Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa
File:                     322e35392e36312e302f32342d3234203d3e203438323636.roa (raw, json)
Hash identifier:          6dfl8lI1/2dWL8ffIUYhSFUUS7mSu5VjjS42Z8HkW7c=
Subject key identifier:   CD:8F:B8:41:12:16:6B:B2:F3:DB:E8:93:CD:DD:57:32:D1:0C:D4:0F
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       608A3EBB8DF5DE7997BCAB83803028F800213631
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa
Signing time:             Wed 12 Mar 2025 09:53:58 +0000
ROA not before:           Wed 12 Mar 2025 09:48:58 +0000
ROA not after:            Wed 11 Mar 2026 09:53:58 +0000
asID:                     48266
IP address blocks:        2.59.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:8a:3e:bb:8d:f5:de:79:97:bc:ab:83:80:30:28:f8:00:21:36:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Mar 12 09:48:58 2025 GMT
            Not After : Mar 11 09:53:58 2026 GMT
        Subject: CN=CD8FB84112166BB2F3DBE893CDDD5732D10CD40F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:21:6e:7d:49:fb:cf:06:9c:77:80:04:da:8e:
                    c7:3f:ba:99:ea:06:99:24:90:97:92:9a:6a:58:a1:
                    a0:a8:00:d6:12:8d:29:8b:5a:5b:3f:a2:c9:3f:27:
                    1c:f8:fd:9a:e0:02:a9:65:d1:10:81:00:20:b8:7c:
                    0f:92:99:c4:64:d6:98:2b:01:a1:97:96:73:f9:0e:
                    80:5d:31:4a:da:77:63:fc:b9:61:31:0c:b2:8d:e6:
                    df:9a:ca:d1:ed:40:c9:9a:de:8b:b4:8a:57:eb:a2:
                    10:cf:90:9a:ca:ce:1a:f4:c2:88:d1:47:32:7d:6d:
                    d7:94:32:29:6c:94:d8:cd:f7:d9:2f:e2:12:89:09:
                    29:b4:ed:01:d8:1e:e8:22:a8:18:99:45:bd:7e:46:
                    04:e3:43:aa:32:b2:95:75:38:8b:85:ce:5a:05:9d:
                    a6:8b:a7:78:1f:78:be:be:ec:c3:24:77:cd:7d:d6:
                    90:f1:dd:fa:b9:38:07:18:63:57:35:b2:f0:d3:9a:
                    52:9c:a8:39:6e:a5:fa:bc:03:30:c8:9d:92:16:3c:
                    18:7e:66:61:c9:b0:0a:f4:ab:d1:81:40:b5:ec:f5:
                    af:73:e8:47:aa:6c:25:cb:6f:75:03:af:bc:d7:af:
                    eb:7a:d6:5e:fd:af:50:be:27:8d:fa:bb:06:7e:cd:
                    ec:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:8F:B8:41:12:16:6B:B2:F3:DB:E8:93:CD:DD:57:32:D1:0C:D4:0F
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:f1:cd:1a:cb:e1:14:3b:c1:18:1b:83:74:11:a5:0f:19:12:
         17:25:8c:c1:44:8c:8c:12:a2:dc:32:9d:10:de:f6:29:90:25:
         c4:86:e5:f4:14:4b:67:ce:9f:56:5e:ed:94:01:0d:a4:5e:6c:
         38:3a:57:4b:29:94:50:8c:51:9c:4c:00:64:ef:34:96:44:1b:
         a0:16:75:db:19:a3:47:e8:13:06:38:84:e8:6a:f7:7a:5c:04:
         5a:c0:c2:f6:aa:a6:ee:6f:0a:09:1a:49:46:d1:40:9e:6e:e2:
         6f:74:db:08:56:00:31:43:e6:87:c9:8c:fa:a2:1e:be:d3:cd:
         d4:88:ca:89:fc:7e:92:a7:21:f5:ca:e2:7e:f6:28:67:24:71:
         26:1f:21:69:8d:6a:b3:56:69:82:98:9d:ec:56:43:53:b5:65:
         e4:6c:13:0f:f7:37:f5:33:f8:11:d1:55:9a:d4:2a:fc:64:ac:
         b8:b3:a1:e9:af:0c:b8:1a:86:02:53:f3:a2:b4:ce:80:55:b6:
         6d:5e:1a:04:c6:c3:8d:6f:d6:3d:58:fb:92:3c:43:e8:3e:d2:
         67:55:ec:5e:19:ab:30:99:ec:5c:86:2b:87:8b:52:0c:e2:dc:
         85:d9:9c:a7:65:f7:f9:9b:73:68:2d:26:5a:81:b1:82:86:ce:
         59:73:8c:d9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYIo+u4313nmXvKuDgDAo+AAhNjEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTAzMTIwOTQ4NThaFw0yNjAzMTEwOTUzNThaMDMxMTAvBgNV
BAMTKENEOEZCODQxMTIxNjZCQjJGM0RCRTg5M0NEREQ1NzMyRDEwQ0Q0MEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/IW59SfvPBpx3gATajsc/upnq
BpkkkJeSmmpYoaCoANYSjSmLWls/osk/Jxz4/ZrgAqll0RCBACC4fA+SmcRk1pgr
AaGXlnP5DoBdMUrad2P8uWExDLKN5t+aytHtQMma3ou0ilfrohDPkJrKzhr0wojR
RzJ9bdeUMilslNjN99kv4hKJCSm07QHYHugiqBiZRb1+RgTjQ6oyspV1OIuFzloF
naaLp3gfeL6+7MMkd8191pDx3fq5OAcYY1c1svDTmlKcqDlupfq8AzDInZIWPBh+
ZmHJsAr0q9GBQLXs9a9z6EeqbCXLb3UDr7zXr+t61l79r1C+J436uwZ+zexPAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUzY+4QRIWa7Lz2+iTzd1XMtEM1A8wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM4MzIzNjM2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs9MA0G
CSqGSIb3DQEBCwUAA4IBAQCg8c0ay+EUO8EYG4N0EaUPGRIXJYzBRIyMEqLcMp0Q
3vYpkCXEhuX0FEtnzp9WXu2UAQ2kXmw4OldLKZRQjFGcTABk7zSWRBugFnXbGaNH
6BMGOIToavd6XARawML2qqbubwoJGklG0UCebuJvdNsIVgAxQ+aHyYz6oh6+083U
iMqJ/H6SpyH1yuJ+9ihnJHEmHyFpjWqzVmmCmJ3sVkNTtWXkbBMP9zf1M/gR0VWa
1Cr8ZKy4s6Hprwy4GoYCU/OitM6AVbZtXhoExsONb9Y9WPuSPEPoPtJnVexeGasw
mexchiuHi1IM4tyF2ZynZff5m3NoLSZagbGChs5Zc4zZ
-----END CERTIFICATE-----