Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS31898.roa
File:                     AS31898.roa (raw, json)
Hash identifier:          ylyKwn4HKDAGkdea0/RuzoDHPDQAbJf7EsU7UZtM7Lw=
Subject key identifier:   71:16:51:00:EE:D9:8C:6A:CD:D3:2E:98:73:53:D3:88:03:33:43:72
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       030DB9292B0FBD64061EB8DAAA0A8A46801734ED
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS31898.roa
Signing time:             Fri 05 Jun 2026 12:28:18 +0000
ROA not before:           Fri 05 Jun 2026 12:23:18 +0000
ROA not after:            Fri 04 Jun 2027 12:28:18 +0000
asID:                     31898
IP address blocks:        2a14:7581:9811::/48 maxlen: 48
                          2a14:7583:e400::/40 maxlen: 48
                          2a14:7586::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:0d:b9:29:2b:0f:bd:64:06:1e:b8:da:aa:0a:8a:46:80:17:34:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  5 12:23:18 2026 GMT
            Not After : Jun  4 12:28:18 2027 GMT
        Subject: CN=71165100EED98C6ACDD32E987353D38803334372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:37:0b:4f:fe:f1:e1:54:cd:af:77:09:d2:57:
                    68:63:3d:3c:3d:64:11:0e:46:94:16:63:c0:14:c0:
                    4f:51:5c:c7:f4:3c:48:a8:10:4d:e0:78:48:18:f1:
                    a0:20:98:08:ac:bd:f3:b9:43:06:a1:17:08:18:03:
                    b5:f8:17:81:20:11:84:9f:0c:e4:e7:3f:c8:11:d4:
                    df:a7:65:37:7f:ca:2a:26:3a:26:3c:35:89:6f:2d:
                    75:32:2c:ef:0e:de:74:9f:ea:fd:55:32:84:55:bf:
                    aa:73:b2:e1:23:35:ed:75:a0:13:52:ee:59:55:3d:
                    89:54:68:69:29:76:44:22:a5:db:be:f2:9f:2b:72:
                    6a:6e:46:10:37:8d:7e:d0:a5:12:2e:cc:0d:1c:90:
                    37:28:25:74:ed:0d:ff:ea:6e:90:89:4b:d4:e8:50:
                    c2:80:3c:fd:ff:c1:f8:ad:a5:50:d8:5d:89:02:de:
                    5d:6d:c1:49:af:f5:78:35:5e:10:99:f0:ff:67:d4:
                    7f:e7:65:3e:b8:62:69:32:3f:d5:75:2a:be:08:62:
                    af:d0:28:d6:6a:ee:ea:f0:fb:0d:f0:f1:ba:94:dc:
                    cb:f9:17:d4:1b:76:ba:ab:9c:7c:3e:4c:d5:f1:64:
                    5b:47:e2:d1:2f:25:0d:d7:f8:90:96:6c:c3:fc:97:
                    17:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:16:51:00:EE:D9:8C:6A:CD:D3:2E:98:73:53:D3:88:03:33:43:72
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS31898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:9811::/48
                  2a14:7583:e400::/40
                  2a14:7586::/36

    Signature Algorithm: sha256WithRSAEncryption
         86:fc:b6:5a:0f:25:cf:0e:d0:39:97:82:f9:2f:9a:d9:2d:b9:
         27:9b:56:81:22:7d:78:f7:77:d2:4f:68:9d:b1:fd:38:23:00:
         a7:fa:d7:82:cb:45:f7:df:07:17:74:21:89:6b:a4:84:7d:0a:
         08:be:fd:ea:2e:75:22:91:7a:d9:61:50:a4:52:e5:6f:36:13:
         2b:13:cc:8d:1d:f9:8a:24:fe:6e:16:2f:63:33:46:9a:8e:e0:
         76:43:b7:19:5a:9f:57:19:7b:c1:ba:6d:45:85:14:f6:73:cb:
         f5:49:46:01:98:2a:db:6e:80:31:12:62:64:41:38:a9:23:6a:
         0d:d7:b2:eb:5b:33:d3:72:a4:52:98:6c:fb:aa:d8:27:74:c3:
         9d:38:4d:cf:e4:8d:14:9e:a7:2f:8d:d8:f9:66:f2:e0:3b:ea:
         8a:61:c2:45:bf:04:85:45:b1:8a:17:29:18:c3:d2:eb:b1:4a:
         9c:b1:f6:52:fa:1a:48:8d:9d:0e:43:c9:a1:9f:70:25:09:02:
         02:ad:75:1b:b1:e5:fb:ca:c4:5d:74:9d:54:0a:ec:06:c3:70:
         f8:e4:49:92:4a:c3:32:2f:0a:b9:20:fb:45:f0:47:fb:e6:ae:
         b5:6f:9f:dc:8d:e6:25:c4:c7:6e:55:6e:5c:8d:a4:cd:70:89:
         47:8f:c5:c9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUAw25KSsPvWQGHrjaqgqKRoAXNO0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA2MDUxMjIzMThaFw0yNzA2MDQxMjI4MThaMDMxMTAvBgNV
BAMTKDcxMTY1MTAwRUVEOThDNkFDREQzMkU5ODczNTNEMzg4MDMzMzQzNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPNwtP/vHhVM2vdwnSV2hjPTw9
ZBEORpQWY8AUwE9RXMf0PEioEE3geEgY8aAgmAisvfO5QwahFwgYA7X4F4EgEYSf
DOTnP8gR1N+nZTd/yiomOiY8NYlvLXUyLO8O3nSf6v1VMoRVv6pzsuEjNe11oBNS
7llVPYlUaGkpdkQipdu+8p8rcmpuRhA3jX7QpRIuzA0ckDcoJXTtDf/qbpCJS9To
UMKAPP3/wfitpVDYXYkC3l1twUmv9Xg1XhCZ8P9n1H/nZT64YmkyP9V1Kr4IYq/Q
KNZq7urw+w3w8bqU3Mv5F9QbdrqrnHw+TNXxZFtH4tEvJQ3X+JCWbMP8lxfLAgMB
AAGjggIcMIICGDAdBgNVHQ4EFgQUcRZRAO7ZjGrN0y6Yc1PTiAMzQ3IwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMzE4OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMgYIKwYBBQUHAQcBAf8EIzAhMB8EAgACMBkDBwAqFHWB
mBEDBgAqFHWD5AMGBCoUdYYAMA0GCSqGSIb3DQEBCwUAA4IBAQCG/LZaDyXPDtA5
l4L5L5rZLbknm1aBIn1493fST2idsf04IwCn+teCy0X33wcXdCGJa6SEfQoIvv3q
LnUikXrZYVCkUuVvNhMrE8yNHfmKJP5uFi9jM0aajuB2Q7cZWp9XGXvBum1FhRT2
c8v1SUYBmCrbboAxEmJkQTipI2oN17LrWzPTcqRSmGz7qtgndMOdOE3P5I0Unqcv
jdj5ZvLgO+qKYcJFvwSFRbGKFykYw9LrsUqcsfZS+hpIjZ0OQ8mhn3AlCQICrXUb
seX7ysRddJ1UCuwGw3D45EmSSsMyLwq5IPtF8Ef75q61b5/cjeYlxMduVW5cjaTN
cIlHj8XJ
-----END CERTIFICATE-----