Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20383334.roa
File:                     322e35392e36302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6oFhbwS32nNztM+MkZFvFVF8FZ6win/Ti/cCKIVdiGM=
Subject key identifier:   68:A7:7D:6B:F8:5E:86:AA:0B:F9:02:76:2C:CE:A8:E7:D3:91:4D:32
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       688E219F877EE3514017FD67D62F08B23CF39480
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20383334.roa
Signing time:             Wed 03 Jun 2026 00:00:24 +0000
ROA not before:           Tue 02 Jun 2026 23:55:24 +0000
ROA not after:            Wed 02 Jun 2027 00:00:24 +0000
asID:                     834
IP address blocks:        2.59.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:8e:21:9f:87:7e:e3:51:40:17:fd:67:d6:2f:08:b2:3c:f3:94:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun  2 23:55:24 2026 GMT
            Not After : Jun  2 00:00:24 2027 GMT
        Subject: CN=68A77D6BF85E86AA0BF902762CCEA8E7D3914D32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:98:e1:67:3c:37:cb:89:a3:ec:46:98:d5:af:
                    76:03:8c:4a:81:6f:6d:73:4c:24:39:16:0e:d9:52:
                    7a:23:bd:2f:10:5c:17:b0:1d:59:9c:8e:b6:dc:fd:
                    77:44:29:be:be:cc:ae:dc:a1:ad:9c:ae:97:b2:8e:
                    3b:52:61:53:54:2f:54:cf:fc:84:e9:d5:f9:c6:1a:
                    e9:81:46:0c:d3:b8:6e:47:50:95:ca:38:2d:55:0f:
                    26:87:09:35:76:ac:7a:09:5c:83:ca:09:f0:1b:e0:
                    51:a7:ec:ca:0c:aa:5c:ab:3f:2f:89:74:94:8d:27:
                    14:2c:d0:75:2f:2c:7e:9a:1a:50:1a:33:34:31:30:
                    22:de:5f:58:8c:ff:7b:04:d8:46:65:b8:fa:63:1c:
                    fd:52:1b:c6:1a:ac:ab:e7:90:a7:61:46:9d:5a:3b:
                    cb:73:c7:23:f4:57:ce:f0:8d:6c:a0:47:74:b9:a6:
                    2b:cf:56:5f:1f:f7:b8:97:77:05:fb:dd:9d:52:58:
                    c1:d0:0b:c5:55:04:d9:a3:ab:03:fb:e8:8e:6f:cb:
                    44:19:26:8b:20:a8:6a:51:76:f0:d2:46:91:6c:b6:
                    0e:80:57:cf:4b:8e:52:65:81:02:f9:17:91:07:a2:
                    1c:d9:24:b5:c3:b6:08:81:63:c5:3d:8f:61:9c:c9:
                    ec:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A7:7D:6B:F8:5E:86:AA:0B:F9:02:76:2C:CE:A8:E7:D3:91:4D:32
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:59:03:8e:2d:6b:9b:42:a2:1e:88:38:b7:07:d0:29:85:b2:
         e5:be:67:9e:1a:09:17:c0:3f:d1:4b:19:e5:1d:0a:23:3f:a0:
         7e:6d:16:00:a1:ae:61:0d:4b:4b:48:65:5c:c9:6d:9e:bc:6e:
         47:eb:45:1d:ca:20:4f:b1:8f:ba:d7:b2:be:d3:2b:b3:40:43:
         8e:92:a5:3d:b8:49:86:45:55:b5:b6:70:4e:09:dc:24:b5:c0:
         f0:01:9a:56:09:a6:1f:de:95:71:dc:b7:19:8a:01:b5:97:b8:
         21:71:c8:5b:bc:07:fb:c5:7f:ca:cf:ab:0b:05:5c:1c:99:3c:
         4f:5c:07:8d:26:5f:ee:1a:24:55:2b:70:27:83:ff:b8:b9:78:
         82:4b:eb:b3:b5:68:f1:25:32:69:b3:be:1a:c3:21:d2:cd:32:
         ad:ff:2c:d2:f8:81:8d:1e:e3:1b:f4:e2:21:fa:35:c6:6d:37:
         1a:77:a2:93:ff:ae:6c:f4:c3:00:0f:b8:de:ba:a5:81:bd:d8:
         4d:94:0f:fd:75:37:43:d1:f1:89:a3:e1:4e:47:53:65:5e:ac:
         ef:04:ef:03:bd:c6:dd:08:ab:80:fd:45:26:c2:f5:b2:cb:7a:
         3b:b9:ee:91:05:8a:9c:c1:9b:b5:ad:7e:49:91:17:6c:6e:95:
         08:17:a1:33
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUaI4hn4d+41FAF/1n1i8IsjzzlIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjA2MDIyMzU1MjRaFw0yNzA2MDIwMDAwMjRaMDMxMTAvBgNV
BAMTKDY4QTc3RDZCRjg1RTg2QUEwQkY5MDI3NjJDQ0VBOEU3RDM5MTREMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWmOFnPDfLiaPsRpjVr3YDjEqB
b21zTCQ5Fg7ZUnojvS8QXBewHVmcjrbc/XdEKb6+zK7coa2crpeyjjtSYVNUL1TP
/ITp1fnGGumBRgzTuG5HUJXKOC1VDyaHCTV2rHoJXIPKCfAb4FGn7MoMqlyrPy+J
dJSNJxQs0HUvLH6aGlAaMzQxMCLeX1iM/3sE2EZluPpjHP1SG8YarKvnkKdhRp1a
O8tzxyP0V87wjWygR3S5pivPVl8f97iXdwX73Z1SWMHQC8VVBNmjqwP76I5vy0QZ
JosgqGpRdvDSRpFstg6AV89LjlJlgQL5F5EHohzZJLXDtgiBY8U9j2Gcyey5AgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUaKd9a/hehqoL+QJ2LM6o59ORTTIwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzwwDQYJKoZI
hvcNAQELBQADggEBACZZA44ta5tCoh6IOLcH0CmFsuW+Z54aCRfAP9FLGeUdCiM/
oH5tFgChrmENS0tIZVzJbZ68bkfrRR3KIE+xj7rXsr7TK7NAQ46SpT24SYZFVbW2
cE4J3CS1wPABmlYJph/elXHctxmKAbWXuCFxyFu8B/vFf8rPqwsFXByZPE9cB40m
X+4aJFUrcCeD/7i5eIJL67O1aPElMmmzvhrDIdLNMq3/LNL4gY0e4xv04iH6NcZt
Nxp3opP/rmz0wwAPuN66pYG92E2UD/11N0PR8Ymj4U5HU2VerO8E7wO9xt0Iq4D9
RSbC9bLLeju57pEFipzBm7WtfkmRF2xulQgXoTM=
-----END CERTIFICATE-----