Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS42831.roa
File:                     AS42831.roa (raw, json)
Hash identifier:          Bp4gG8+5LHxJ234yAjESHKLSyGrSq0RwY5i39wRl9wg=
Subject key identifier:   74:A1:B3:A1:EE:9B:4C:35:9B:1D:05:95:E3:1D:10:C3:55:C6:D3:18
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5ED459E9897A5E7B1963097A3AD43177162DE38C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS42831.roa
Signing time:             Fri 28 Mar 2025 20:27:56 +0000
ROA not before:           Fri 28 Mar 2025 20:22:56 +0000
ROA not after:            Fri 27 Mar 2026 20:27:56 +0000
asID:                     42831
IP address blocks:        91.199.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:d4:59:e9:89:7a:5e:7b:19:63:09:7a:3a:d4:31:77:16:2d:e3:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 28 20:22:56 2025 GMT
            Not After : Mar 27 20:27:56 2026 GMT
        Subject: CN=74A1B3A1EE9B4C359B1D0595E31D10C355C6D318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4a:7a:1d:59:c2:78:1a:78:70:4a:3d:e3:e8:
                    7b:17:21:11:ea:20:dc:3d:b8:80:6d:ed:64:31:17:
                    be:84:ec:25:25:43:79:34:e7:57:63:53:47:db:00:
                    6f:46:33:73:cc:44:8a:ba:b4:03:4e:b5:27:d1:7e:
                    76:74:02:87:cc:01:95:37:fd:0f:6c:81:a4:b2:37:
                    90:7a:ae:54:df:f8:b0:f9:9a:8f:bb:6a:83:6e:fc:
                    47:6b:05:8e:35:68:a0:88:8e:82:96:2e:6f:cb:1b:
                    f8:8f:96:8f:c9:c3:f8:2a:86:34:2e:1a:19:16:e1:
                    09:72:ed:6a:9d:ff:85:69:c4:22:72:8c:08:07:bb:
                    19:7f:00:04:b9:7c:3a:6e:ee:82:05:42:5b:63:c4:
                    e5:9c:d1:74:5f:1b:ea:64:56:57:c8:0b:d0:bb:3c:
                    25:31:49:b3:08:a2:a2:67:86:53:fc:cd:c6:39:99:
                    72:04:0c:5d:7d:62:d1:a5:5f:3e:33:bc:18:e8:54:
                    6b:8a:3a:bf:ab:c9:e2:b8:cf:9c:92:41:86:f9:fa:
                    d6:b0:04:a9:29:42:61:44:84:90:91:20:66:bf:7c:
                    ff:6c:37:75:18:4d:26:2c:b2:c4:2a:bf:41:24:1b:
                    c3:6b:2d:94:43:a6:55:f8:0d:88:be:2f:a8:54:e4:
                    2d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:A1:B3:A1:EE:9B:4C:35:9B:1D:05:95:E3:1D:10:C3:55:C6:D3:18
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS42831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:58:12:ef:ef:22:5b:b3:23:05:b1:d6:5b:7d:e3:46:3f:3c:
         38:35:b8:65:d3:99:08:17:7b:3f:bb:ec:89:df:bb:5d:65:73:
         e0:ad:f4:4c:78:f0:46:55:c2:c1:f5:bf:38:37:75:2a:93:f5:
         bb:c4:f9:26:3f:95:a7:ee:00:1f:fd:9e:99:93:0e:2b:f7:fa:
         da:bf:d1:0a:51:31:6b:26:04:9a:9e:77:58:1d:51:48:4e:80:
         ea:4a:54:14:37:21:63:57:ed:9a:c8:37:02:4b:97:8b:9d:d8:
         04:dc:b3:da:cb:a1:dd:74:68:88:25:4f:bb:1c:cb:cf:6c:0f:
         dd:6f:78:51:4f:20:79:58:92:26:14:2e:15:4e:f7:c5:86:83:
         19:9e:ac:e5:b6:01:2b:c9:2e:4e:e6:5b:d3:05:a9:96:ce:b5:
         7e:7a:60:e3:73:b1:b3:0a:ab:a4:9f:08:bb:ef:c1:1b:7c:39:
         ad:fc:34:f9:41:5a:70:bc:f8:ed:a1:1c:ac:48:78:ce:5e:a6:
         25:58:6a:55:9d:c2:74:19:f4:55:27:62:d5:bf:30:a6:79:57:
         5a:7d:d1:ee:d0:c7:ec:55:a5:22:15:1a:9b:c2:09:a3:9c:fe:
         8c:5c:25:32:60:f4:69:57:14:53:e3:5d:b2:8a:c7:72:44:ca:
         b7:83:0f:38
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXtRZ6Yl6XnsZYwl6OtQxdxYt44wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMjgyMDIyNTZaFw0yNjAzMjcyMDI3NTZaMDMxMTAvBgNV
BAMTKDc0QTFCM0ExRUU5QjRDMzU5QjFEMDU5NUUzMUQxMEMzNTVDNkQzMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoSnodWcJ4GnhwSj3j6HsXIRHq
INw9uIBt7WQxF76E7CUlQ3k051djU0fbAG9GM3PMRIq6tANOtSfRfnZ0AofMAZU3
/Q9sgaSyN5B6rlTf+LD5mo+7aoNu/EdrBY41aKCIjoKWLm/LG/iPlo/Jw/gqhjQu
GhkW4Qly7Wqd/4VpxCJyjAgHuxl/AAS5fDpu7oIFQltjxOWc0XRfG+pkVlfIC9C7
PCUxSbMIoqJnhlP8zcY5mXIEDF19YtGlXz4zvBjoVGuKOr+ryeK4z5ySQYb5+taw
BKkpQmFEhJCRIGa/fP9sN3UYTSYsssQqv0EkG8NrLZRDplX4DYi+L6hU5C37AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUdKGzoe6bTDWbHQWV4x0Qw1XG0xgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDI4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbx6ww
DQYJKoZIhvcNAQELBQADggEBACJYEu/vIluzIwWx1lt940Y/PDg1uGXTmQgXez+7
7Infu11lc+Ct9Ex48EZVwsH1vzg3dSqT9bvE+SY/lafuAB/9npmTDiv3+tq/0QpR
MWsmBJqed1gdUUhOgOpKVBQ3IWNX7ZrINwJLl4ud2ATcs9rLod10aIglT7scy89s
D91veFFPIHlYkiYULhVO98WGgxmerOW2ASvJLk7mW9MFqZbOtX56YONzsbMKq6Sf
CLvvwRt8Oa38NPlBWnC8+O2hHKxIeM5epiVYalWdwnQZ9FUnYtW/MKZ5V1p90e7Q
x+xVpSIVGpvCCaOc/oxcJTJg9GlXFFPjXbKKx3JEyreDDzg=
-----END CERTIFICATE-----