Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323131333733.roa
File:                     33312e362e34362e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          Sfx66eaEuRsKyaSGQEElr8fEmYPVUe0cUEz+SGs02FQ=
Subject key identifier:   FE:AE:D5:89:F2:DE:DD:88:63:5A:5B:26:44:EC:A2:EC:44:44:BC:D1
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0A5C8A7ADD96E48E048938BE1AF72FD0322E29DC
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323131333733.roa
Signing time:             Wed 27 May 2026 09:47:17 +0000
ROA not before:           Wed 27 May 2026 09:42:17 +0000
ROA not after:            Wed 26 May 2027 09:47:17 +0000
asID:                     211373
IP address blocks:        31.6.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 19:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:5c:8a:7a:dd:96:e4:8e:04:89:38:be:1a:f7:2f:d0:32:2e:29:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May 27 09:42:17 2026 GMT
            Not After : May 26 09:47:17 2027 GMT
        Subject: CN=FEAED589F2DEDD88635A5B2644ECA2EC4444BCD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:14:19:21:a6:4a:3f:68:5f:ab:b4:84:31:17:
                    cf:7b:6a:f6:f7:af:7b:ac:d9:48:3c:df:d2:aa:1d:
                    a6:c1:25:b2:ac:01:d9:aa:84:b2:f1:fa:74:db:5a:
                    bc:9c:39:57:e3:0a:55:60:7f:39:66:47:e5:d5:4c:
                    93:01:e3:d1:51:13:93:1b:d4:07:7d:e2:f5:84:d5:
                    18:52:b8:28:3a:f3:9a:a9:60:6c:eb:36:67:04:49:
                    8f:8b:7e:10:19:9f:a5:1f:b8:12:db:a7:9b:41:91:
                    68:75:25:55:82:fc:7b:18:b0:ae:da:cd:b7:1a:d2:
                    f8:cc:77:ea:21:d2:d8:65:1b:d9:fc:8c:39:74:6f:
                    91:23:d1:da:5a:3c:23:a4:72:a6:6a:af:75:60:ef:
                    c2:97:f4:54:3a:40:dc:88:a4:11:06:e2:d8:50:a3:
                    e1:4a:e8:18:a5:17:a4:bb:a1:06:bf:42:d8:5a:8f:
                    48:95:3f:15:25:90:40:7d:c8:24:ec:91:c1:5a:94:
                    8b:80:94:60:a1:76:cf:e2:33:27:16:18:e1:da:6e:
                    3c:c5:1a:47:4c:da:0f:c7:a6:96:91:ed:06:fb:7a:
                    19:5e:c4:90:3b:ff:ff:73:42:a2:37:4e:7f:a8:77:
                    99:ce:eb:b5:c9:70:c1:dd:4c:08:7a:6a:f5:18:81:
                    55:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:AE:D5:89:F2:DE:DD:88:63:5A:5B:26:44:EC:A2:EC:44:44:BC:D1
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34362e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:01:34:31:e9:56:2d:a0:a1:f2:5f:b3:e4:f8:ca:e3:ca:c2:
         dc:a7:1d:04:a6:fc:12:a0:e5:3e:6e:73:96:c2:a4:3a:ec:d8:
         64:b8:ba:b7:79:63:8b:e7:35:f0:f5:25:d3:b3:09:fd:39:53:
         dd:d7:22:31:0b:55:6c:1c:d6:e9:84:cb:03:16:62:a0:db:fb:
         3e:26:38:e5:7d:3e:d1:f8:5c:5d:49:e6:f7:45:7c:0d:1a:52:
         34:9c:01:f2:5b:cc:ca:df:be:6b:75:b8:e2:e0:f1:f9:6b:7f:
         17:9d:c4:c0:b4:bc:18:91:c6:01:ff:8a:a3:5d:4b:08:40:ce:
         ed:f4:73:27:45:b7:7b:83:50:53:83:95:72:83:41:e3:cc:58:
         dc:28:56:4e:61:b0:88:a1:ca:f3:2d:fc:f7:aa:cc:77:bc:4a:
         9e:03:93:8c:2c:1d:f4:3e:54:41:9c:15:3d:f2:e4:cc:6e:f8:
         35:4a:fc:e6:d8:f4:68:45:0c:40:70:a6:0a:1e:a6:a5:38:fc:
         0f:96:2b:f4:3e:f7:c9:f8:3d:b6:65:d3:98:7f:67:41:4e:f8:
         a6:96:ce:0f:71:40:29:9c:ec:43:57:f1:75:ad:8f:48:f4:8a:
         9c:52:5a:12:42:6f:61:2e:01:96:92:00:69:6a:5e:80:23:7d:
         c3:ff:7a:82
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUClyKet2W5I4EiTi+Gvcv0DIuKdwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjA1MjcwOTQyMTdaFw0yNzA1MjYwOTQ3MTdaMDMxMTAvBgNV
BAMTKEZFQUVENTg5RjJERUREODg2MzVBNUIyNjQ0RUNBMkVDNDQ0NEJDRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2FBkhpko/aF+rtIQxF897avb3
r3us2Ug839KqHabBJbKsAdmqhLLx+nTbWrycOVfjClVgfzlmR+XVTJMB49FRE5Mb
1Ad94vWE1RhSuCg685qpYGzrNmcESY+LfhAZn6UfuBLbp5tBkWh1JVWC/HsYsK7a
zbca0vjMd+oh0thlG9n8jDl0b5Ej0dpaPCOkcqZqr3Vg78KX9FQ6QNyIpBEG4thQ
o+FK6BilF6S7oQa/Qthaj0iVPxUlkEB9yCTskcFalIuAlGChds/iMycWGOHabjzF
GkdM2g/HppaR7Qb7ehlexJA7//9zQqI3Tn+od5nO67XJcMHdTAh6avUYgVUHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU/q7VifLe3YhjWlsmROyi7EREvNEwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzEzMzM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfBi4w
DQYJKoZIhvcNAQELBQADggEBABIBNDHpVi2gofJfs+T4yuPKwtynHQSm/BKg5T5u
c5bCpDrs2GS4urd5Y4vnNfD1JdOzCf05U93XIjELVWwc1umEywMWYqDb+z4mOOV9
PtH4XF1J5vdFfA0aUjScAfJbzMrfvmt1uOLg8flrfxedxMC0vBiRxgH/iqNdSwhA
zu30cydFt3uDUFODlXKDQePMWNwoVk5hsIihyvMt/PeqzHe8Sp4Dk4wsHfQ+VEGc
FT3y5Mxu+DVK/ObY9GhFDEBwpgoepqU4/A+WK/Q+98n4PbZl05h/Z0FO+KaWzg9x
QCmc7ENX8XWtj0j0ipxSWhJCb2EuAZaSAGlqXoAjfcP/eoI=
-----END CERTIFICATE-----