Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS31898.roa
File:                     AS31898.roa (raw, json)
Hash identifier:          +iDOwq2hesTXMin3VlWpI5zrcwkDw77OO8pr9eiTYVY=
Subject key identifier:   15:A9:17:3F:C6:9C:90:1D:7C:13:68:8C:8E:3E:62:02:3F:C5:3B:7E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       502371610690A0F4B42A9754F99B48D00DF73200
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS31898.roa
Signing time:             Mon 01 Jun 2026 10:31:15 +0000
ROA not before:           Mon 01 Jun 2026 10:26:15 +0000
ROA not after:            Mon 31 May 2027 10:31:15 +0000
asID:                     31898
IP address blocks:        2a0f:85c1:3f0::/48 maxlen: 48
                          2a0f:85c1:c18::/48 maxlen: 48
                          2a0f:85c1:cc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:23:71:61:06:90:a0:f4:b4:2a:97:54:f9:9b:48:d0:0d:f7:32:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun  1 10:26:15 2026 GMT
            Not After : May 31 10:31:15 2027 GMT
        Subject: CN=15A9173FC69C901D7C13688C8E3E62023FC53B7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:29:fd:c7:14:bc:89:b1:76:7c:e0:b4:26:e1:
                    f1:f1:b4:9b:40:92:91:0e:f1:aa:fe:ee:9a:f5:6a:
                    4b:23:fe:e3:9b:80:d2:3c:97:75:c0:b8:05:d8:8e:
                    05:2f:75:65:c6:b9:80:8d:16:e8:fd:f7:91:ac:30:
                    ce:62:fa:e1:51:31:d1:ba:08:66:30:93:d7:27:63:
                    58:72:ff:78:c2:a2:18:54:8d:73:e1:e0:74:54:5e:
                    36:cc:97:fe:c6:d5:c8:74:2b:41:f8:89:bd:6e:ed:
                    0b:8f:69:2e:6b:6d:e1:d2:40:ef:f6:20:b2:8f:af:
                    e1:48:82:1b:89:6f:f5:22:a3:cd:8a:28:23:54:b1:
                    3b:ea:d4:b7:aa:c2:1e:fa:4e:85:47:d1:27:e8:f7:
                    53:1b:00:ea:49:01:50:89:63:bd:89:0a:03:24:a5:
                    58:e2:55:34:30:b0:30:48:82:68:08:b1:cc:64:f4:
                    01:30:be:90:c8:68:45:b5:b3:8b:3f:59:c8:ff:3c:
                    2d:8c:06:3a:ed:c1:f3:d0:22:f4:b4:2e:11:26:49:
                    48:8e:a8:40:59:34:8c:28:44:44:ca:a7:04:bf:6c:
                    6c:f2:ae:21:8d:63:e1:3a:28:67:38:c4:8e:84:9a:
                    c0:18:4b:46:be:8c:0c:31:fa:70:5b:13:dd:b9:35:
                    b5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A9:17:3F:C6:9C:90:1D:7C:13:68:8C:8E:3E:62:02:3F:C5:3B:7E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS31898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f0::/48
                  2a0f:85c1:c18::/48
                  2a0f:85c1:cc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:2a:c2:45:70:16:e1:eb:93:b9:2c:65:cd:d8:89:62:30:f9:
         92:c5:44:a5:cc:38:1a:e4:db:a3:d8:da:87:d8:e8:cc:6b:15:
         c0:91:54:0e:cf:ef:81:bc:4a:3b:1a:9e:8d:d2:ca:70:e3:04:
         02:48:5e:fb:33:ae:db:ef:e1:e4:99:12:a8:97:ae:b6:7b:8f:
         59:0d:96:62:e6:a3:53:f9:6e:c7:60:54:bd:2e:87:f5:dc:24:
         d5:2a:e4:1a:a2:76:e8:c4:0e:69:18:58:50:c3:86:da:be:1b:
         87:35:f3:bf:35:55:a8:a6:3f:07:bd:4d:d9:77:04:31:a1:7e:
         bf:15:a7:5c:db:80:50:17:1c:d5:f7:23:9a:8a:85:db:1f:55:
         92:a5:dd:55:74:82:80:10:a8:b9:27:07:b6:ad:4f:a1:ad:1c:
         07:18:ef:32:9e:e5:9b:cb:25:b9:e9:5c:0e:af:4b:21:0c:98:
         20:85:b7:0c:9d:63:97:7b:cc:d4:67:35:ba:d6:db:4d:e3:46:
         35:7e:8b:8d:34:aa:04:2f:59:48:92:a7:cb:76:57:6c:47:6e:
         9e:cc:53:8f:f0:64:a4:c9:96:3d:86:c9:c2:b9:67:43:40:88:
         1f:f6:b9:ad:ed:e7:ef:7a:73:f1:12:d3:af:82:db:49:e5:a2:
         f3:f4:bd:52
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUUCNxYQaQoPS0KpdU+ZtI0A33MgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MDExMDI2MTVaFw0yNzA1MzExMDMxMTVaMDMxMTAvBgNV
BAMTKDE1QTkxNzNGQzY5QzkwMUQ3QzEzNjg4QzhFM0U2MjAyM0ZDNTNCN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXKf3HFLyJsXZ84LQm4fHxtJtA
kpEO8ar+7pr1aksj/uObgNI8l3XAuAXYjgUvdWXGuYCNFuj995GsMM5i+uFRMdG6
CGYwk9cnY1hy/3jCohhUjXPh4HRUXjbMl/7G1ch0K0H4ib1u7QuPaS5rbeHSQO/2
ILKPr+FIghuJb/Uio82KKCNUsTvq1Leqwh76ToVH0Sfo91MbAOpJAVCJY72JCgMk
pVjiVTQwsDBIgmgIscxk9AEwvpDIaEW1s4s/Wcj/PC2MBjrtwfPQIvS0LhEmSUiO
qEBZNIwoRETKpwS/bGzyriGNY+E6KGc4xI6EmsAYS0a+jAwx+nBbE925NbV1AgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQUFakXP8ackB18E2iMjj5iAj/FO34wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzE4OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNAYIKwYBBQUHAQcBAf8EJTAjMCEEAgACMBsDBwAqD4XB
A/ADBwAqD4XBDBgDBwAqD4XBDMAwDQYJKoZIhvcNAQELBQADggEBAAIqwkVwFuHr
k7ksZc3YiWIw+ZLFRKXMOBrk26PY2ofY6MxrFcCRVA7P74G8Sjsano3SynDjBAJI
Xvszrtvv4eSZEqiXrrZ7j1kNlmLmo1P5bsdgVL0uh/XcJNUq5BqidujEDmkYWFDD
htq+G4c18781VaimPwe9Tdl3BDGhfr8Vp1zbgFAXHNX3I5qKhdsfVZKl3VV0goAQ
qLknB7atT6GtHAcY7zKe5ZvLJbnpXA6vSyEMmCCFtwydY5d7zNRnNbrW203jRjV+
i400qgQvWUiSp8t2V2xHbp7MU4/wZKTJlj2GycK5Z0NAiB/2ua3t5+96c/ES06+C
20nlovP0vVI=
-----END CERTIFICATE-----