Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS132359.roa
File:                     AS132359.roa (raw, json)
Hash identifier:          NmJV/qrkCvGj3oa8utFLCbJGDwtKPr33TBAPFI9x+E0=
Subject key identifier:   08:06:23:FF:D6:1B:27:9F:8E:04:97:E2:29:E2:2A:2F:E9:B2:B0:7D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       787E31EBAE3788D0D86558E3A806CF8E65F8F617
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS132359.roa
Signing time:             Fri 05 Jun 2026 10:00:43 +0000
ROA not before:           Fri 05 Jun 2026 09:55:43 +0000
ROA not after:            Fri 04 Jun 2027 10:00:43 +0000
asID:                     132359
IP address blocks:        141.11.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:7e:31:eb:ae:37:88:d0:d8:65:58:e3:a8:06:cf:8e:65:f8:f6:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  5 09:55:43 2026 GMT
            Not After : Jun  4 10:00:43 2027 GMT
        Subject: CN=080623FFD61B279F8E0497E229E22A2FE9B2B07D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:30:98:23:0c:43:8f:ba:ac:f6:9e:f6:ed:6f:
                    1b:1e:d6:d9:db:9f:bf:be:bf:13:c4:eb:db:35:fa:
                    2b:69:ea:a5:c9:e3:22:24:6c:c0:e5:e0:0b:93:c4:
                    ec:0e:e6:33:80:83:a5:73:17:94:29:58:fa:7b:f3:
                    89:2d:b8:8c:d7:29:a0:d5:83:f8:1d:f0:e2:05:e2:
                    42:76:fa:eb:e1:81:cf:5b:f5:2a:18:4c:96:8a:86:
                    e0:48:90:58:b5:06:fe:d2:e8:e3:92:41:1f:1b:fc:
                    b0:ff:88:1c:28:ea:52:17:bd:61:60:7f:80:03:c8:
                    09:8a:14:68:d2:0f:f1:0c:a4:72:b8:37:c2:d4:00:
                    05:72:44:5f:cc:b2:ba:90:dc:e7:51:13:64:32:2d:
                    01:3f:92:da:66:3d:f9:38:51:64:86:fe:f4:5f:a4:
                    b3:4d:ef:a5:af:7c:69:5b:b4:6a:81:bf:93:6e:c7:
                    2e:ab:c6:3a:5f:09:67:e5:a2:1f:a2:49:b1:3b:97:
                    56:f2:0b:5a:90:a9:ad:1c:d1:47:09:ec:fb:cc:c6:
                    76:c9:5b:c5:1c:79:c3:17:a7:4a:fe:9b:f5:4e:0a:
                    5a:bf:a9:60:bb:39:55:17:bf:b6:80:2a:cb:47:f9:
                    05:f3:68:1d:71:59:27:e8:30:6d:7f:4e:2e:b5:1d:
                    e5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:06:23:FF:D6:1B:27:9F:8E:04:97:E2:29:E2:2A:2F:E9:B2:B0:7D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS132359.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:86:2d:0d:5a:37:17:df:5c:e5:02:aa:4a:9d:2f:12:8b:2b:
         33:e1:0b:52:2d:95:1a:87:9e:0b:23:e6:ae:2d:fb:a8:a4:8d:
         f1:36:32:78:16:07:a6:c9:15:2f:c3:b3:b3:9b:44:26:6e:7d:
         82:f2:ae:3a:bd:94:4c:c3:ab:1b:ab:d2:13:e6:dc:f0:c4:9e:
         d5:52:e2:86:a3:7a:61:d1:0e:26:0a:99:51:9f:dc:68:dd:f7:
         ea:4e:25:53:c4:36:73:7c:a4:3b:a8:ab:1b:d4:dd:b0:fe:88:
         fd:79:4f:21:72:fe:a0:da:a1:05:81:b7:57:86:87:cd:6c:2a:
         b3:42:74:9a:44:62:dc:f9:e0:72:72:dc:c0:3e:02:5b:c7:3a:
         74:31:a4:e3:eb:5e:26:54:9d:ea:68:5a:f5:f3:39:61:1b:ef:
         22:eb:a2:cb:57:f0:f4:11:ae:ed:48:17:ab:9b:2c:e7:5e:74:
         e4:f5:ee:d6:65:78:0b:c0:13:95:14:b4:04:69:0e:08:d6:7b:
         d6:70:a9:7e:fd:45:4c:d9:96:9a:2c:ca:02:ce:ef:70:eb:40:
         0b:dc:98:0c:da:c2:6a:41:d8:e3:fa:a9:14:94:37:7c:36:a5:
         ca:e4:be:93:9d:d8:03:4b:dc:a3:87:33:4f:6c:a6:f9:77:f3:
         8f:ea:55:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeH4x6643iNDYZVjjqAbPjmX49hcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDUwOTU1NDNaFw0yNzA2MDQxMDAwNDNaMDMxMTAvBgNV
BAMTKDA4MDYyM0ZGRDYxQjI3OUY4RTA0OTdFMjI5RTIyQTJGRTlCMkIwN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAMJgjDEOPuqz2nvbtbxse1tnb
n7++vxPE69s1+itp6qXJ4yIkbMDl4AuTxOwO5jOAg6VzF5QpWPp784ktuIzXKaDV
g/gd8OIF4kJ2+uvhgc9b9SoYTJaKhuBIkFi1Bv7S6OOSQR8b/LD/iBwo6lIXvWFg
f4ADyAmKFGjSD/EMpHK4N8LUAAVyRF/MsrqQ3OdRE2QyLQE/ktpmPfk4UWSG/vRf
pLNN76WvfGlbtGqBv5Nuxy6rxjpfCWfloh+iSbE7l1byC1qQqa0c0UcJ7PvMxnbJ
W8UcecMXp0r+m/VOClq/qWC7OVUXv7aAKstH+QXzaB1xWSfoMG1/Ti61HeWzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCAYj/9YbJ5+OBJfiKeIqL+mysH0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTMyMzU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvl
MA0GCSqGSIb3DQEBCwUAA4IBAQBMhi0NWjcX31zlAqpKnS8Siysz4QtSLZUah54L
I+auLfuopI3xNjJ4FgemyRUvw7Ozm0Qmbn2C8q46vZRMw6sbq9IT5tzwxJ7VUuKG
o3ph0Q4mCplRn9xo3ffqTiVTxDZzfKQ7qKsb1N2w/oj9eU8hcv6g2qEFgbdXhofN
bCqzQnSaRGLc+eByctzAPgJbxzp0MaTj614mVJ3qaFr18zlhG+8i66LLV/D0Ea7t
SBermyznXnTk9e7WZXgLwBOVFLQEaQ4I1nvWcKl+/UVM2ZaaLMoCzu9w60AL3JgM
2sJqQdjj+qkUlDd8NqXK5L6TndgDS9yjhzNPbKb5d/OP6lXE
-----END CERTIFICATE-----