Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa
File:                     322e35392e36302e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          siAtwvTAZM+LlD3wdnarFDX9+Ycc62d+jei/mDFB4w0=
Subject key identifier:   78:27:FE:04:F4:20:35:5E:57:CD:BB:92:F5:DC:8A:75:61:CA:15:EB
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       6BBEE535240E6C625086043155015B11DA56C42B
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa
Signing time:             Mon 20 Apr 2026 13:47:05 +0000
ROA not before:           Mon 20 Apr 2026 13:42:05 +0000
ROA not after:            Mon 19 Apr 2027 13:47:05 +0000
asID:                     212238
IP address blocks:        2.59.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 12:10:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:be:e5:35:24:0e:6c:62:50:86:04:31:55:01:5b:11:da:56:c4:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Apr 20 13:42:05 2026 GMT
            Not After : Apr 19 13:47:05 2027 GMT
        Subject: CN=7827FE04F420355E57CDBB92F5DC8A7561CA15EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d4:3e:f9:b3:2b:61:1e:9d:76:5d:ee:e3:07:
                    bf:73:f0:03:4d:5e:ed:25:95:ae:7d:a9:ca:57:e4:
                    4a:74:2b:5c:88:27:72:c9:2c:b2:f0:67:63:8d:cb:
                    86:d6:57:82:8d:8e:59:50:06:f2:38:d3:f6:43:00:
                    79:92:8f:ca:0d:40:ee:05:7e:53:49:8c:c1:14:cf:
                    ce:16:a4:c7:8f:a3:df:c0:33:99:da:cd:53:66:c6:
                    ba:49:c7:9c:2f:d6:5f:20:b6:53:60:52:9c:b0:23:
                    1c:2a:df:93:b9:c1:ac:c0:f5:73:07:2b:e4:4a:9d:
                    27:4e:e9:77:29:fb:5d:e2:08:83:2a:a9:3d:7f:3b:
                    b2:e9:e4:a2:6b:2e:05:7f:95:ac:ba:7b:4c:ee:d6:
                    9b:0b:6d:b8:f0:42:72:8e:ee:50:11:6e:0a:01:9d:
                    bd:49:70:72:64:ff:4f:a5:1b:01:8f:92:9a:cd:7c:
                    7d:92:9c:8e:3d:a4:24:f2:19:66:b2:aa:c0:3c:0c:
                    64:87:aa:6d:96:b2:78:40:bf:f6:54:e2:62:63:86:
                    73:d8:f5:fc:ab:14:19:56:3e:fd:c9:88:9e:50:29:
                    58:db:bc:26:7b:7e:44:6f:b1:65:f9:4f:3c:e4:d0:
                    50:d4:53:55:56:24:a9:32:05:08:3f:eb:8b:29:16:
                    d5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:27:FE:04:F4:20:35:5E:57:CD:BB:92:F5:DC:8A:75:61:CA:15:EB
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:c0:d3:59:d3:ca:a3:d4:c5:e4:ca:7d:24:b9:6d:f8:53:9d:
         5b:fb:2a:3e:02:47:f2:af:76:0e:15:26:49:fb:04:79:54:e6:
         7a:a6:29:eb:bf:c1:62:f3:c1:f1:92:42:15:9c:3d:c5:54:9a:
         35:f9:4b:bc:a3:eb:15:35:43:04:35:a6:fd:9c:be:07:b5:46:
         02:dd:d8:0a:8b:d4:3d:21:32:49:41:50:9a:d6:95:6e:50:05:
         48:83:d7:c9:3a:24:f0:05:13:27:be:5f:e4:36:6d:19:a1:bc:
         e2:96:63:0e:26:b4:d4:52:0d:08:f4:0c:da:7a:39:d8:77:41:
         00:a8:77:60:51:47:45:b7:68:cf:6f:43:68:e1:72:d3:8a:7c:
         9f:78:00:db:f1:d7:3b:8e:5c:28:7b:90:8a:56:b6:4b:01:67:
         09:a8:5b:cc:60:67:4c:c7:11:d3:7b:39:70:6f:41:eb:f9:6e:
         be:25:04:5b:7c:6d:b0:ec:96:7f:30:30:62:c6:73:a3:b6:e6:
         12:d4:ab:5b:3f:f9:1e:f3:4c:6c:34:af:f2:80:fc:12:29:8b:
         36:c8:62:d8:89:34:12:8c:3a:8f:cb:f5:cf:7c:9f:82:dc:7e:
         3c:72:1f:09:7b:e7:3f:53:e9:18:95:cd:11:60:81:07:95:4a:
         77:db:a2:6c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUa77lNSQObGJQhgQxVQFbEdpWxCswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjA0MjAxMzQyMDVaFw0yNzA0MTkxMzQ3MDVaMDMxMTAvBgNV
BAMTKDc4MjdGRTA0RjQyMDM1NUU1N0NEQkI5MkY1REM4QTc1NjFDQTE1RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz1D75sythHp12Xe7jB79z8ANN
Xu0lla59qcpX5Ep0K1yIJ3LJLLLwZ2ONy4bWV4KNjllQBvI40/ZDAHmSj8oNQO4F
flNJjMEUz84WpMePo9/AM5nazVNmxrpJx5wv1l8gtlNgUpywIxwq35O5wazA9XMH
K+RKnSdO6Xcp+13iCIMqqT1/O7Lp5KJrLgV/lay6e0zu1psLbbjwQnKO7lARbgoB
nb1JcHJk/0+lGwGPkprNfH2SnI49pCTyGWayqsA8DGSHqm2WsnhAv/ZU4mJjhnPY
9fyrFBlWPv3JiJ5QKVjbvCZ7fkRvsWX5Tzzk0FDUU1VWJKkyBQg/64spFtU/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUeCf+BPQgNV5XzbuS9dyKdWHKFeswHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzww
DQYJKoZIhvcNAQELBQADggEBALnA01nTyqPUxeTKfSS5bfhTnVv7Kj4CR/Kvdg4V
Jkn7BHlU5nqmKeu/wWLzwfGSQhWcPcVUmjX5S7yj6xU1QwQ1pv2cvge1RgLd2AqL
1D0hMklBUJrWlW5QBUiD18k6JPAFEye+X+Q2bRmhvOKWYw4mtNRSDQj0DNp6Odh3
QQCod2BRR0W3aM9vQ2jhctOKfJ94ANvx1zuOXCh7kIpWtksBZwmoW8xgZ0zHEdN7
OXBvQev5br4lBFt8bbDsln8wMGLGc6O25hLUq1s/+R7zTGw0r/KA/BIpizbIYtiJ
NBKMOo/L9c98n4LcfjxyHwl75z9T6RiVzRFggQeVSnfbomw=
-----END CERTIFICATE-----