Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa
File:                     322e35392e36322e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          /Ku1phd3ouPkx4ZDyzwkq+GI0U8NGNl14wVu1lc6q1k=
Subject key identifier:   11:09:49:60:C9:1C:EF:AB:F7:04:13:25:EA:97:0E:8B:4E:54:02:2B
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       4D8944C10BE785AC951D2B64D4176FD5FF863E55
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa
Signing time:             Mon 30 Jun 2025 05:58:04 +0000
ROA not before:           Mon 30 Jun 2025 05:53:04 +0000
ROA not after:            Mon 29 Jun 2026 05:58:04 +0000
asID:                     63023
IP address blocks:        2.59.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 03:25:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:89:44:c1:0b:e7:85:ac:95:1d:2b:64:d4:17:6f:d5:ff:86:3e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun 30 05:53:04 2025 GMT
            Not After : Jun 29 05:58:04 2026 GMT
        Subject: CN=11094960C91CEFABF7041325EA970E8B4E54022B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:48:50:d5:bf:ea:28:15:b2:28:78:18:a2:e8:
                    38:73:df:e8:6b:d4:4b:44:69:e9:e0:ab:ba:d5:53:
                    90:8a:3f:4c:3e:eb:84:5b:1a:ba:38:68:79:a6:08:
                    b0:ef:c1:6f:cb:6c:2e:cb:a7:f8:c9:10:65:71:84:
                    98:66:d8:3d:1c:bd:37:64:f6:40:ca:a0:c6:ce:a7:
                    bc:2d:d1:c9:ce:54:b1:3b:dc:6a:73:40:bc:3e:34:
                    95:1c:d5:7e:90:bb:2d:30:54:4e:cf:96:50:0d:e8:
                    1d:00:5d:66:69:1b:db:86:e5:48:53:f9:e6:3f:2a:
                    c7:f0:88:35:cb:9e:aa:a9:88:f2:31:9c:b6:e9:f8:
                    b2:d1:d1:66:56:ef:07:bc:67:50:16:f3:f4:30:5b:
                    bb:b8:93:90:e2:4b:ca:b0:fe:7e:10:08:ce:ea:bf:
                    17:f5:88:4e:4a:dc:3b:90:c4:0c:c8:7a:b8:49:91:
                    63:9b:5e:fc:fe:85:49:56:22:8c:41:f0:b8:18:9f:
                    00:84:38:65:b1:ec:92:c4:20:66:a2:2a:8b:eb:01:
                    9f:be:26:ed:6e:a1:bb:ab:0d:07:a9:a4:75:a5:7c:
                    4a:11:e5:28:23:11:7c:a8:37:ca:c9:fd:d1:be:27:
                    a2:bc:2d:63:d4:44:fc:d5:d6:06:86:15:de:ea:cf:
                    08:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:09:49:60:C9:1C:EF:AB:F7:04:13:25:EA:97:0E:8B:4E:54:02:2B
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:6d:6e:8d:7f:d5:b5:ad:35:76:e5:52:52:9c:6f:80:4a:58:
         f4:8f:09:e5:b2:cb:14:a7:24:2e:88:6c:c9:ff:fa:51:2c:46:
         4a:dc:4a:83:46:7c:66:53:5e:91:f9:5b:2e:e8:66:47:39:bf:
         2d:63:77:8b:79:16:46:6d:24:25:c3:33:15:e5:38:5a:1d:e7:
         1d:cc:be:26:c9:1f:64:f0:6b:eb:6a:aa:a2:33:9d:54:57:dd:
         3e:da:e5:6f:31:6e:28:4a:c3:cf:5f:c3:e7:5c:e4:fd:23:cd:
         02:6e:95:34:07:92:2a:a6:de:e1:6f:27:5d:74:63:bb:0a:7e:
         20:cc:80:fe:3b:85:59:52:a2:a5:f9:1c:7a:a9:7b:6c:73:fc:
         09:c6:ff:60:cb:e5:72:2e:ae:ea:2b:17:ff:35:25:0e:d1:62:
         69:ee:23:5d:25:34:76:67:d2:2d:0d:7f:96:67:43:69:75:0b:
         0b:fd:65:7f:e9:11:86:7a:da:63:17:db:56:8c:09:b8:be:7f:
         5e:d6:f5:6f:1b:3e:ef:ed:55:fc:0b:2f:35:cb:42:55:d3:95:
         9c:22:f0:98:64:42:e8:1b:e9:73:bc:61:87:c3:a3:0d:cc:8a:
         fa:00:53:99:ba:be:6d:58:ab:c1:09:91:6c:08:69:b8:4d:cd:
         73:75:a2:34
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUTYlEwQvnhayVHStk1Bdv1f+GPlUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA2MzAwNTUzMDRaFw0yNjA2MjkwNTU4MDRaMDMxMTAvBgNV
BAMTKDExMDk0OTYwQzkxQ0VGQUJGNzA0MTMyNUVBOTcwRThCNEU1NDAyMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLSFDVv+ooFbIoeBii6Dhz3+hr
1EtEaengq7rVU5CKP0w+64RbGro4aHmmCLDvwW/LbC7Lp/jJEGVxhJhm2D0cvTdk
9kDKoMbOp7wt0cnOVLE73GpzQLw+NJUc1X6Quy0wVE7PllAN6B0AXWZpG9uG5UhT
+eY/KsfwiDXLnqqpiPIxnLbp+LLR0WZW7we8Z1AW8/QwW7u4k5DiS8qw/n4QCM7q
vxf1iE5K3DuQxAzIerhJkWObXvz+hUlWIoxB8LgYnwCEOGWx7JLEIGaiKovrAZ++
Ju1uoburDQeppHWlfEoR5SgjEXyoN8rJ/dG+J6K8LWPURPzV1gaGFd7qzwgnAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUEQlJYMkc76v3BBMl6pcOi05UAiswHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs+MA0G
CSqGSIb3DQEBCwUAA4IBAQBZbW6Nf9W1rTV25VJSnG+ASlj0jwnlsssUpyQuiGzJ
//pRLEZK3EqDRnxmU16R+Vsu6GZHOb8tY3eLeRZGbSQlwzMV5ThaHecdzL4myR9k
8GvraqqiM51UV90+2uVvMW4oSsPPX8PnXOT9I80CbpU0B5Iqpt7hbydddGO7Cn4g
zID+O4VZUqKl+Rx6qXtsc/wJxv9gy+VyLq7qKxf/NSUO0WJp7iNdJTR2Z9ItDX+W
Z0NpdQsL/WV/6RGGetpjF9tWjAm4vn9e1vVvGz7v7VX8Cy81y0JV05WcIvCYZELo
G+lzvGGHw6MNzIr6AFOZur5tWKvBCZFsCGm4Tc1zdaI0
-----END CERTIFICATE-----