Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS202561.roa
File:                     AS202561.roa (raw, json)
Hash identifier:          C+s3WumS19xW2vqejAkGVG1h+qmuBuyUbdO1/XKA0Ek=
Subject key identifier:   B5:B5:3E:A5:DA:19:44:6C:F5:04:5B:40:29:A5:13:CD:AA:8B:A3:32
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       2ACAA7A296D5ACD980BC4A55DF87ECFBFE1C9ABB
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS202561.roa
Signing time:             Tue 01 Jul 2025 19:58:00 +0000
ROA not before:           Tue 01 Jul 2025 19:53:00 +0000
ROA not after:            Tue 30 Jun 2026 19:58:00 +0000
asID:                     202561
IP address blocks:        185.254.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:ca:a7:a2:96:d5:ac:d9:80:bc:4a:55:df:87:ec:fb:fe:1c:9a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jul  1 19:53:00 2025 GMT
            Not After : Jun 30 19:58:00 2026 GMT
        Subject: CN=B5B53EA5DA19446CF5045B4029A513CDAA8BA332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:4f:82:46:5b:19:46:f6:77:a7:58:77:18:ef:
                    8e:c0:33:7a:5f:44:1e:1e:81:9c:4c:07:3f:4f:06:
                    67:7e:34:59:af:06:3f:02:8f:e1:4f:23:94:71:c6:
                    6f:a7:cb:09:ee:22:0d:33:7c:16:db:b0:bb:0d:a9:
                    6b:fa:41:70:43:af:b7:c3:ea:de:3e:94:76:dd:04:
                    29:65:99:8d:a0:10:d6:3d:50:4a:33:3b:4f:4c:26:
                    ca:49:c9:48:f5:3b:29:ce:57:fe:42:98:15:f7:04:
                    dd:dc:d6:c0:1a:91:44:92:a0:bb:50:3d:13:1c:8e:
                    8f:b9:be:10:f6:85:94:1b:4a:34:d2:24:56:54:d4:
                    cb:09:32:61:26:6a:82:d9:1c:e1:b9:c6:15:b4:b8:
                    61:d3:59:62:6e:8f:84:51:d3:a4:6c:57:9f:6f:3e:
                    33:d6:89:16:03:bc:5a:b7:1d:ce:3f:f3:32:ca:9b:
                    93:83:10:c3:4c:b9:b2:7f:20:a8:82:83:d7:19:60:
                    54:65:16:46:2e:15:c0:2f:31:34:e9:dc:70:2b:ff:
                    52:dc:05:d9:af:de:7c:dd:32:71:69:99:d3:54:17:
                    65:03:4a:44:43:02:c4:40:b5:bb:c8:de:e6:75:03:
                    36:68:82:7e:b9:05:ce:07:ee:3d:67:a8:2b:a0:68:
                    cf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B5:3E:A5:DA:19:44:6C:F5:04:5B:40:29:A5:13:CD:AA:8B:A3:32
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS202561.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:2c:af:b3:78:9f:37:db:6e:bc:5c:8a:b3:63:bb:11:a3:8b:
         58:e9:3e:2c:0e:76:6f:25:6a:f0:c5:78:bc:66:11:e7:04:b8:
         30:40:54:30:3c:b6:47:39:24:8a:b0:8e:1a:67:c4:82:ca:c4:
         98:a6:27:a3:e8:d0:51:12:42:c6:6c:7a:a4:39:ac:c5:1f:ea:
         a2:6c:2e:36:c1:fc:4b:d4:ac:b3:3c:6b:33:f7:10:e5:4c:6b:
         a5:29:09:fd:50:7d:9a:d3:26:9f:66:b3:82:89:8b:c2:5b:45:
         ce:d4:6c:06:64:97:b2:dd:02:94:db:65:ab:ce:8d:d8:65:72:
         08:fe:61:17:50:19:2f:ad:51:99:be:fa:d6:ad:40:1f:61:70:
         13:11:35:0a:18:1b:09:86:3d:b2:d9:c9:cc:31:a4:02:40:c7:
         68:de:68:bf:1b:ef:d3:09:f4:7a:4b:73:c6:d5:1b:d6:5e:b2:
         fb:90:0d:ed:2f:27:6a:46:85:0c:1c:9d:68:a3:81:83:ee:9a:
         e7:c3:d7:63:13:23:75:10:ee:a7:96:b7:25:ed:40:58:c6:dc:
         d6:77:21:eb:28:0e:c3:8d:52:a2:ee:5e:18:73:a0:e3:54:48:
         49:c9:90:52:9a:9e:f8:eb:c1:ab:21:8c:52:f1:0b:32:70:d1:
         d0:57:73:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKsqnopbVrNmAvEpV34fs+/4cmrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA3MDExOTUzMDBaFw0yNjA2MzAxOTU4MDBaMDMxMTAvBgNV
BAMTKEI1QjUzRUE1REExOTQ0NkNGNTA0NUI0MDI5QTUxM0NEQUE4QkEzMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuT4JGWxlG9nenWHcY747AM3pf
RB4egZxMBz9PBmd+NFmvBj8Cj+FPI5Rxxm+nywnuIg0zfBbbsLsNqWv6QXBDr7fD
6t4+lHbdBCllmY2gENY9UEozO09MJspJyUj1OynOV/5CmBX3BN3c1sAakUSSoLtQ
PRMcjo+5vhD2hZQbSjTSJFZU1MsJMmEmaoLZHOG5xhW0uGHTWWJuj4RR06RsV59v
PjPWiRYDvFq3Hc4/8zLKm5ODEMNMubJ/IKiCg9cZYFRlFkYuFcAvMTTp3HAr/1Lc
Bdmv3nzdMnFpmdNUF2UDSkRDAsRAtbvI3uZ1AzZogn65Bc4H7j1nqCugaM+RAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtbU+pdoZRGz1BFtAKaUTzaqLozIwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjAyNTYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf43
MA0GCSqGSIb3DQEBCwUAA4IBAQCHLK+zeJ832268XIqzY7sRo4tY6T4sDnZvJWrw
xXi8ZhHnBLgwQFQwPLZHOSSKsI4aZ8SCysSYpiej6NBREkLGbHqkOazFH+qibC42
wfxL1KyzPGsz9xDlTGulKQn9UH2a0yafZrOCiYvCW0XO1GwGZJey3QKU22Wrzo3Y
ZXII/mEXUBkvrVGZvvrWrUAfYXATETUKGBsJhj2y2cnMMaQCQMdo3mi/G+/TCfR6
S3PG1RvWXrL7kA3tLydqRoUMHJ1oo4GD7prnw9djEyN1EO6nlrcl7UBYxtzWdyHr
KA7DjVKi7l4Yc6DjVEhJyZBSmp7468GrIYxS8QsycNHQV3Oo
-----END CERTIFICATE-----