Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34382e302f32342d3234203d3e203630393439.roa
File:                     33312e362e34382e302f32342d3234203d3e203630393439.roa (raw, json)
Hash identifier:          3o3gPWkNOu+DLwcTSaq+aDuSLseK58Gz2OR2Uu74xVA=
Subject key identifier:   B1:95:A9:A4:C3:BB:1C:FC:03:74:14:6A:A3:7F:F4:D7:6B:E2:26:48
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       78814D86B0F46A3B9373C2093A32468CB020B1CF
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34382e302f32342d3234203d3e203630393439.roa
Signing time:             Mon 02 Mar 2026 07:54:54 +0000
ROA not before:           Mon 02 Mar 2026 07:49:54 +0000
ROA not after:            Mon 01 Mar 2027 07:54:54 +0000
asID:                     60949
IP address blocks:        31.6.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Mar 2026 21:22:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:81:4d:86:b0:f4:6a:3b:93:73:c2:09:3a:32:46:8c:b0:20:b1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar  2 07:49:54 2026 GMT
            Not After : Mar  1 07:54:54 2027 GMT
        Subject: CN=B195A9A4C3BB1CFC0374146AA37FF4D76BE22648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4f:07:e0:8e:76:d1:3a:d5:38:68:b7:ad:bc:
                    ed:3f:f9:ee:07:b6:56:16:4b:5d:87:76:05:3a:a9:
                    5e:24:72:56:e5:42:5b:8e:02:0d:17:e2:4c:84:5d:
                    21:68:2b:e6:2a:19:bf:2a:93:f5:6f:d9:23:60:02:
                    0a:81:56:3d:7b:27:b2:15:fd:72:f2:ad:ab:ca:ae:
                    56:a5:5f:61:e1:63:a6:58:2f:47:80:e9:b8:79:d0:
                    92:71:63:91:21:56:6e:df:78:2d:64:92:d3:98:6b:
                    31:e5:d1:41:d3:63:19:00:7a:31:f6:dd:48:45:b8:
                    99:45:98:bc:25:56:96:7d:59:43:ab:e6:03:a0:12:
                    49:02:b7:8f:36:2c:a6:86:b1:d3:3e:2d:65:d2:e1:
                    01:1b:0d:be:cf:c4:b6:a4:07:ff:60:1c:63:1b:02:
                    4d:32:63:eb:33:9d:78:14:c6:f5:13:5f:81:b9:07:
                    a1:c5:aa:4d:ea:41:e4:2c:e8:8a:7f:f8:45:cd:bc:
                    70:07:5d:b6:dc:20:df:a6:c2:6b:e1:a2:a1:a1:d6:
                    c9:ae:6f:1d:3d:d8:6e:42:27:aa:94:03:5d:76:d5:
                    be:03:8a:5d:ef:cf:44:ca:46:42:fd:ba:bc:07:41:
                    1a:65:26:32:1c:bb:1a:55:0c:97:bb:32:8c:54:f9:
                    0c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:95:A9:A4:C3:BB:1C:FC:03:74:14:6A:A3:7F:F4:D7:6B:E2:26:48
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e34382e302f32342d3234203d3e203630393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:d5:94:6c:4a:30:52:cf:39:64:ab:5b:09:c6:9c:3f:ca:3a:
         53:54:9b:45:72:0d:4f:1b:a3:f8:f5:4c:3b:6e:6f:13:cd:e4:
         01:f3:a4:9d:63:03:37:73:38:64:9d:66:ad:e4:94:44:2c:38:
         07:f9:18:c8:0d:1f:c0:2a:88:f0:d9:6d:2f:fe:e1:3b:f2:4e:
         62:99:87:88:0b:da:8a:d5:d8:37:8d:00:db:0a:21:d4:28:d0:
         d5:47:d1:89:4c:4a:6a:87:2d:91:0d:bf:0d:61:09:6d:b8:92:
         35:19:c0:f6:eb:77:b7:32:d1:80:bc:37:8b:43:5b:13:be:56:
         49:60:c0:24:92:d8:ec:51:cb:33:ba:23:65:31:13:e3:f2:ec:
         36:fc:5c:ae:1f:64:28:72:40:cd:d0:15:99:cf:f6:70:bd:d1:
         25:73:64:26:9b:79:d0:d0:85:6e:51:d6:9c:a6:9a:a8:86:16:
         57:7a:20:9a:7e:5f:5a:1e:02:a0:3b:75:93:a7:c4:c6:ab:4f:
         5d:f3:9c:43:e1:f0:fd:48:cb:cf:bf:7f:f2:ad:57:eb:e5:b4:
         cf:79:5e:8f:51:90:da:76:b8:c2:10:a9:d4:72:8d:83:18:ce:
         b5:d6:f9:46:2d:e2:e1:84:73:13:f5:09:1b:9b:d6:50:81:b1:
         34:73:be:be
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUeIFNhrD0ajuTc8IJOjJGjLAgsc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMDIwNzQ5NTRaFw0yNzAzMDEwNzU0NTRaMDMxMTAvBgNV
BAMTKEIxOTVBOUE0QzNCQjFDRkMwMzc0MTQ2QUEzN0ZGNEQ3NkJFMjI2NDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXTwfgjnbROtU4aLetvO0/+e4H
tlYWS12HdgU6qV4kclblQluOAg0X4kyEXSFoK+YqGb8qk/Vv2SNgAgqBVj17J7IV
/XLyravKrlalX2HhY6ZYL0eA6bh50JJxY5EhVm7feC1kktOYazHl0UHTYxkAejH2
3UhFuJlFmLwlVpZ9WUOr5gOgEkkCt482LKaGsdM+LWXS4QEbDb7PxLakB/9gHGMb
Ak0yY+sznXgUxvUTX4G5B6HFqk3qQeQs6Ip/+EXNvHAHXbbcIN+mwmvhoqGh1smu
bx092G5CJ6qUA1121b4Dil3vz0TKRkL9urwHQRplJjIcuxpVDJe7MoxU+QzxAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUsZWppMO7HPwDdBRqo3/012viJkgwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM0MzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMwMzkzNDM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwYwMA0G
CSqGSIb3DQEBCwUAA4IBAQBr1ZRsSjBSzzlkq1sJxpw/yjpTVJtFcg1PG6P49Uw7
bm8TzeQB86SdYwM3czhknWat5JRELDgH+RjIDR/AKojw2W0v/uE78k5imYeIC9qK
1dg3jQDbCiHUKNDVR9GJTEpqhy2RDb8NYQltuJI1GcD263e3MtGAvDeLQ1sTvlZJ
YMAkktjsUcszuiNlMRPj8uw2/FyuH2QockDN0BWZz/ZwvdElc2Qmm3nQ0IVuUdac
ppqohhZXeiCafl9aHgKgO3WTp8TGq09d85xD4fD9SMvPv3/yrVfr5bTPeV6PUZDa
drjCEKnUco2DGM611vlGLeLhhHMT9Qkbm9ZQgbE0c76+
-----END CERTIFICATE-----