Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa
File:                     AS56962.roa (raw, json)
Hash identifier:          FWdfhsYwcmxKPGBiYVa8Y1gMZsZrt++TEMiz9V5b7vI=
Subject key identifier:   B5:31:8C:72:23:C8:CD:B3:0F:86:F1:9B:63:C2:46:34:D1:E8:CF:15
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0D6A4C4F7403AEB3EEE0F065E6767E2BC4C3521E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa
Signing time:             Tue 03 Jun 2025 06:54:08 +0000
ROA not before:           Tue 03 Jun 2025 06:49:08 +0000
ROA not after:            Tue 02 Jun 2026 06:54:08 +0000
asID:                     56962
IP address blocks:        141.11.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:6a:4c:4f:74:03:ae:b3:ee:e0:f0:65:e6:76:7e:2b:c4:c3:52:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  3 06:49:08 2025 GMT
            Not After : Jun  2 06:54:08 2026 GMT
        Subject: CN=B5318C7223C8CDB30F86F19B63C24634D1E8CF15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b4:bf:19:6f:76:25:79:f5:fc:44:58:d4:aa:
                    14:80:1f:60:c5:14:86:60:05:29:20:93:88:c1:5d:
                    06:0e:0e:fe:18:56:32:98:4e:95:52:b3:7d:e7:40:
                    18:35:f8:f5:e4:22:16:30:1a:ce:6a:25:c2:4f:24:
                    6e:c8:d4:1e:20:56:50:bd:a8:55:5e:16:af:74:71:
                    35:27:39:d0:b3:bf:81:ce:7e:9f:86:22:ed:39:fe:
                    5c:d3:ad:c2:66:81:dc:af:dc:e4:b2:fe:dc:48:b3:
                    bb:79:64:a4:b7:eb:eb:28:8c:cf:8d:fe:47:6e:28:
                    de:1a:f0:f2:52:47:33:f1:c9:67:89:16:d7:6e:b0:
                    2b:f1:2c:a9:d6:1a:da:c8:13:51:d6:db:d8:c8:b5:
                    81:36:2e:e6:dd:00:89:18:58:75:23:8b:70:62:24:
                    d7:e2:8f:b2:c5:77:12:46:1b:2c:40:0d:d1:d6:ea:
                    38:c0:0f:e2:7d:e5:8e:9c:9d:f7:3c:ef:6c:c8:f9:
                    f8:c5:65:bf:89:d1:44:13:0e:6e:8b:66:bb:12:78:
                    24:a8:35:bd:46:80:6d:2a:db:16:89:a1:3c:c3:95:
                    80:42:5d:99:54:8c:0d:21:2b:a6:4e:bb:6e:11:10:
                    09:7c:7a:a0:ee:17:1a:a8:35:6e:51:30:56:a9:1e:
                    f4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:31:8C:72:23:C8:CD:B3:0F:86:F1:9B:63:C2:46:34:D1:E8:CF:15
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:e3:98:2a:8c:58:a6:5c:8e:e6:4b:9d:ec:ca:c5:94:a0:d9:
         8f:85:34:c1:02:37:fa:3a:e5:90:17:a7:6b:7d:dd:e9:37:42:
         27:a4:3f:18:2d:2d:35:a4:c1:85:1c:82:7f:b4:9c:9c:90:4f:
         97:88:30:27:34:07:ec:29:a4:af:d0:52:c7:f7:7d:e9:2a:f0:
         44:dd:fe:9f:65:84:18:5a:5d:8e:e7:59:90:4f:3a:22:39:20:
         fc:d7:d5:86:99:5b:0e:d9:53:7e:84:2d:e1:6f:91:dc:84:81:
         9a:f2:71:a1:e8:7e:84:dc:bd:aa:40:37:fe:ab:cd:12:43:a5:
         96:02:35:d3:12:de:ce:d5:9f:d7:01:7f:78:c3:ef:87:cd:f4:
         cb:cc:74:5b:84:59:b5:d8:df:81:3f:c2:98:0e:92:64:3f:da:
         22:50:53:d2:12:d9:0c:56:1b:28:0b:72:61:f3:32:90:a5:c5:
         c9:fb:5d:9c:9a:3e:95:97:bd:33:74:26:b2:df:f6:8a:09:35:
         2a:34:fd:66:2b:b0:e5:32:26:d7:b5:7a:40:70:3a:3c:8b:58:
         7e:35:49:6e:7b:a6:e3:ea:71:95:ef:6a:8f:b4:68:93:0b:48:
         da:45:1f:16:3c:8a:20:c8:3c:f2:d2:97:e4:69:25:72:3e:89:
         d1:e0:b6:d4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDWpMT3QDrrPu4PBl5nZ+K8TDUh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MDMwNjQ5MDhaFw0yNjA2MDIwNjU0MDhaMDMxMTAvBgNV
BAMTKEI1MzE4QzcyMjNDOENEQjMwRjg2RjE5QjYzQzI0NjM0RDFFOENGMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVtL8Zb3YlefX8RFjUqhSAH2DF
FIZgBSkgk4jBXQYODv4YVjKYTpVSs33nQBg1+PXkIhYwGs5qJcJPJG7I1B4gVlC9
qFVeFq90cTUnOdCzv4HOfp+GIu05/lzTrcJmgdyv3OSy/txIs7t5ZKS36+sojM+N
/kduKN4a8PJSRzPxyWeJFtdusCvxLKnWGtrIE1HW29jItYE2LubdAIkYWHUji3Bi
JNfij7LFdxJGGyxADdHW6jjAD+J95Y6cnfc872zI+fjFZb+J0UQTDm6LZrsSeCSo
Nb1GgG0q2xaJoTzDlYBCXZlUjA0hK6ZOu24REAl8eqDuFxqoNW5RMFapHvTRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUtTGMciPIzbMPhvGbY8JGNNHozxUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTY5NjIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCxgw
DQYJKoZIhvcNAQELBQADggEBANjjmCqMWKZcjuZLnezKxZSg2Y+FNMECN/o65ZAX
p2t93ek3QiekPxgtLTWkwYUcgn+0nJyQT5eIMCc0B+wppK/QUsf3fekq8ETd/p9l
hBhaXY7nWZBPOiI5IPzX1YaZWw7ZU36ELeFvkdyEgZrycaHofoTcvapAN/6rzRJD
pZYCNdMS3s7Vn9cBf3jD74fN9MvMdFuEWbXY34E/wpgOkmQ/2iJQU9IS2QxWGygL
cmHzMpClxcn7XZyaPpWXvTN0JrLf9ooJNSo0/WYrsOUyJte1ekBwOjyLWH41SW57
puPqcZXvao+0aJMLSNpFHxY8iiDIPPLSl+RpJXI+idHgttQ=
-----END CERTIFICATE-----