Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e20313432313131.roa
File:                     322e35392e36322e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          MsiGjvSieUCa/T21XIqsNppHCh9EmLMqXVv3uxcO8n0=
Subject key identifier:   6C:73:49:C8:14:89:30:AE:46:A7:AC:9C:55:D0:6E:73:E0:26:21:B9
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       32225333F615771D1124E55309F634B286832D09
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e20313432313131.roa
Signing time:             Mon 01 Jun 2026 21:47:23 +0000
ROA not before:           Mon 01 Jun 2026 21:42:23 +0000
ROA not after:            Mon 31 May 2027 21:47:23 +0000
asID:                     142111
IP address blocks:        2.59.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 13:49:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:22:53:33:f6:15:77:1d:11:24:e5:53:09:f6:34:b2:86:83:2d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun  1 21:42:23 2026 GMT
            Not After : May 31 21:47:23 2027 GMT
        Subject: CN=6C7349C8148930AE46A7AC9C55D06E73E02621B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c0:bd:11:b1:07:cc:ad:ad:38:7a:d7:a6:a3:
                    7a:e0:4a:a6:55:11:cd:bb:d1:2d:9b:2e:73:59:28:
                    6f:3d:90:e6:ca:ee:cd:80:7e:78:65:c7:b0:49:06:
                    3c:a5:cb:c8:49:7b:61:7b:45:2c:0e:cf:51:60:e6:
                    48:3a:c2:16:ff:ef:c1:a0:05:37:67:be:7e:6c:ce:
                    04:5a:b4:f4:a2:67:29:3a:1f:b2:d1:37:b7:21:81:
                    7c:ab:14:cd:1f:02:6d:01:93:7f:f3:e1:17:db:f1:
                    4c:e2:75:de:bc:32:e9:08:b0:9a:f9:e3:86:76:4e:
                    4b:43:9a:f1:39:8b:ea:c4:c3:93:16:c7:37:16:e6:
                    d4:b1:3f:6e:a8:99:df:9b:9a:3a:8c:34:11:d1:6d:
                    24:bb:c2:b5:e4:ab:60:7d:e6:da:55:ee:a9:85:36:
                    81:ff:36:31:d5:f1:6d:2d:13:cf:f3:37:d6:fb:49:
                    f4:04:22:4a:7b:a5:b8:05:db:7c:3b:f6:81:b7:c1:
                    4b:b2:dc:c5:08:c6:51:83:ea:2b:2e:6a:31:c9:62:
                    19:c3:1b:6f:2f:e0:85:00:7c:96:47:3f:58:b1:23:
                    27:e5:3d:9a:42:92:f0:29:b4:b0:3d:a0:55:53:ed:
                    1a:24:c3:01:08:e2:7b:bd:4d:94:95:eb:ce:46:2b:
                    da:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:73:49:C8:14:89:30:AE:46:A7:AC:9C:55:D0:6E:73:E0:26:21:B9
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:d9:91:ac:33:49:b1:71:09:2a:39:07:8d:c9:d6:b6:77:14:
         08:36:b2:26:02:bf:22:4e:18:9d:23:4f:21:c3:60:a6:ff:eb:
         a7:26:cc:e5:5b:7c:4e:a4:d9:c7:d7:d1:73:85:e0:45:86:f5:
         3c:13:7c:46:86:3a:14:8b:1c:bc:9a:f8:1a:ba:15:6f:d7:f2:
         a3:de:31:ff:1f:d5:9b:67:7b:5b:4b:cb:c6:16:9b:a4:a6:6f:
         d6:aa:3b:4f:d6:fb:aa:f4:e0:80:9e:31:60:c0:d1:a7:54:db:
         90:a6:d9:4a:e3:62:5f:9e:a3:0b:d6:42:9b:48:4b:32:40:a0:
         4d:5e:d3:b6:eb:8d:3d:55:19:b0:6b:27:24:c5:ec:ed:1c:55:
         45:cb:af:52:eb:8b:d9:02:f5:f7:dd:0d:85:df:24:f1:f9:a1:
         fe:f3:81:a1:e2:04:0d:0d:4d:6e:36:4b:f1:ad:57:1d:61:8a:
         6d:a6:08:85:cb:7b:87:64:7e:b8:61:f1:43:d1:72:87:8e:4c:
         20:2b:fd:35:7d:c8:15:cc:b4:01:3d:78:fe:aa:6d:3f:68:ae:
         bf:1e:df:a0:6d:fd:ec:d0:48:39:93:b5:ad:f7:c9:92:4c:6a:
         57:3c:91:e6:3f:aa:8e:68:a3:fd:1c:6f:10:07:87:42:a6:51:
         2e:c2:c4:7c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMiJTM/YVdx0RJOVTCfY0soaDLQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjA2MDEyMTQyMjNaFw0yNzA1MzEyMTQ3MjNaMDMxMTAvBgNV
BAMTKDZDNzM0OUM4MTQ4OTMwQUU0NkE3QUM5QzU1RDA2RTczRTAyNjIxQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvwL0RsQfMra04etemo3rgSqZV
Ec270S2bLnNZKG89kObK7s2Afnhlx7BJBjyly8hJe2F7RSwOz1Fg5kg6whb/78Gg
BTdnvn5szgRatPSiZyk6H7LRN7chgXyrFM0fAm0Bk3/z4Rfb8Uzidd68MukIsJr5
44Z2TktDmvE5i+rEw5MWxzcW5tSxP26omd+bmjqMNBHRbSS7wrXkq2B95tpV7qmF
NoH/NjHV8W0tE8/zN9b7SfQEIkp7pbgF23w79oG3wUuy3MUIxlGD6isuajHJYhnD
G28v4IUAfJZHP1ixIyflPZpCkvAptLA9oFVT7RokwwEI4nu9TZSV685GK9r3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbHNJyBSJMK5Gp6ycVdBuc+AmIbkwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOz4w
DQYJKoZIhvcNAQELBQADggEBAADZkawzSbFxCSo5B43J1rZ3FAg2siYCvyJOGJ0j
TyHDYKb/66cmzOVbfE6k2cfX0XOF4EWG9TwTfEaGOhSLHLya+Bq6FW/X8qPeMf8f
1Ztne1tLy8YWm6Smb9aqO0/W+6r04ICeMWDA0adU25Cm2UrjYl+eowvWQptISzJA
oE1e07brjT1VGbBrJyTF7O0cVUXLr1Lri9kC9ffdDYXfJPH5of7zgaHiBA0NTW42
S/GtVx1him2mCIXLe4dkfrhh8UPRcoeOTCAr/TV9yBXMtAE9eP6qbT9orr8e36Bt
/ezQSDmTta33yZJMalc8keY/qo5oo/0cbxAHh0KmUS7CxHw=
-----END CERTIFICATE-----