Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa
File:                     33312e362e36312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          /buwixaeZFthvWn5Kn8VUrBckmuBf/0jcVOkbVm1G9E=
Subject key identifier:   B9:13:FD:65:9A:53:34:D4:32:0B:30:A1:E6:D4:57:4F:7D:BE:A5:93
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0DF8CCA4ADD4B0D2E4C671D02B26E8AFC4FE0194
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 02 Oct 2025 08:55:08 +0000
ROA not before:           Thu 02 Oct 2025 08:50:08 +0000
ROA not after:            Thu 01 Oct 2026 08:55:08 +0000
asID:                     61317
IP address blocks:        31.6.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 19:52:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:f8:cc:a4:ad:d4:b0:d2:e4:c6:71:d0:2b:26:e8:af:c4:fe:01:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Oct  2 08:50:08 2025 GMT
            Not After : Oct  1 08:55:08 2026 GMT
        Subject: CN=B913FD659A5334D4320B30A1E6D4574F7DBEA593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:65:5e:42:44:67:a6:d3:c9:1a:77:af:43:bf:
                    53:c4:da:d5:03:1b:15:54:2b:e7:2a:92:b1:71:81:
                    24:e8:e1:69:34:5c:82:fb:94:68:5b:b8:90:38:71:
                    56:78:f5:43:e2:85:94:69:6e:ba:f2:06:87:68:b9:
                    5c:3c:1d:e6:5c:bf:71:ed:ff:79:da:5a:da:c3:f2:
                    3b:69:51:91:78:bb:a2:dd:f9:62:29:5c:5a:62:85:
                    9f:df:dd:7b:14:20:7c:03:a9:07:67:79:c0:60:ad:
                    11:1f:03:5f:a0:03:cc:74:5c:e6:52:7d:64:80:87:
                    44:40:53:7b:20:42:49:af:3b:d5:42:be:8a:59:24:
                    a1:67:27:4a:f4:e1:c1:e1:a8:46:ad:ff:38:61:a6:
                    e4:94:d7:95:8b:53:87:c6:ca:3c:32:53:b8:c0:6f:
                    a2:99:f9:20:fa:fc:e2:0a:86:fb:6f:10:32:c5:ec:
                    c9:57:de:84:e5:54:ee:13:3f:9e:1e:89:42:d0:e9:
                    24:7b:f3:7a:c0:3c:52:ee:1c:a4:ec:70:2f:d9:cb:
                    0b:b4:81:ee:c6:41:c4:f0:f9:8f:3f:d0:d1:73:09:
                    4a:a6:42:84:1e:9d:fc:28:dc:23:af:79:48:b4:64:
                    90:3f:87:95:39:4f:83:9f:90:e7:67:d4:df:28:98:
                    3e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:13:FD:65:9A:53:34:D4:32:0B:30:A1:E6:D4:57:4F:7D:BE:A5:93
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/33312e362e36312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:d9:91:f3:56:14:8c:51:c9:d2:2d:c3:ef:bf:77:a8:27:12:
         43:26:04:ac:fb:9e:23:fd:63:38:1a:c2:31:27:a0:b2:af:e7:
         ee:2b:88:83:8e:c4:02:b5:e9:49:21:46:98:44:8f:df:d4:27:
         e1:fc:f2:ee:82:bc:19:d6:aa:f2:75:43:3f:1e:3b:6f:47:16:
         e4:ad:4c:41:8f:74:20:bb:c8:c1:91:9f:d6:a1:f2:14:6b:f2:
         cd:60:11:15:b3:53:0f:f8:66:28:e7:db:85:b8:9f:c3:b6:5d:
         2c:f3:25:6a:f4:a1:c5:ed:09:72:89:65:f3:7d:a7:33:22:14:
         56:7d:f9:40:eb:f2:90:ef:3b:7c:df:f3:da:df:41:32:9b:47:
         50:1a:8e:2e:eb:5c:45:10:a0:57:6e:80:95:09:bf:5c:6d:d9:
         cf:99:5d:a8:19:99:a1:29:dd:5c:ed:a1:40:ea:41:20:32:b1:
         75:6a:f6:fc:85:7f:70:32:cc:3b:f6:cd:79:8b:8f:36:1e:1b:
         2f:43:12:fa:d9:eb:77:61:ab:d6:34:b9:30:77:14:93:8a:17:
         b4:90:2e:8c:4b:b1:93:b4:df:28:e1:3c:b2:a6:86:08:b6:9f:
         6a:d8:6f:52:e2:70:13:48:c1:3f:da:9f:89:cc:cb:cf:e1:f4:
         45:67:2f:b1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDfjMpK3UsNLkxnHQKybor8T+AZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTEwMDIwODUwMDhaFw0yNjEwMDEwODU1MDhaMDMxMTAvBgNV
BAMTKEI5MTNGRDY1OUE1MzM0RDQzMjBCMzBBMUU2RDQ1NzRGN0RCRUE1OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpZV5CRGem08kad69Dv1PE2tUD
GxVUK+cqkrFxgSTo4Wk0XIL7lGhbuJA4cVZ49UPihZRpbrryBodouVw8HeZcv3Ht
/3naWtrD8jtpUZF4u6Ld+WIpXFpihZ/f3XsUIHwDqQdnecBgrREfA1+gA8x0XOZS
fWSAh0RAU3sgQkmvO9VCvopZJKFnJ0r04cHhqEat/zhhpuSU15WLU4fGyjwyU7jA
b6KZ+SD6/OIKhvtvEDLF7MlX3oTlVO4TP54eiULQ6SR783rAPFLuHKTscC/Zywu0
ge7GQcTw+Y8/0NFzCUqmQoQenfwo3COveUi0ZJA/h5U5T4OfkOdn1N8omD4tAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUuRP9ZZpTNNQyCzCh5tRXT32+pZMwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzMzMTJlMzYyZTM2MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwY9MA0G
CSqGSIb3DQEBCwUAA4IBAQBL2ZHzVhSMUcnSLcPvv3eoJxJDJgSs+54j/WM4GsIx
J6Cyr+fuK4iDjsQCtelJIUaYRI/f1Cfh/PLugrwZ1qrydUM/HjtvRxbkrUxBj3Qg
u8jBkZ/WofIUa/LNYBEVs1MP+GYo59uFuJ/Dtl0s8yVq9KHF7QlyiWXzfaczIhRW
fflA6/KQ7zt83/Pa30Eym0dQGo4u61xFEKBXboCVCb9cbdnPmV2oGZmhKd1c7aFA
6kEgMrF1avb8hX9wMsw79s15i482HhsvQxL62et3YavWNLkwdxSTihe0kC6MS7GT
tN8o4TyypoYItp9q2G9S4nATSME/2p+JzMvP4fRFZy+x
-----END CERTIFICATE-----