Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS25831.roa
File:                     AS25831.roa (raw, json)
Hash identifier:          2V6nnv8/QmKDJn7FYZnunKIIS8m+OlmKp7Si2QMvs34=
Subject key identifier:   56:2D:E3:EE:11:41:90:85:20:9E:7B:A4:6C:F4:11:5A:21:8A:EF:18
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       1B18E489E55126731CA6F7A3258227C76ED71556
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS25831.roa
Signing time:             Thu 11 Jun 2026 17:33:45 +0000
ROA not before:           Thu 11 Jun 2026 17:28:45 +0000
ROA not after:            Thu 10 Jun 2027 17:33:45 +0000
asID:                     25831
IP address blocks:        188.221.124.0/22 maxlen: 24
                          188.221.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 18:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:18:e4:89:e5:51:26:73:1c:a6:f7:a3:25:82:27:c7:6e:d7:15:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 11 17:28:45 2026 GMT
            Not After : Jun 10 17:33:45 2027 GMT
        Subject: CN=562DE3EE11419085209E7BA46CF4115A218AEF18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9c:84:60:c8:a4:ae:fa:d5:d9:d1:25:85:3c:
                    05:0d:1b:46:2c:27:0e:90:95:89:86:01:04:18:7a:
                    2f:3e:e4:1e:17:f1:f8:bf:e7:25:c3:e1:31:54:3a:
                    2b:45:63:2a:1f:ca:40:f0:b0:93:30:f4:28:62:5d:
                    6e:3b:fd:a4:c8:ac:93:12:d7:33:b3:30:8e:f6:63:
                    86:8b:a0:b7:48:bb:85:bc:1b:98:18:96:3d:f7:66:
                    91:8b:98:e6:b0:52:25:6e:50:83:62:f1:1c:38:d1:
                    c6:07:2c:ff:9b:8e:6d:7f:06:0b:a5:59:0b:3b:16:
                    ec:f8:e4:40:b1:e4:7c:7c:b6:16:6b:e8:cb:a8:8e:
                    c3:c6:a2:83:59:86:8a:65:37:12:ba:c5:ee:ff:0c:
                    c1:d2:65:fd:e1:d0:98:2a:85:40:2f:ce:b0:5c:3c:
                    8f:81:6f:d5:ea:bd:43:7c:a8:b6:a9:d8:61:bf:9b:
                    db:1e:a2:2f:a4:0e:77:10:b3:e1:5b:83:9e:92:2a:
                    a7:e8:e6:21:41:ea:7f:7e:63:b0:ed:b4:71:6a:a6:
                    85:44:2a:f8:a3:29:2b:9e:00:93:8c:8e:05:b0:08:
                    d3:15:eb:bb:1d:0f:43:99:44:26:d1:a1:a4:f6:34:
                    4e:ff:4a:8d:44:60:ca:0d:7d:f1:07:b3:5f:1c:2d:
                    83:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:2D:E3:EE:11:41:90:85:20:9E:7B:A4:6C:F4:11:5A:21:8A:EF:18
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS25831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.221.124.0/22
                  188.221.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:c7:04:10:d9:4c:7b:98:e3:4a:30:81:b7:fa:d9:ee:25:29:
         39:5d:46:55:28:a9:e2:9c:b9:2f:8d:2c:6b:7d:41:3d:54:c9:
         85:c9:f9:d2:74:9f:a7:14:d4:e0:4c:09:90:01:a8:79:ee:2d:
         7b:3f:b3:eb:1b:eb:f9:4e:dc:16:a6:28:39:47:62:17:10:df:
         54:80:4e:b0:f5:f4:63:52:f1:40:5e:95:b5:75:2d:78:58:58:
         7e:ef:a7:47:5e:53:7d:93:93:b3:60:a8:d9:9d:d9:7d:61:44:
         07:25:40:7d:7d:78:99:68:d6:a0:47:e1:81:d9:57:33:94:5d:
         ff:d5:8b:62:1d:44:c5:34:bd:2d:fa:a4:d2:54:1f:55:50:fe:
         bb:49:9f:08:99:64:86:3d:11:8b:88:6b:2e:19:88:87:f1:eb:
         98:b8:42:fb:c9:1f:a3:02:19:1b:79:81:fe:cc:44:71:90:dc:
         cc:f4:8b:af:95:7c:07:5e:01:a5:5e:b1:bd:19:f1:90:f0:7f:
         b2:8b:b0:6f:1a:4e:c6:65:b1:8b:33:6f:79:6c:1e:f4:f3:55:
         45:e0:77:4e:b0:ce:4e:2b:81:e6:48:77:31:a6:9a:44:20:2b:
         4c:cf:f8:86:ce:27:14:0a:ed:b7:39:b1:63:68:30:99:f6:5e:
         fe:36:af:fb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUGxjkieVRJnMcpvejJYInx27XFVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTExNzI4NDVaFw0yNzA2MTAxNzMzNDVaMDMxMTAvBgNV
BAMTKDU2MkRFM0VFMTE0MTkwODUyMDlFN0JBNDZDRjQxMTVBMjE4QUVGMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKnIRgyKSu+tXZ0SWFPAUNG0Ys
Jw6QlYmGAQQYei8+5B4X8fi/5yXD4TFUOitFYyofykDwsJMw9ChiXW47/aTIrJMS
1zOzMI72Y4aLoLdIu4W8G5gYlj33ZpGLmOawUiVuUINi8Rw40cYHLP+bjm1/Bgul
WQs7Fuz45ECx5Hx8thZr6MuojsPGooNZhoplNxK6xe7/DMHSZf3h0JgqhUAvzrBc
PI+Bb9XqvUN8qLap2GG/m9seoi+kDncQs+Fbg56SKqfo5iFB6n9+Y7DttHFqpoVE
KvijKSueAJOMjgWwCNMV67sdD0OZRCbRoaT2NE7/So1EYMoNffEHs18cLYPxAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUVi3j7hFBkIUgnnukbPQRWiGK7xgwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjU4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAK83XwD
BAK83cgwDQYJKoZIhvcNAQELBQADggEBAIfHBBDZTHuY40owgbf62e4lKTldRlUo
qeKcuS+NLGt9QT1UyYXJ+dJ0n6cU1OBMCZABqHnuLXs/s+sb6/lO3BamKDlHYhcQ
31SATrD19GNS8UBelbV1LXhYWH7vp0deU32Tk7NgqNmd2X1hRAclQH19eJlo1qBH
4YHZVzOUXf/Vi2IdRMU0vS36pNJUH1VQ/rtJnwiZZIY9EYuIay4ZiIfx65i4QvvJ
H6MCGRt5gf7MRHGQ3Mz0i6+VfAdeAaVesb0Z8ZDwf7KLsG8aTsZlsYszb3lsHvTz
VUXgd06wzk4rgeZIdzGmmkQgK0zP+IbOJxQK7bc5sWNoMJn2Xv42r/s=
-----END CERTIFICATE-----