Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS31898.roa
File:                     AS31898.roa (raw, json)
Hash identifier:          HhX+N6Fkxj6cX7Gwg1pvcHiDEXxJA88lsFAtna8vvIo=
Subject key identifier:   F7:40:1D:2E:3B:4F:BE:A9:18:F6:26:DB:CB:41:12:81:E5:65:FF:3E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       70204ABB4BC5B0B4129211436754524DD7E377ED
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS31898.roa
Signing time:             Thu 07 Aug 2025 10:10:53 +0000
ROA not before:           Thu 07 Aug 2025 10:05:53 +0000
ROA not after:            Thu 06 Aug 2026 10:10:53 +0000
asID:                     31898
IP address blocks:        2a0f:85c1:c18::/48 maxlen: 48
                          2a0f:85c1:cc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 Aug 2025 23:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:20:4a:bb:4b:c5:b0:b4:12:92:11:43:67:54:52:4d:d7:e3:77:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:05:53 2025 GMT
            Not After : Aug  6 10:10:53 2026 GMT
        Subject: CN=F7401D2E3B4FBEA918F626DBCB411281E565FF3E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:79:d7:1a:c3:35:04:64:af:19:de:bc:1d:3b:
                    17:10:c6:15:0f:06:38:4d:01:9d:86:9f:37:71:e2:
                    f9:bc:5d:5a:89:1a:03:f8:39:93:bd:bf:a2:0d:46:
                    f1:fb:2c:92:90:ed:86:3d:c0:3a:cc:cd:8b:1a:2b:
                    e1:dd:d7:82:a9:68:7a:62:15:ff:d9:d3:91:52:6d:
                    e6:fd:de:f2:70:b9:e1:92:15:eb:f8:d0:18:89:aa:
                    36:bd:ca:40:e9:e3:0b:64:f4:05:0d:53:b9:b2:e8:
                    61:b5:2a:30:c2:3a:d2:c0:c2:0d:3f:c4:0a:6f:68:
                    93:b7:b9:e0:66:e4:36:03:0f:f1:60:55:70:81:da:
                    b2:9e:46:b1:da:57:39:e3:29:b4:89:ce:a1:86:d9:
                    f0:75:8b:ed:19:53:90:c4:2e:fe:e4:57:fd:9d:da:
                    79:1e:4e:e3:88:c6:e6:ba:d9:97:89:45:fc:4b:22:
                    83:a6:bc:b1:39:36:41:a0:6a:9c:b5:bc:8e:eb:15:
                    bb:62:a5:32:1a:b2:18:95:bf:b5:3e:84:de:17:2c:
                    6c:fb:ae:04:75:7a:60:f4:6e:65:c8:d9:e2:bc:d0:
                    f1:2b:38:da:48:89:0e:d2:4c:2d:28:c0:7f:53:11:
                    8d:90:dd:44:79:a4:0a:d0:66:2c:08:8f:4a:fd:8f:
                    44:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:40:1D:2E:3B:4F:BE:A9:18:F6:26:DB:CB:41:12:81:E5:65:FF:3E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS31898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c18::/48
                  2a0f:85c1:cc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:b3:5a:5d:5c:8d:ac:a5:1e:0d:1f:8c:9b:67:85:b6:9c:62:
         54:ac:3c:dd:c7:0e:8e:3e:a5:d6:38:f0:cf:8e:a7:97:2f:69:
         fa:41:eb:f8:e3:8c:48:82:bb:42:b3:bd:e8:33:dd:94:4f:fc:
         3d:0c:62:7b:60:1a:e2:49:25:47:c6:d1:3a:b2:86:5c:0d:a6:
         01:75:71:71:9f:27:61:b3:99:01:4b:a3:6f:20:fc:f5:0c:31:
         95:f8:62:3d:79:44:7e:55:17:ff:b7:ca:09:71:2b:9a:64:64:
         bf:8e:81:69:ee:a5:7b:a5:0b:aa:ac:9f:27:0b:39:1e:e4:29:
         fd:75:f7:f0:41:6a:5f:e8:91:41:9a:a0:ce:83:57:3f:9f:ef:
         ab:d6:e6:27:f1:c4:25:f1:8f:3e:6b:80:48:55:02:1d:9c:26:
         80:b3:16:65:c0:02:e3:d7:99:16:76:72:28:89:27:15:3d:06:
         06:70:86:9b:f9:3d:12:9c:0c:81:a6:23:c6:f4:20:92:2a:dc:
         f1:a9:68:58:35:ab:a3:b9:bf:af:5f:fb:6b:38:33:7c:71:49:
         11:27:41:7c:a5:5c:83:9e:08:09:3c:00:a1:da:8f:cf:c4:1b:
         5e:c8:4c:ee:f7:6d:fa:21:bc:49:48:bc:9b:56:80:a1:7d:78:
         a2:d7:15:ec
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUcCBKu0vFsLQSkhFDZ1RSTdfjd+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDA1NTNaFw0yNjA4MDYxMDEwNTNaMDMxMTAvBgNV
BAMTKEY3NDAxRDJFM0I0RkJFQTkxOEY2MjZEQkNCNDExMjgxRTU2NUZGM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGedcawzUEZK8Z3rwdOxcQxhUP
BjhNAZ2Gnzdx4vm8XVqJGgP4OZO9v6INRvH7LJKQ7YY9wDrMzYsaK+Hd14KpaHpi
Ff/Z05FSbeb93vJwueGSFev40BiJqja9ykDp4wtk9AUNU7my6GG1KjDCOtLAwg0/
xApvaJO3ueBm5DYDD/FgVXCB2rKeRrHaVznjKbSJzqGG2fB1i+0ZU5DELv7kV/2d
2nkeTuOIxua62ZeJRfxLIoOmvLE5NkGgapy1vI7rFbtipTIashiVv7U+hN4XLGz7
rgR1emD0bmXI2eK80PErONpIiQ7STC0owH9TEY2Q3UR5pArQZiwIj0r9j0T5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU90AdLjtPvqkY9ibby0ESgeVl/z4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzE4OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
DBgDBwAqD4XBDMAwDQYJKoZIhvcNAQELBQADggEBAL+zWl1cjaylHg0fjJtnhbac
YlSsPN3HDo4+pdY48M+Op5cvafpB6/jjjEiCu0Kzvegz3ZRP/D0MYntgGuJJJUfG
0TqyhlwNpgF1cXGfJ2GzmQFLo28g/PUMMZX4Yj15RH5VF/+3yglxK5pkZL+OgWnu
pXulC6qsnycLOR7kKf119/BBal/okUGaoM6DVz+f76vW5ifxxCXxjz5rgEhVAh2c
JoCzFmXAAuPXmRZ2ciiJJxU9BgZwhpv5PRKcDIGmI8b0IJIq3PGpaFg1q6O5v69f
+2s4M3xxSREnQXylXIOeCAk8AKHaj8/EG17ITO73bfohvElIvJtWgKF9eKLXFew=
-----END CERTIFICATE-----