Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59642.roa
File:                     AS59642.roa (raw, json)
Hash identifier:          JMakyddte9J6FVwBpUJ+4iiOebCNlOeHgv87JxhvEaA=
Subject key identifier:   66:A8:9C:7F:D2:D5:6C:27:D7:0E:EF:91:4E:82:F0:17:56:AD:8D:79
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       11A73B4E185AEB1D6326D147A718B923BAE2A51D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59642.roa
Signing time:             Mon 13 Jan 2025 09:32:59 +0000
ROA not before:           Mon 13 Jan 2025 09:27:59 +0000
ROA not after:            Mon 12 Jan 2026 09:32:59 +0000
asID:                     59642
IP address blocks:        82.29.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:a7:3b:4e:18:5a:eb:1d:63:26:d1:47:a7:18:b9:23:ba:e2:a5:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 13 09:27:59 2025 GMT
            Not After : Jan 12 09:32:59 2026 GMT
        Subject: CN=66A89C7FD2D56C27D70EEF914E82F01756AD8D79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d2:9b:f8:2d:f4:16:24:d7:43:53:84:58:c4:
                    83:37:dd:ac:14:9a:8f:cc:e0:2f:5f:8b:9a:fc:b8:
                    82:02:e4:4e:c6:df:fc:fd:0c:2f:4c:56:74:d7:90:
                    f2:52:3c:25:0a:f9:2c:66:cc:d1:25:ab:80:6c:c0:
                    fb:de:45:0f:ce:59:6f:38:cd:d4:cb:91:90:b3:5d:
                    2a:ab:da:68:b8:c4:78:5c:3f:62:19:83:55:a9:02:
                    ca:12:62:b7:e2:f2:59:37:03:68:ae:b1:ec:82:15:
                    51:0c:b6:d3:30:74:7d:8d:56:6c:87:6f:e3:36:ec:
                    12:92:f5:37:64:7f:22:f5:99:7b:24:c4:f3:fd:4a:
                    1d:e4:59:cc:b8:87:13:b8:6c:b9:d9:c3:1d:3c:d5:
                    a4:ac:ab:47:e1:b2:3a:d2:b9:2e:c8:85:d7:ba:17:
                    92:6c:6a:0e:e1:6a:bb:5f:7f:a4:7f:9d:f8:12:88:
                    4f:b7:f5:14:8d:6e:1a:79:fd:99:59:9f:56:99:83:
                    2b:da:ff:ff:87:bf:50:ce:88:63:30:b6:e3:36:ed:
                    5e:64:e6:1a:69:8f:56:db:c7:a5:0d:26:d6:ba:16:
                    84:c0:86:86:d9:bf:c7:d4:ab:0c:0d:f4:4e:d5:57:
                    c8:9c:de:e0:7f:82:7d:24:77:8c:16:38:77:f4:51:
                    b3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:A8:9C:7F:D2:D5:6C:27:D7:0E:EF:91:4E:82:F0:17:56:AD:8D:79
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59642.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:a8:82:d7:2f:c9:34:cd:3e:1b:ce:87:f1:61:97:5e:a1:55:
         74:27:39:41:bb:10:43:15:a3:f1:51:80:30:7f:9f:51:00:a0:
         30:30:55:16:cb:72:77:11:4d:d9:12:37:51:18:32:c0:6d:a2:
         f3:cf:33:67:ab:7d:5e:9f:9a:68:d0:1c:3b:e8:f2:f0:8d:ae:
         5c:48:cc:c3:2e:05:a8:ea:6c:1a:fa:e5:bd:9f:c9:d9:1b:0e:
         8a:60:62:5f:27:0f:34:cf:19:d7:ab:11:a9:2b:1d:a4:c4:14:
         8a:7c:fa:5a:09:fa:f2:ec:a6:04:6c:bf:e7:ec:2b:75:f6:8b:
         50:60:cc:94:65:69:cc:56:c9:32:d6:bc:38:c3:37:89:5e:77:
         3b:08:88:dc:96:79:f9:79:dd:60:df:73:87:47:be:05:2c:f5:
         62:3b:38:18:68:5b:43:60:c7:2a:95:ab:f5:09:e2:23:66:2a:
         63:32:ff:a8:60:73:95:8c:c3:17:6a:77:da:25:76:91:ef:a5:
         92:38:91:fa:0d:cd:87:03:4f:f2:c5:5a:cb:05:57:bc:a3:19:
         5a:02:ba:df:0a:90:7e:90:be:04:03:43:1c:10:75:ba:54:29:
         eb:b7:3c:04:89:3c:43:8d:74:6e:c7:94:fe:ac:2d:27:82:d6:
         3b:a4:6d:0b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEac7Thha6x1jJtFHpxi5I7ripR0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTMwOTI3NTlaFw0yNjAxMTIwOTMyNTlaMDMxMTAvBgNV
BAMTKDY2QTg5QzdGRDJENTZDMjdENzBFRUY5MTRFODJGMDE3NTZBRDhENzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI0pv4LfQWJNdDU4RYxIM33awU
mo/M4C9fi5r8uIIC5E7G3/z9DC9MVnTXkPJSPCUK+SxmzNElq4BswPveRQ/OWW84
zdTLkZCzXSqr2mi4xHhcP2IZg1WpAsoSYrfi8lk3A2iuseyCFVEMttMwdH2NVmyH
b+M27BKS9TdkfyL1mXskxPP9Sh3kWcy4hxO4bLnZwx081aSsq0fhsjrSuS7Ihde6
F5Jsag7hartff6R/nfgSiE+39RSNbhp5/ZlZn1aZgyva//+Hv1DOiGMwtuM27V5k
5hppj1bbx6UNJta6FoTAhobZv8fUqwwN9E7VV8ic3uB/gn0kd4wWOHf0UbNfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUZqicf9LVbCfXDu+RToLwF1atjXkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTk2NDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSHWow
DQYJKoZIhvcNAQELBQADggEBAI2ogtcvyTTNPhvOh/Fhl16hVXQnOUG7EEMVo/FR
gDB/n1EAoDAwVRbLcncRTdkSN1EYMsBtovPPM2erfV6fmmjQHDvo8vCNrlxIzMMu
BajqbBr65b2fydkbDopgYl8nDzTPGderEakrHaTEFIp8+loJ+vLspgRsv+fsK3X2
i1BgzJRlacxWyTLWvDjDN4ledzsIiNyWefl53WDfc4dHvgUs9WI7OBhoW0NgxyqV
q/UJ4iNmKmMy/6hgc5WMwxdqd9oldpHvpZI4kfoNzYcDT/LFWssFV7yjGVoCut8K
kH6QvgQDQxwQdbpUKeu3PASJPEONdG7HlP6sLSeC1jukbQs=
-----END CERTIFICATE-----