpPR8WpWI2v8fHmOahBaMCwEyYJZwxIZo
4YRofFgXFBgN93TKb2//4+BNWoScn9FwdvV4I8tCljDGXOAGuu2gPwpzOLhhA8E1
0YHCAGEfKkmU7NxgRSVcKLwgMv6NfvTzZDuBYl2+puEHfww=
-----END CERTIFICATE-----