Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS60431.roa
File:                     AS60431.roa (raw, json)
Hash identifier:          kYZ+SpuXOeFrgi5S5aPE77bxuc0nMV1NKZIdlgs5LqE=
Subject key identifier:   C8:59:57:9C:7C:7C:35:04:29:06:DF:55:96:4C:F4:3C:0A:E2:D8:8E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4C380432AD90D7F804EBDA34506DEDEF982C16F0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS60431.roa
Signing time:             Fri 21 Mar 2025 05:15:01 +0000
ROA not before:           Fri 21 Mar 2025 05:10:01 +0000
ROA not after:            Fri 20 Mar 2026 05:15:01 +0000
asID:                     60431
IP address blocks:        2a0f:85c1:bc0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:38:04:32:ad:90:d7:f8:04:eb:da:34:50:6d:ed:ef:98:2c:16:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 21 05:10:01 2025 GMT
            Not After : Mar 20 05:15:01 2026 GMT
        Subject: CN=C859579C7C7C35042906DF55964CF43C0AE2D88E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a5:b3:22:bb:50:90:9e:80:9b:6b:92:c0:57:
                    05:7c:dc:51:5f:fc:37:1c:d5:29:bb:3a:49:60:25:
                    64:45:cf:ff:00:09:58:94:4a:22:67:15:a8:0e:94:
                    14:45:28:d1:9a:a8:68:09:fe:e7:00:9c:9b:13:a9:
                    cd:ec:f2:3e:5e:8b:18:55:51:91:62:f5:a3:d9:94:
                    38:ee:6e:26:72:57:62:1b:b5:2a:20:22:8a:56:35:
                    d5:5a:67:5a:c0:68:40:35:de:70:4c:1c:80:fe:a2:
                    ab:05:41:2f:12:8a:82:49:62:29:b3:f4:d9:fe:1c:
                    cb:eb:de:fc:7a:fe:93:49:2b:1e:2d:9e:81:bf:bb:
                    25:ed:c9:60:36:05:49:83:31:43:ea:90:22:25:6d:
                    56:12:25:84:f7:f3:21:a5:81:37:74:98:ef:ab:bf:
                    92:05:a1:29:dd:4d:f5:6b:e7:e9:f9:fe:9b:b5:c3:
                    48:bb:42:15:7e:4f:37:cb:b7:ed:73:e5:85:01:d1:
                    46:1e:14:d0:54:66:3f:06:57:4a:00:18:f8:13:fe:
                    57:34:e2:8d:4d:d0:aa:ed:2d:af:2c:df:95:da:0a:
                    49:47:3e:a2:22:28:a7:44:97:95:b3:40:15:8a:e2:
                    a6:7f:f0:5d:eb:9e:63:57:1c:6f:c6:34:04:9b:bf:
                    0e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:59:57:9C:7C:7C:35:04:29:06:DF:55:96:4C:F4:3C:0A:E2:D8:8E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS60431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:8b:8b:e6:c8:31:10:3b:ff:dd:8d:5b:bd:3c:40:42:ea:39:
         76:6d:04:f2:34:07:23:49:c1:24:48:89:88:0f:ed:a8:51:9b:
         87:ae:86:30:08:7c:0a:5c:fe:05:90:ac:9e:a1:ac:6b:1d:e7:
         d8:c5:82:2b:bb:2c:94:64:6e:27:31:20:6b:3c:4b:4e:f8:6b:
         ad:0c:cd:d6:fb:ff:be:c4:3f:bb:ff:7b:b3:2a:ff:a3:15:d9:
         d4:8d:c9:e1:a8:46:a8:fc:2f:f4:58:cd:5b:3e:51:fb:07:0b:
         f7:d7:c3:6d:1c:20:50:7e:d0:41:a3:7a:fd:bd:90:a6:1c:71:
         38:99:8f:08:15:06:e3:a5:45:9b:f5:0d:c1:f9:0c:5e:a2:b6:
         c3:95:39:0e:a7:4d:3b:5e:97:bc:a7:42:7d:a7:e4:16:6f:38:
         5f:b5:89:9c:01:de:2b:1f:d9:94:b4:48:68:cf:1b:34:bd:b1:
         02:8f:c0:38:05:35:dd:c4:cc:bb:b4:23:57:68:c7:49:de:77:
         a0:e7:92:ea:41:fc:a8:44:f3:0b:1c:cc:a2:1d:7e:71:9a:8d:
         08:b1:8a:8c:f2:63:b5:8b:01:3b:02:df:ba:8b:87:9b:b0:0f:
         a0:d1:fc:06:5d:6f:49:2f:fd:ef:ef:04:71:88:a8:ce:ff:d6:
         d3:c6:48:28
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUTDgEMq2Q1/gE69o0UG3t75gsFvAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMjEwNTEwMDFaFw0yNjAzMjAwNTE1MDFaMDMxMTAvBgNV
BAMTKEM4NTk1NzlDN0M3QzM1MDQyOTA2REY1NTk2NENGNDNDMEFFMkQ4OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDpbMiu1CQnoCba5LAVwV83FFf
/Dcc1Sm7OklgJWRFz/8ACViUSiJnFagOlBRFKNGaqGgJ/ucAnJsTqc3s8j5eixhV
UZFi9aPZlDjubiZyV2IbtSogIopWNdVaZ1rAaEA13nBMHID+oqsFQS8SioJJYimz
9Nn+HMvr3vx6/pNJKx4tnoG/uyXtyWA2BUmDMUPqkCIlbVYSJYT38yGlgTd0mO+r
v5IFoSndTfVr5+n5/pu1w0i7QhV+TzfLt+1z5YUB0UYeFNBUZj8GV0oAGPgT/lc0
4o1N0KrtLa8s35XaCklHPqIiKKdEl5WzQBWK4qZ/8F3rnmNXHG/GNASbvw4xAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUyFlXnHx8NQQpBt9Vlkz0PAri2I4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNjA0MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
C8AwDQYJKoZIhvcNAQELBQADggEBAFmLi+bIMRA7/92NW708QELqOXZtBPI0ByNJ
wSRIiYgP7ahRm4euhjAIfApc/gWQrJ6hrGsd59jFgiu7LJRkbicxIGs8S074a60M
zdb7/77EP7v/e7Mq/6MV2dSNyeGoRqj8L/RYzVs+UfsHC/fXw20cIFB+0EGjev29
kKYccTiZjwgVBuOlRZv1DcH5DF6itsOVOQ6nTTtel7ynQn2n5BZvOF+1iZwB3isf
2ZS0SGjPGzS9sQKPwDgFNd3EzLu0I1dox0ned6DnkupB/KhE8wsczKIdfnGajQix
iozyY7WLATsC37qLh5uwD6DR/AZdb0kv/e/vBHGIqM7/1tPGSCg=
-----END CERTIFICATE-----