Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e20323039363432.roa
File:                     322e35392e36332e302f32342d3234203d3e20323039363432.roa (raw, json)
Hash identifier:          +6zE35Il0rdGN/pq8ZFnc/c2DujvbAilLkJKRMrHYbw=
Subject key identifier:   B8:F1:89:04:78:7B:57:66:60:72:1E:C9:99:D5:9B:75:E6:DA:23:35
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       64B36571B8C9528EF05F19743631354884A218AF
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e20323039363432.roa
Signing time:             Wed 10 Sep 2025 04:38:46 +0000
ROA not before:           Wed 10 Sep 2025 04:33:46 +0000
ROA not after:            Wed 09 Sep 2026 04:38:46 +0000
asID:                     209642
IP address blocks:        2.59.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 12:18:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:b3:65:71:b8:c9:52:8e:f0:5f:19:74:36:31:35:48:84:a2:18:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Sep 10 04:33:46 2025 GMT
            Not After : Sep  9 04:38:46 2026 GMT
        Subject: CN=B8F18904787B576660721EC999D59B75E6DA2335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:54:e3:bc:be:ec:f4:f2:1c:b8:d1:bc:52:cc:
                    63:32:97:f8:77:e4:c9:b1:0a:7e:4d:71:42:7c:ee:
                    03:1f:69:69:1d:7a:ac:8d:4c:60:13:73:8f:13:14:
                    57:47:6c:1d:01:57:b3:c5:36:9d:ec:5e:1f:56:22:
                    8a:45:c7:c8:86:e4:77:a8:c7:25:61:05:d3:54:d5:
                    86:ba:f7:35:bd:60:81:92:19:f2:9e:a4:b5:32:f2:
                    b3:a2:7b:50:9f:9b:c2:bb:f1:4d:ff:36:c0:fe:a1:
                    ef:f5:16:c5:8d:aa:31:a1:84:32:f0:c1:80:d7:a5:
                    cd:64:b0:a0:77:9c:58:a3:10:9f:7f:92:93:6b:a6:
                    69:fe:e5:12:51:7f:84:7f:ed:3d:43:97:8b:48:2d:
                    bd:09:f8:c6:0a:d9:f5:62:73:f8:d8:ce:1c:43:92:
                    54:ec:f4:19:e3:ae:89:39:ec:93:0b:12:03:5a:2a:
                    8f:32:20:28:9b:be:43:97:ee:05:59:ee:4b:1a:8e:
                    ce:f0:ae:a4:bd:a4:9b:27:ae:cc:1e:32:17:c6:ff:
                    37:04:7f:ef:6d:a4:a8:e7:7e:74:98:5f:80:5b:e4:
                    24:99:d9:be:00:b6:1e:2b:6c:09:e6:d9:28:fb:67:
                    1c:c7:e0:5e:59:f8:63:5a:7a:20:5a:27:9f:cd:be:
                    56:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F1:89:04:78:7B:57:66:60:72:1E:C9:99:D5:9B:75:E6:DA:23:35
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e20323039363432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:91:aa:a1:b3:36:f9:26:cf:81:5d:2d:57:f8:61:ee:28:24:
         d8:99:b2:9c:3c:ed:be:ba:1c:59:40:9f:a4:45:9d:62:b8:c2:
         01:10:03:c3:81:bd:05:c8:b9:5f:ce:be:ea:bc:21:78:64:c1:
         ba:dc:3d:69:40:a1:23:53:b7:db:a2:e3:93:be:94:a4:5a:2d:
         ac:39:14:48:2a:c9:cd:bd:86:2b:84:2d:25:50:f2:b9:5e:52:
         aa:9d:4a:7f:27:80:8f:60:c2:1c:3f:2d:3c:55:d2:a6:75:30:
         2a:ad:0a:b7:10:fa:1e:b9:fb:27:67:5e:f4:4f:e5:be:e6:e5:
         4e:29:77:65:e0:4c:04:8d:53:ee:c2:10:63:19:f4:aa:aa:b3:
         f5:4e:e1:25:f4:f6:82:9c:4c:ec:e9:6d:e4:c2:2e:df:d6:18:
         99:ac:bb:54:75:82:c1:9d:0e:6d:80:07:8c:3d:27:53:1e:8b:
         65:f2:cd:d1:ab:ae:bd:e3:99:0f:8b:3a:a4:c2:c2:a7:93:6c:
         d3:ab:29:cc:74:89:ba:ee:25:87:9f:22:b8:9b:b9:1d:63:32:
         0f:55:83:a2:e8:fa:1d:ae:77:77:e6:7c:35:7a:89:88:3f:ef:
         ac:15:9b:4d:5f:b7:c2:51:b5:17:0e:8f:b6:fb:58:8a:ff:9b:
         df:c3:56:ea
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZLNlcbjJUo7wXxl0NjE1SISiGK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA5MTAwNDMzNDZaFw0yNjA5MDkwNDM4NDZaMDMxMTAvBgNV
BAMTKEI4RjE4OTA0Nzg3QjU3NjY2MDcyMUVDOTk5RDU5Qjc1RTZEQTIzMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtVOO8vuz08hy40bxSzGMyl/h3
5MmxCn5NcUJ87gMfaWkdeqyNTGATc48TFFdHbB0BV7PFNp3sXh9WIopFx8iG5Heo
xyVhBdNU1Ya69zW9YIGSGfKepLUy8rOie1Cfm8K78U3/NsD+oe/1FsWNqjGhhDLw
wYDXpc1ksKB3nFijEJ9/kpNrpmn+5RJRf4R/7T1Dl4tILb0J+MYK2fVic/jYzhxD
klTs9Bnjrok57JMLEgNaKo8yICibvkOX7gVZ7ksajs7wrqS9pJsnrsweMhfG/zcE
f+9tpKjnfnSYX4Bb5CSZ2b4Ath4rbAnm2Sj7ZxzH4F5Z+GNaeiBaJ5/NvlZJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUuPGJBHh7V2Zgch7JmdWbdebaIzUwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzkzNjM0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOz8w
DQYJKoZIhvcNAQELBQADggEBAHiRqqGzNvkmz4FdLVf4Ye4oJNiZspw87b66HFlA
n6RFnWK4wgEQA8OBvQXIuV/Ovuq8IXhkwbrcPWlAoSNTt9ui45O+lKRaLaw5FEgq
yc29hiuELSVQ8rleUqqdSn8ngI9gwhw/LTxV0qZ1MCqtCrcQ+h65+ydnXvRP5b7m
5U4pd2XgTASNU+7CEGMZ9Kqqs/VO4SX09oKcTOzpbeTCLt/WGJmsu1R1gsGdDm2A
B4w9J1Mei2XyzdGrrr3jmQ+LOqTCwqeTbNOrKcx0ibruJYefIribuR1jMg9Vg6Lo
+h2ud3fmfDV6iYg/76wVm01ft8JRtRcOj7b7WIr/m9/DVuo=
-----END CERTIFICATE-----