Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS31898.roa
File:                     AS31898.roa (raw, json)
Hash identifier:          lHj1JZH0VBqzj9R20xkl3hSJK/gNepnJuAvsC9xI2c4=
Subject key identifier:   CF:4B:55:D8:D7:B3:DA:E0:D3:64:C6:C0:CE:58:BE:E6:B7:B2:A8:3A
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       39B74E5C711DD2BCD19C02D5925C2B974240948D
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS31898.roa
Signing time:             Wed 21 May 2025 13:01:20 +0000
ROA not before:           Wed 21 May 2025 12:56:20 +0000
ROA not after:            Wed 20 May 2026 13:01:20 +0000
asID:                     31898
IP address blocks:        2a14:7581:f00::/44 maxlen: 48
                          2a14:7581:9811::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Jun 2025 18:29:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:b7:4e:5c:71:1d:d2:bc:d1:9c:02:d5:92:5c:2b:97:42:40:94:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 21 12:56:20 2025 GMT
            Not After : May 20 13:01:20 2026 GMT
        Subject: CN=CF4B55D8D7B3DAE0D364C6C0CE58BEE6B7B2A83A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b0:d5:13:e6:97:79:b3:d5:46:bf:4b:3e:24:
                    b5:43:c3:64:0d:00:1f:08:15:b8:04:a5:a6:e5:09:
                    d4:08:97:62:c2:4e:24:de:8c:ce:60:97:54:49:5c:
                    f9:d2:b2:06:c7:b0:bf:fa:99:22:e3:b3:48:95:59:
                    13:70:99:fb:e8:05:f8:b9:50:9a:fd:e8:d6:88:9a:
                    07:4f:4d:a9:4c:97:de:8f:a5:6a:b7:43:e0:91:28:
                    bc:4c:f2:64:53:15:26:12:cb:13:ce:9e:58:34:ae:
                    08:8d:63:7b:46:9a:ef:24:20:c5:78:01:e8:8f:06:
                    d8:4d:78:e4:02:b2:d3:59:3d:45:3f:11:79:0f:bb:
                    04:d5:f1:b4:3b:29:78:16:15:51:90:d7:96:a9:6c:
                    5c:39:ce:19:97:80:9d:94:7d:f3:78:fd:09:f3:e5:
                    65:21:75:5a:61:45:78:90:a3:42:4e:95:0b:44:2f:
                    8f:48:77:47:2b:2c:f1:f3:d4:88:16:7a:14:24:77:
                    b0:b2:5a:87:9a:6f:6b:62:f4:22:08:17:1c:f4:4a:
                    b5:4c:27:44:f8:d9:b5:e3:aa:4f:c8:5c:ca:76:83:
                    85:1f:ba:6f:19:74:f8:53:3c:b7:22:be:d0:e0:d5:
                    c2:78:1a:a0:86:08:39:e2:bd:33:15:71:df:cb:04:
                    d4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4B:55:D8:D7:B3:DA:E0:D3:64:C6:C0:CE:58:BE:E6:B7:B2:A8:3A
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS31898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:f00::/44
                  2a14:7581:9811::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:cc:5d:7c:0c:c7:5f:d2:a2:b5:fb:a3:d6:a1:4a:22:9c:a3:
         a5:9a:df:4a:c7:06:57:77:7c:f4:a2:68:f9:2c:a6:6f:46:dc:
         d0:63:a4:5f:92:3b:c9:e4:3f:1d:63:34:0d:47:8e:05:69:61:
         46:b3:42:c1:e3:1c:23:d1:c7:8a:ec:c8:68:a9:09:16:65:4b:
         bb:53:6b:88:ac:fe:4d:a9:6a:8f:3d:1f:44:75:e1:17:19:65:
         a9:23:3b:36:fb:6f:56:79:65:83:8a:0b:13:33:74:07:c7:e7:
         c3:d7:c4:60:c2:10:4f:c5:de:71:59:88:c8:09:e8:e4:d7:6a:
         22:d9:d7:b5:7f:6e:6f:85:9c:83:e1:27:2b:39:f4:5f:e4:69:
         5f:2a:73:9c:39:5b:67:d8:86:6c:21:57:6d:bc:24:43:e6:8a:
         a3:8b:de:ba:13:fb:3b:94:47:86:e0:2c:ea:f4:c7:e5:61:13:
         5b:97:20:98:61:31:c0:15:ad:23:50:53:93:9a:a5:b9:3e:3b:
         ef:3e:98:66:59:1a:8c:0f:7a:45:0e:65:c0:53:ee:27:2c:7c:
         b9:ee:43:63:74:32:43:2a:c2:45:e6:14:38:d7:58:01:0c:4b:
         ac:b8:6c:59:10:dc:8f:ee:e4:4c:ed:3a:72:ba:89:6a:5d:50:
         c5:d3:1c:5d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUObdOXHEd0rzRnALVklwrl0JAlI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA1MjExMjU2MjBaFw0yNjA1MjAxMzAxMjBaMDMxMTAvBgNV
BAMTKENGNEI1NUQ4RDdCM0RBRTBEMzY0QzZDMENFNThCRUU2QjdCMkE4M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqsNUT5pd5s9VGv0s+JLVDw2QN
AB8IFbgEpablCdQIl2LCTiTejM5gl1RJXPnSsgbHsL/6mSLjs0iVWRNwmfvoBfi5
UJr96NaImgdPTalMl96PpWq3Q+CRKLxM8mRTFSYSyxPOnlg0rgiNY3tGmu8kIMV4
AeiPBthNeOQCstNZPUU/EXkPuwTV8bQ7KXgWFVGQ15apbFw5zhmXgJ2UffN4/Qnz
5WUhdVphRXiQo0JOlQtEL49Id0crLPHz1IgWehQkd7CyWoeab2ti9CIIFxz0SrVM
J0T42bXjqk/IXMp2g4Ufum8ZdPhTPLcivtDg1cJ4GqCGCDnivTMVcd/LBNRBAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUz0tV2Nez2uDTZMbAzli+5reyqDowHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMzE4OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwQqFHWB
DwADBwAqFHWBmBEwDQYJKoZIhvcNAQELBQADggEBAGbMXXwMx1/SorX7o9ahSiKc
o6Wa30rHBld3fPSiaPkspm9G3NBjpF+SO8nkPx1jNA1HjgVpYUazQsHjHCPRx4rs
yGipCRZlS7tTa4is/k2pao89H0R14RcZZakjOzb7b1Z5ZYOKCxMzdAfH58PXxGDC
EE/F3nFZiMgJ6OTXaiLZ17V/bm+FnIPhJys59F/kaV8qc5w5W2fYhmwhV228JEPm
iqOL3roT+zuUR4bgLOr0x+VhE1uXIJhhMcAVrSNQU5Oapbk+O+8+mGZZGowPekUO
ZcBT7icsfLnuQ2N0MkMqwkXmFDjXWAEMS6y4bFkQ3I/u5EztOnK6iWpdUMXTHF0=
-----END CERTIFICATE-----