Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e20313432313131.roa
File:                     322e35392e36322e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          c23s9WCLyWR8C29b7voS/R0hWodZcVrxRN5kAioljng=
Subject key identifier:   04:FA:10:B9:B1:00:D5:A2:17:7C:3E:C1:71:5E:64:54:FC:1D:57:C1
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       428B16DDBE4D385A36F30023105EBA4B25A39CBD
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e20313432313131.roa
Signing time:             Mon 30 Jun 2025 21:08:36 +0000
ROA not before:           Mon 30 Jun 2025 21:03:36 +0000
ROA not after:            Mon 29 Jun 2026 21:08:36 +0000
asID:                     142111
IP address blocks:        2.59.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 10:57:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:8b:16:dd:be:4d:38:5a:36:f3:00:23:10:5e:ba:4b:25:a3:9c:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun 30 21:03:36 2025 GMT
            Not After : Jun 29 21:08:36 2026 GMT
        Subject: CN=04FA10B9B100D5A2177C3EC1715E6454FC1D57C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:76:a1:fe:b2:77:5e:32:f5:78:ba:e8:cb:c4:
                    dc:00:d9:49:23:dc:01:c5:58:4f:8f:f9:7d:fc:f1:
                    6d:62:c7:01:8f:f4:c6:d9:0f:29:6c:43:ce:a3:5d:
                    e5:a6:0b:91:3f:f5:85:8d:e4:6b:67:a5:3b:a8:7a:
                    17:72:c4:c5:dd:a4:89:98:f9:75:f3:7e:42:b0:2c:
                    d6:f3:d9:0b:90:f3:e2:6e:f8:b3:fb:b7:96:3a:50:
                    76:92:19:5f:6a:8e:62:64:b4:e0:a0:c4:29:a9:0a:
                    1a:e8:66:ec:bf:2f:a9:54:ca:cd:57:4c:d0:d3:9e:
                    2f:2b:a9:e5:6c:f6:4b:76:ec:98:3c:c0:1b:53:30:
                    ee:d5:bb:01:9b:6b:94:43:04:08:d9:e9:ad:6f:06:
                    6f:f7:50:82:6f:3a:7a:e8:50:64:95:cf:40:5e:df:
                    70:49:9e:c5:4f:16:79:99:c2:ee:f7:27:71:bf:17:
                    f3:76:6e:23:dc:0e:e8:fd:32:7e:84:64:2a:bf:2d:
                    09:1c:f5:3c:23:41:d9:2c:d8:c8:81:13:28:95:e6:
                    fc:27:42:5d:c2:01:1c:fa:14:0c:d0:2a:bf:a8:a3:
                    2c:b0:5e:24:97:df:6c:b3:bc:56:d5:d0:11:b6:96:
                    69:64:8d:84:0d:fc:84:54:6f:d8:01:16:7d:97:79:
                    4a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FA:10:B9:B1:00:D5:A2:17:7C:3E:C1:71:5E:64:54:FC:1D:57:C1
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4f:2b:1d:b3:86:eb:23:cd:dc:84:bd:33:80:3e:c5:d5:b8:
         fd:ff:4d:95:ef:5a:7d:0c:f2:a1:66:13:1e:4e:5f:99:ef:4a:
         aa:b7:2c:64:11:ca:2c:94:25:14:75:20:6f:67:59:b2:92:3b:
         e4:bd:6f:7e:47:21:00:18:74:41:bd:a0:dc:29:cd:6a:97:ef:
         1c:c2:03:53:07:8b:67:53:f4:7b:95:aa:c3:57:fc:0c:af:5b:
         b5:34:82:68:e9:17:d6:9b:f2:f6:c6:10:76:b5:9d:52:7a:5e:
         75:ca:8a:85:13:f2:da:fc:15:82:25:d3:85:1d:99:8c:ec:d1:
         c4:05:85:eb:b7:65:2d:66:ec:8f:1c:39:e1:3f:c8:22:fc:14:
         89:c6:b8:0e:4e:ff:f9:c7:05:bd:07:81:fa:b3:12:c5:e8:d2:
         97:69:42:32:5e:ee:77:11:99:93:6a:47:d5:69:b5:5b:3c:5c:
         dd:46:d9:d2:51:48:63:0a:3a:b9:55:c7:70:2a:df:9e:78:7b:
         52:22:39:76:68:97:ce:eb:a2:72:cd:ca:f6:fd:34:8c:87:3e:
         a4:54:df:bd:c9:92:a7:b9:f0:57:76:a6:69:29:53:3c:bd:9f:
         24:fb:d7:5a:ef:82:c9:3e:ef:cf:03:2d:61:3c:24:52:23:7f:
         b6:3f:a4:39
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQosW3b5NOFo28wAjEF66SyWjnL0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA2MzAyMTAzMzZaFw0yNjA2MjkyMTA4MzZaMDMxMTAvBgNV
BAMTKDA0RkExMEI5QjEwMEQ1QTIxNzdDM0VDMTcxNUU2NDU0RkMxRDU3QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCldqH+sndeMvV4uujLxNwA2Ukj
3AHFWE+P+X388W1ixwGP9MbZDylsQ86jXeWmC5E/9YWN5GtnpTuoehdyxMXdpImY
+XXzfkKwLNbz2QuQ8+Ju+LP7t5Y6UHaSGV9qjmJktOCgxCmpChroZuy/L6lUys1X
TNDTni8rqeVs9kt27Jg8wBtTMO7VuwGba5RDBAjZ6a1vBm/3UIJvOnroUGSVz0Be
33BJnsVPFnmZwu73J3G/F/N2biPcDuj9Mn6EZCq/LQkc9TwjQdks2MiBEyiV5vwn
Ql3CARz6FAzQKr+ooyywXiSX32yzvFbV0BG2lmlkjYQN/IRUb9gBFn2XeUpvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBPoQubEA1aIXfD7BcV5kVPwdV8EwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOz4w
DQYJKoZIhvcNAQELBQADggEBADlPKx2zhusjzdyEvTOAPsXVuP3/TZXvWn0M8qFm
Ex5OX5nvSqq3LGQRyiyUJRR1IG9nWbKSO+S9b35HIQAYdEG9oNwpzWqX7xzCA1MH
i2dT9HuVqsNX/AyvW7U0gmjpF9ab8vbGEHa1nVJ6XnXKioUT8tr8FYIl04UdmYzs
0cQFheu3ZS1m7I8cOeE/yCL8FInGuA5O//nHBb0HgfqzEsXo0pdpQjJe7ncRmZNq
R9VptVs8XN1G2dJRSGMKOrlVx3Aq3554e1IiOXZol87ronLNyvb9NIyHPqRU373J
kqe58Fd2pmkpUzy9nyT711rvgsk+788DLWE8JFIjf7Y/pDk=
-----END CERTIFICATE-----