Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS31715.roa
File:                     AS31715.roa (raw, json)
Hash identifier:          eB4uB4NPX/DsOTm8IJTZVuwEoVKppN/w2j4ggKSRcgA=
Subject key identifier:   07:8C:E7:69:3C:2A:77:C9:96:29:25:90:B4:09:16:8A:2B:0F:C9:91
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       634173B94560E6EBCA8E7AFA89D75A1D1D783302
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS31715.roa
Signing time:             Fri 06 Jun 2025 07:16:43 +0000
ROA not before:           Fri 06 Jun 2025 07:11:43 +0000
ROA not after:            Fri 05 Jun 2026 07:16:43 +0000
asID:                     31715
IP address blocks:        143.20.83.0/24 maxlen: 24
                          143.20.94.0/24 maxlen: 24
                          143.20.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:41:73:b9:45:60:e6:eb:ca:8e:7a:fa:89:d7:5a:1d:1d:78:33:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 07:11:43 2025 GMT
            Not After : Jun  5 07:16:43 2026 GMT
        Subject: CN=078CE7693C2A77C996292590B409168A2B0FC991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f1:0a:2e:c1:68:86:96:b0:a1:65:6a:60:64:
                    35:7d:c6:95:6f:1d:a3:38:e9:a7:aa:13:64:2d:de:
                    80:ce:4d:d4:16:dd:b2:bb:38:3c:cf:79:2d:9d:fe:
                    c8:8e:a3:11:93:dd:8d:cd:f8:fd:40:c4:6d:14:7f:
                    30:c1:cd:af:09:e0:6d:4d:e0:41:48:16:fa:c9:3b:
                    24:35:2e:cd:38:20:4c:93:3f:ae:ab:70:72:2b:75:
                    65:df:91:af:d9:44:82:fc:6b:d2:97:cf:1d:ae:1a:
                    60:45:4f:26:0e:d1:1a:fd:5c:cf:ac:67:a7:0d:09:
                    e0:cf:61:0a:54:ac:fe:52:74:31:d0:5c:3e:da:45:
                    e6:3c:c4:27:f1:8e:64:1e:ff:c9:3f:55:d5:a8:05:
                    d4:b2:2f:e7:70:bd:79:a6:14:e1:f3:bf:52:ef:11:
                    4b:d8:32:89:20:11:e7:a8:da:47:ed:d0:e0:9b:34:
                    d9:ad:cb:bb:96:d4:f1:88:e7:09:61:d9:46:ae:a4:
                    65:de:50:51:50:45:b7:04:5c:61:95:ef:d1:33:ea:
                    0f:d2:75:ab:5d:56:fd:42:2f:00:94:6b:2b:bb:85:
                    fb:b1:ca:7c:23:f5:c9:e6:41:7a:f5:5b:32:9d:38:
                    bf:22:37:34:0c:9b:f9:ec:98:e0:75:98:22:f0:c4:
                    1d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:8C:E7:69:3C:2A:77:C9:96:29:25:90:B4:09:16:8A:2B:0F:C9:91
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS31715.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.83.0/24
                  143.20.94.0/24
                  143.20.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:5a:88:9f:c1:df:48:b8:63:24:1e:89:00:66:74:16:3e:78:
         87:8f:5c:99:3d:7e:77:42:20:2b:3c:d6:cb:97:70:d3:4b:ec:
         c0:36:23:c8:a1:ae:c6:1d:30:65:f1:73:00:ba:52:d3:42:64:
         ba:c8:6a:7c:5f:4e:fd:79:8e:cd:16:a2:0d:9d:76:d8:45:b2:
         36:e2:8b:32:f0:b3:ba:c3:54:29:a2:9e:0c:4a:cb:d6:3f:95:
         33:45:bf:d5:10:dc:b0:57:4a:12:f8:86:cf:b4:e9:27:d4:cc:
         c0:b1:38:c6:47:b2:49:06:8d:e4:fa:b5:65:a9:58:b7:58:43:
         b0:bf:3a:de:9f:0e:c7:b2:cd:35:25:9c:78:9c:97:25:d4:62:
         53:1b:be:e5:8a:cd:4b:e7:19:6c:fc:ce:04:32:57:3d:84:78:
         88:49:1a:0a:6b:b1:64:2d:1c:e4:e4:f0:2c:49:61:e7:33:9a:
         30:75:92:7d:3f:df:d4:8b:bc:43:ff:f1:e8:e6:9e:06:92:77:
         47:1d:27:c7:3d:67:9d:99:a0:01:48:b4:05:fa:c1:f5:ff:b9:
         38:0a:25:f4:e4:71:9c:4a:ed:37:3e:63:38:50:9a:53:c6:f3:
         b1:6e:34:e3:71:9f:b6:4a:a7:b1:03:9c:47:d8:47:41:2e:ee:
         c8:ba:2c:e4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUY0FzuUVg5uvKjnr6iddaHR14MwIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwNzExNDNaFw0yNjA2MDUwNzE2NDNaMDMxMTAvBgNV
BAMTKDA3OENFNzY5M0MyQTc3Qzk5NjI5MjU5MEI0MDkxNjhBMkIwRkM5OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC8QouwWiGlrChZWpgZDV9xpVv
HaM46aeqE2Qt3oDOTdQW3bK7ODzPeS2d/siOoxGT3Y3N+P1AxG0UfzDBza8J4G1N
4EFIFvrJOyQ1Ls04IEyTP66rcHIrdWXfka/ZRIL8a9KXzx2uGmBFTyYO0Rr9XM+s
Z6cNCeDPYQpUrP5SdDHQXD7aReY8xCfxjmQe/8k/VdWoBdSyL+dwvXmmFOHzv1Lv
EUvYMokgEeeo2kft0OCbNNmty7uW1PGI5wlh2UaupGXeUFFQRbcEXGGV79Ez6g/S
datdVv1CLwCUayu7hfuxynwj9cnmQXr1WzKdOL8iNzQMm/nsmOB1mCLwxB19AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUB4znaTwqd8mWKSWQtAkWiisPyZEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzE3MTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFFMD
BACPFF4DBACPFHUwDQYJKoZIhvcNAQELBQADggEBACdaiJ/B30i4YyQeiQBmdBY+
eIePXJk9fndCICs81suXcNNL7MA2I8ihrsYdMGXxcwC6UtNCZLrIanxfTv15js0W
og2ddthFsjbiizLws7rDVCmingxKy9Y/lTNFv9UQ3LBXShL4hs+06SfUzMCxOMZH
skkGjeT6tWWpWLdYQ7C/Ot6fDseyzTUlnHiclyXUYlMbvuWKzUvnGWz8zgQyVz2E
eIhJGgprsWQtHOTk8CxJYeczmjB1kn0/39SLvEP/8ejmngaSd0cdJ8c9Z52ZoAFI
tAX6wfX/uTgKJfTkcZxK7Tc+YzhQmlPG87FuNONxn7ZKp7EDnEfYR0Eu7si6LOQ=
-----END CERTIFICATE-----