Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa
File:                     33312e362e322e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          WSrHy9xxo7E1Ha5BsfnqSANzEYg5TwSvrOEkklVMHLE=
Subject key identifier:   59:73:CD:22:C3:C6:26:20:E0:59:EB:86:B4:A9:8F:D6:59:CA:81:ED
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       3B75C6C22D874215AA361FC8B5ECBDD3F80474B7
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa
Signing time:             Wed 20 May 2026 08:13:48 +0000
ROA not before:           Wed 20 May 2026 08:08:48 +0000
ROA not after:            Wed 19 May 2027 08:13:48 +0000
asID:                     29802
IP address blocks:        31.6.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 19:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:75:c6:c2:2d:87:42:15:aa:36:1f:c8:b5:ec:bd:d3:f8:04:74:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May 20 08:08:48 2026 GMT
            Not After : May 19 08:13:48 2027 GMT
        Subject: CN=5973CD22C3C62620E059EB86B4A98FD659CA81ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:13:db:14:7a:96:de:0f:e0:25:d9:d2:a5:ed:
                    07:b4:b8:0f:bf:73:18:11:98:a2:04:83:cb:1a:d0:
                    c5:f5:71:72:b3:8d:8a:95:19:59:3a:14:79:63:8b:
                    76:28:25:35:05:87:a5:92:73:35:e7:1f:8c:40:f0:
                    97:5c:6a:75:e9:3d:b4:d6:29:3d:8f:b1:b9:89:2f:
                    1e:14:4e:3b:05:4c:5d:3b:04:7e:e6:20:fd:8d:05:
                    54:c8:a7:85:ae:f1:67:db:17:71:dd:85:71:5d:d6:
                    ae:1e:22:83:fe:38:77:cd:eb:ed:e9:dc:2b:3e:7d:
                    5f:c7:2b:87:20:17:cc:c9:20:6d:bd:71:7a:1d:8f:
                    4d:92:95:cb:f4:96:dd:16:8e:db:27:c6:38:bf:7b:
                    ae:66:6f:d7:35:15:b0:44:51:50:67:5d:23:c9:bf:
                    aa:b5:b6:e4:8d:26:3b:23:8a:e2:97:cf:70:16:0f:
                    19:d7:3d:9d:cd:90:7f:0b:df:72:cd:44:12:08:05:
                    f7:78:84:46:5d:b5:3e:e7:35:50:a0:42:d6:de:87:
                    74:71:89:f2:7d:82:58:79:6f:ae:0e:bd:fd:34:69:
                    1c:41:fd:35:25:38:55:a5:c3:d8:23:cb:08:1f:77:
                    30:c8:22:a6:6e:1f:40:2b:29:c5:ff:90:60:36:af:
                    ac:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:73:CD:22:C3:C6:26:20:E0:59:EB:86:B4:A9:8F:D6:59:CA:81:ED
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e322e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:12:90:14:88:c4:de:b8:3c:85:22:6d:05:ed:5b:45:8d:14:
         40:7b:de:92:0a:8c:58:10:5d:8d:85:e5:3c:d8:cc:40:b7:1a:
         ee:e1:f6:ed:e9:87:64:1b:7a:ed:b3:70:ae:90:22:d0:0d:d5:
         3a:ba:62:65:03:4b:41:3f:57:ad:b6:7b:87:d2:4e:85:a4:da:
         ce:85:54:28:df:f9:31:b5:0f:9f:b9:39:11:e6:4b:01:90:27:
         ac:e7:4f:65:ba:00:2b:bb:0e:67:9d:be:e0:15:5b:7f:ca:f8:
         72:b2:3e:04:b9:ec:fd:60:7d:54:9c:a2:72:bc:21:24:b6:23:
         28:d5:f0:38:09:c9:0b:54:68:37:a6:91:d0:c4:b0:4a:81:40:
         aa:1b:96:bc:c0:e7:d7:19:6c:bf:b6:eb:06:88:6b:33:72:6d:
         ab:3c:f5:f0:72:d7:4d:24:12:9a:eb:c6:7d:5c:eb:b1:a1:48:
         2e:99:4c:d2:9d:35:a7:4c:32:c3:87:e3:5f:a4:10:38:73:e7:
         62:2c:48:02:f7:4d:32:f7:f1:26:72:0a:7c:0d:2e:89:17:b3:
         86:0a:99:7c:88:ae:0c:3b:fe:d0:db:6b:2c:a8:7c:4c:30:9d:
         49:fa:5f:09:aa:e4:ec:a0:e9:5d:48:a6:79:ae:ca:df:f0:1e:
         56:96:79:65
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUO3XGwi2HQhWqNh/Itey90/gEdLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjA1MjAwODA4NDhaFw0yNzA1MTkwODEzNDhaMDMxMTAvBgNV
BAMTKDU5NzNDRDIyQzNDNjI2MjBFMDU5RUI4NkI0QTk4RkQ2NTlDQTgxRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRE9sUepbeD+Al2dKl7Qe0uA+/
cxgRmKIEg8sa0MX1cXKzjYqVGVk6FHlji3YoJTUFh6WSczXnH4xA8JdcanXpPbTW
KT2PsbmJLx4UTjsFTF07BH7mIP2NBVTIp4Wu8WfbF3HdhXFd1q4eIoP+OHfN6+3p
3Cs+fV/HK4cgF8zJIG29cXodj02Slcv0lt0Wjtsnxji/e65mb9c1FbBEUVBnXSPJ
v6q1tuSNJjsjiuKXz3AWDxnXPZ3NkH8L33LNRBIIBfd4hEZdtT7nNVCgQtbeh3Rx
ifJ9glh5b64Ovf00aRxB/TUlOFWlw9gjywgfdzDIIqZuH0ArKcX/kGA2r6xPAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUWXPNIsPGJiDgWeuGtKmP1lnKge0wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTMyMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8GAjANBgkq
hkiG9w0BAQsFAAOCAQEAlxKQFIjE3rg8hSJtBe1bRY0UQHvekgqMWBBdjYXlPNjM
QLca7uH27emHZBt67bNwrpAi0A3VOrpiZQNLQT9XrbZ7h9JOhaTazoVUKN/5MbUP
n7k5EeZLAZAnrOdPZboAK7sOZ52+4BVbf8r4crI+BLns/WB9VJyicrwhJLYjKNXw
OAnJC1RoN6aR0MSwSoFAqhuWvMDn1xlsv7brBohrM3Jtqzz18HLXTSQSmuvGfVzr
saFILplM0p01p0wyw4fjX6QQOHPnYixIAvdNMvfxJnIKfA0uiRezhgqZfIiuDDv+
0NtrLKh8TDCdSfpfCark7KDpXUimea7K3/AeVpZ5ZQ==
-----END CERTIFICATE-----