Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230322e302f32342d3234203d3e203231383539.roa
File:                     33312e39392e3230322e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          PivFy+em9dzGbPGu8x4FOFsif2QpZ9yZJ/cvuxfHAnM=
Subject key identifier:   F0:04:C2:23:42:7F:E3:34:60:5A:4E:74:14:D4:7B:20:4A:ED:02:CB
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       596A5E14BD31E8FB9E89F2C1994A923C35BC2247
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230322e302f32342d3234203d3e203231383539.roa
Signing time:             Tue 19 May 2026 02:38:05 +0000
ROA not before:           Tue 19 May 2026 02:33:05 +0000
ROA not after:            Tue 18 May 2027 02:38:05 +0000
asID:                     21859
IP address blocks:        31.99.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:6a:5e:14:bd:31:e8:fb:9e:89:f2:c1:99:4a:92:3c:35:bc:22:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: May 19 02:33:05 2026 GMT
            Not After : May 18 02:38:05 2027 GMT
        Subject: CN=F004C223427FE334605A4E7414D47B204AED02CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a8:0e:8a:46:dc:33:26:9b:c1:11:57:a3:8c:
                    a8:b6:b8:af:2a:75:26:96:67:a6:00:a5:c6:eb:6c:
                    0f:e9:cf:57:39:3f:7a:b0:7c:35:c1:0d:fc:b8:65:
                    88:10:e8:93:ae:50:9e:a4:4c:9b:2f:52:26:c3:35:
                    2b:0e:43:46:3a:a5:ca:6a:3e:d0:4b:a9:b5:81:9a:
                    b7:a2:af:98:c6:04:b5:02:2d:d4:fb:5e:f1:c4:d6:
                    2e:da:05:2c:54:f5:80:74:72:07:eb:ed:6d:a1:b7:
                    2a:3d:54:57:ee:6e:30:02:d5:ec:3a:70:3c:14:1e:
                    4c:17:e1:2a:a3:45:14:e6:30:15:68:7d:6d:84:61:
                    e0:8b:7b:30:06:9b:62:8c:5e:e3:b8:6c:27:0a:71:
                    5f:f0:b1:8d:75:b4:a1:50:76:70:05:08:0c:20:40:
                    b7:2f:8e:4b:21:33:75:93:c1:01:46:e3:04:d9:27:
                    29:9c:21:53:6d:e6:56:3a:db:9d:9f:13:86:3d:3c:
                    6a:9c:e3:03:57:c4:71:88:e5:29:dd:f1:cd:4d:6a:
                    ca:f7:66:a4:46:7b:88:ca:78:36:a2:11:b5:4a:18:
                    53:44:db:8c:52:35:6d:39:f0:eb:36:29:e4:78:50:
                    78:9e:ac:50:33:83:b0:10:8e:22:2b:19:37:91:a6:
                    47:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:04:C2:23:42:7F:E3:34:60:5A:4E:74:14:D4:7B:20:4A:ED:02:CB
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/33312e39392e3230322e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.99.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:55:f6:99:22:e3:34:5e:55:33:8c:8e:55:21:c3:04:ce:77:
         a2:f2:a3:67:99:32:4a:cb:c9:ef:08:cc:1c:df:bb:21:d2:6c:
         13:62:49:22:19:af:33:7f:25:d2:3b:06:39:29:eb:86:1b:fa:
         a2:44:b4:a6:e8:99:44:f8:93:a9:69:e1:5a:40:c2:5f:80:18:
         94:ec:2f:1b:96:1f:90:d1:69:5c:58:d7:ed:75:f5:58:ef:51:
         66:98:9d:05:ac:38:8a:8a:16:5f:af:60:b0:82:fa:95:6f:bd:
         48:44:1d:95:bf:4f:58:04:31:96:9d:1e:9b:a7:38:4e:d5:80:
         75:a4:1c:60:29:0b:bd:10:42:df:7d:ff:3c:0c:42:66:bb:ee:
         29:b1:58:2d:38:d2:8e:d1:a2:c5:c0:cd:2c:4b:27:90:3a:7d:
         8d:4b:5d:83:8d:cc:11:42:1a:f9:8d:dd:83:07:16:55:19:ca:
         65:05:ad:30:e7:42:1b:5e:c5:7c:c5:fd:48:4f:03:e4:22:95:
         4e:99:0e:59:58:b1:7b:82:08:35:bb:cb:dc:4f:23:51:5a:90:
         a8:e9:9c:cc:89:88:10:a4:42:b4:a5:11:d2:87:e1:be:b7:71:
         a7:e0:48:df:dc:57:de:2b:b7:02:3a:9f:c2:ba:a4:26:03:8d:
         f3:49:84:0f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWWpeFL0x6PueifLBmUqSPDW8IkcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjA1MTkwMjMzMDVaFw0yNzA1MTgwMjM4MDVaMDMxMTAvBgNV
BAMTKEYwMDRDMjIzNDI3RkUzMzQ2MDVBNEU3NDE0RDQ3QjIwNEFFRDAyQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgqA6KRtwzJpvBEVejjKi2uK8q
dSaWZ6YApcbrbA/pz1c5P3qwfDXBDfy4ZYgQ6JOuUJ6kTJsvUibDNSsOQ0Y6pcpq
PtBLqbWBmreir5jGBLUCLdT7XvHE1i7aBSxU9YB0cgfr7W2htyo9VFfubjAC1ew6
cDwUHkwX4SqjRRTmMBVofW2EYeCLezAGm2KMXuO4bCcKcV/wsY11tKFQdnAFCAwg
QLcvjkshM3WTwQFG4wTZJymcIVNt5lY6252fE4Y9PGqc4wNXxHGI5Snd8c1Nasr3
ZqRGe4jKeDaiEbVKGFNE24xSNW058Os2KeR4UHierFAzg7AQjiIrGTeRpkejAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8ATCI0J/4zRgWk50FNR7IErtAsswHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzMzMTJlMzkzOTJlMzIzMDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB9j
yjANBgkqhkiG9w0BAQsFAAOCAQEAG1X2mSLjNF5VM4yOVSHDBM53ovKjZ5kySsvJ
7wjMHN+7IdJsE2JJIhmvM38l0jsGOSnrhhv6okS0puiZRPiTqWnhWkDCX4AYlOwv
G5YfkNFpXFjX7XX1WO9RZpidBaw4iooWX69gsIL6lW+9SEQdlb9PWAQxlp0em6c4
TtWAdaQcYCkLvRBC333/PAxCZrvuKbFYLTjSjtGixcDNLEsnkDp9jUtdg43MEUIa
+Y3dgwcWVRnKZQWtMOdCG17FfMX9SE8D5CKVTpkOWVixe4IINbvL3E8jUVqQqOmc
zImIEKRCtKUR0ofhvrdxp+BI39xX3iu3AjqfwrqkJgON80mEDw==
-----END CERTIFICATE-----