Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS44024.roa
File:                     AS44024.roa (raw, json)
Hash identifier:          syJwKcqlVazjhj4BSajxL/EGG2jjbNjASYNNGuO1yoE=
Subject key identifier:   44:9D:BC:AE:A3:5A:0B:10:C8:71:BE:57:18:1F:57:7A:EF:32:99:0D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       40C22B85979C5C83F3F011EBE09884B23F298796
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS44024.roa
Signing time:             Fri 05 Sep 2025 00:38:29 +0000
ROA not before:           Fri 05 Sep 2025 00:33:29 +0000
ROA not after:            Fri 04 Sep 2026 00:38:29 +0000
asID:                     44024
IP address blocks:        2a0f:85c1:cf0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:c2:2b:85:97:9c:5c:83:f3:f0:11:eb:e0:98:84:b2:3f:29:87:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep  5 00:33:29 2025 GMT
            Not After : Sep  4 00:38:29 2026 GMT
        Subject: CN=449DBCAEA35A0B10C871BE57181F577AEF32990D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:31:88:ad:5d:16:cf:01:40:5a:b8:41:0c:67:
                    cd:06:50:46:1d:6e:06:85:e7:ba:0e:85:7b:ed:ed:
                    dd:1a:84:1f:97:6f:06:ee:e4:77:18:6d:1f:00:00:
                    ac:b0:4d:9c:76:54:23:35:54:a9:ab:f1:34:dc:e5:
                    c7:50:6e:e8:44:90:19:e4:fc:2d:ee:61:47:e4:14:
                    3a:b2:f0:77:3d:e4:61:6b:87:1e:91:6b:b7:81:d8:
                    8c:87:53:94:df:73:79:e7:2b:15:b3:5f:1c:8e:07:
                    72:81:88:31:59:c1:2e:6b:0c:4f:8b:af:02:94:8a:
                    e7:43:2a:16:00:1f:09:89:53:66:a4:41:a4:a8:a8:
                    25:91:e9:ce:b2:9b:ef:9a:be:27:8e:d8:b4:5c:2a:
                    e2:ae:3a:81:10:64:b0:b4:ad:4b:24:81:04:eb:76:
                    90:95:d9:07:a2:65:0e:af:36:ac:af:1f:8b:68:76:
                    65:12:19:3c:20:62:fc:1d:c7:f1:c1:5c:7b:80:c6:
                    18:b7:cc:be:0b:71:6a:27:e2:42:8b:8f:cc:4a:f6:
                    bd:73:3c:c8:10:3c:2d:09:65:68:99:c6:14:54:8d:
                    ef:8a:92:02:75:be:ca:7a:09:41:e2:d5:38:e4:a8:
                    7c:91:9e:22:6a:da:11:b6:36:e9:de:e3:c5:2a:3e:
                    8a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9D:BC:AE:A3:5A:0B:10:C8:71:BE:57:18:1F:57:7A:EF:32:99:0D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS44024.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cf0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:a1:44:e8:34:08:30:3b:9e:90:bc:73:30:7f:4b:90:68:fa:
         df:42:a4:b8:a0:c4:db:c7:0e:bb:95:86:d9:bb:c1:09:7c:85:
         4a:e8:0e:f5:3f:c5:25:c9:fb:e2:d7:fd:db:24:d4:2b:89:66:
         b6:07:81:19:ac:9b:6a:60:19:c2:d0:a5:db:3f:5e:7c:b9:dd:
         0e:60:04:55:08:82:ce:70:bb:ed:82:f1:8e:43:7f:0f:81:91:
         53:f5:37:c7:ed:8b:e6:3e:e9:29:d9:ef:9c:b8:38:3d:9a:e1:
         b2:3f:df:38:99:de:61:27:03:02:10:03:21:a1:e1:75:26:6f:
         b1:ba:7f:5a:f3:59:11:1e:2d:b0:50:2f:1c:94:ec:d6:b0:cf:
         a2:d4:18:cd:a0:bb:9e:1a:60:90:0c:7e:5f:5f:c2:7e:53:20:
         a7:ad:84:1a:79:4e:1a:62:02:70:2a:40:32:1d:48:6f:ca:74:
         d6:68:0b:18:a9:c5:32:59:83:0d:16:04:9b:a2:d6:37:83:a6:
         c3:7e:bc:5a:ad:3b:84:e5:a7:dc:03:22:70:0e:b5:89:9a:39:
         19:3d:f2:7e:f0:40:ee:a5:08:a4:cc:3a:71:dd:23:49:ac:d3:
         2d:dc:40:3f:2b:13:86:bd:97:00:c4:35:c4:4a:c0:0d:db:05:
         2b:27:88:5b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUQMIrhZecXIPz8BHr4JiEsj8ph5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MDUwMDMzMjlaFw0yNjA5MDQwMDM4MjlaMDMxMTAvBgNV
BAMTKDQ0OURCQ0FFQTM1QTBCMTBDODcxQkU1NzE4MUY1NzdBRUYzMjk5MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNMYitXRbPAUBauEEMZ80GUEYd
bgaF57oOhXvt7d0ahB+Xbwbu5HcYbR8AAKywTZx2VCM1VKmr8TTc5cdQbuhEkBnk
/C3uYUfkFDqy8Hc95GFrhx6Ra7eB2IyHU5Tfc3nnKxWzXxyOB3KBiDFZwS5rDE+L
rwKUiudDKhYAHwmJU2akQaSoqCWR6c6ym++avieO2LRcKuKuOoEQZLC0rUskgQTr
dpCV2QeiZQ6vNqyvH4todmUSGTwgYvwdx/HBXHuAxhi3zL4LcWon4kKLj8xK9r1z
PMgQPC0JZWiZxhRUje+KkgJ1vsp6CUHi1TjkqHyRniJq2hG2Nune48UqPor5AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQURJ28rqNaCxDIcb5XGB9Xeu8ymQ0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNDQwMjQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
DPAwDQYJKoZIhvcNAQELBQADggEBAF2hROg0CDA7npC8czB/S5Bo+t9CpLigxNvH
DruVhtm7wQl8hUroDvU/xSXJ++LX/dsk1CuJZrYHgRmsm2pgGcLQpds/Xny53Q5g
BFUIgs5wu+2C8Y5Dfw+BkVP1N8fti+Y+6SnZ75y4OD2a4bI/3ziZ3mEnAwIQAyGh
4XUmb7G6f1rzWREeLbBQLxyU7Nawz6LUGM2gu54aYJAMfl9fwn5TIKethBp5Thpi
AnAqQDIdSG/KdNZoCxipxTJZgw0WBJui1jeDpsN+vFqtO4Tlp9wDInAOtYmaORk9
8n7wQO6lCKTMOnHdI0ms0y3cQD8rE4a9lwDENcRKwA3bBSsniFs=
-----END CERTIFICATE-----