Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e20323632323837.roa
File:                     322e35362e3234392e302f32342d3234203d3e20323632323837.roa (raw, json)
Hash identifier:          nxbRHwFERXwAk5HoUVspd+6/goZnM1O1VdoJOA5E2Ws=
Subject key identifier:   F0:2A:0A:83:23:14:50:BC:B8:95:88:62:A3:D9:A4:7A:D4:BA:6B:BF
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       15125E223143AD179FE5AB8562ADBD465DF8ED6A
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e20323632323837.roa
Signing time:             Fri 17 Apr 2026 10:47:05 +0000
ROA not before:           Fri 17 Apr 2026 10:42:05 +0000
ROA not after:            Fri 16 Apr 2027 10:47:05 +0000
asID:                     262287
IP address blocks:        2.56.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:12:5e:22:31:43:ad:17:9f:e5:ab:85:62:ad:bd:46:5d:f8:ed:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Apr 17 10:42:05 2026 GMT
            Not After : Apr 16 10:47:05 2027 GMT
        Subject: CN=F02A0A83231450BCB8958862A3D9A47AD4BA6BBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9a:b6:b6:75:51:0b:d9:d2:e0:23:98:31:b6:
                    de:44:3d:17:2e:82:70:78:38:6b:ea:1a:a1:68:76:
                    1d:14:43:8c:56:45:61:ff:4d:1c:40:ec:ec:74:b8:
                    97:e3:80:69:6a:94:dc:2f:db:e7:3f:24:35:22:14:
                    5a:cf:26:37:e2:d0:a6:b4:73:b5:e8:7c:6c:f7:0b:
                    c3:d8:c8:59:4f:5a:0d:e8:cd:8e:78:0d:42:83:4b:
                    f9:cc:76:c2:99:ed:b2:fb:49:95:5f:60:07:61:62:
                    1e:c9:26:65:9e:fb:e2:f6:03:bf:71:93:d3:f3:d3:
                    2c:d3:0b:60:cb:f4:a5:1c:31:97:e0:88:24:fa:86:
                    9a:f4:40:09:88:1e:42:bd:fb:0b:fc:db:a7:ac:61:
                    b8:c9:2a:dc:e2:35:63:ad:aa:d0:34:58:b4:d4:99:
                    91:20:6f:58:ac:31:16:6c:cb:46:d6:45:3e:82:0d:
                    17:7b:a6:7c:a4:14:2c:95:37:2a:97:10:a3:7d:82:
                    b6:21:bf:40:c0:bc:28:6a:6b:68:ad:83:ab:6b:32:
                    8a:2b:6d:1a:ef:f8:f7:33:d7:cd:08:f0:ca:18:31:
                    88:9b:66:7c:73:3a:8b:6f:5a:19:a8:4a:be:98:ff:
                    2a:7b:bd:18:d4:20:ad:26:be:44:2f:da:e9:54:ea:
                    50:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:2A:0A:83:23:14:50:BC:B8:95:88:62:A3:D9:A4:7A:D4:BA:6B:BF
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e20323632323837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:5e:f9:57:2f:da:01:b0:85:94:b1:74:a9:1a:af:e6:b5:1f:
         b1:7b:2e:a9:0c:44:7e:2a:50:12:8f:92:89:02:bd:6f:a1:a6:
         ee:85:ba:af:22:89:43:46:7a:98:75:76:ce:bf:d2:14:cd:81:
         d1:79:e0:f8:21:af:dc:97:af:5d:02:4d:15:62:c4:38:15:50:
         c0:4a:db:7e:93:2f:03:04:ef:96:36:57:9b:ef:9c:46:a1:6e:
         fe:a4:bc:f8:53:34:22:d5:e0:b6:fc:2e:35:fb:c0:b2:bc:19:
         ff:18:4e:ad:b5:5b:38:38:1a:7c:db:69:51:1e:ba:81:4d:3a:
         c0:78:f1:73:91:d8:8a:0d:d4:25:a4:31:66:35:25:fe:95:5f:
         d2:8d:d7:f5:4c:f2:b3:59:e8:1a:d9:b3:66:d2:b5:ac:eb:c5:
         5e:20:f0:d1:6e:50:f2:0c:e6:67:d7:2e:1d:c6:1f:74:43:c7:
         49:9d:48:9e:d9:fd:c4:8e:d8:7f:c5:e7:f5:30:86:8c:28:a7:
         a2:1b:8d:09:7b:dc:ca:96:95:d4:0b:a2:06:6e:e7:b1:36:8f:
         75:8e:c0:60:cc:e5:3c:72:95:34:72:60:b1:94:3a:e8:ee:c7:
         5c:2b:83:dc:15:39:8b:64:53:a0:83:6f:d5:c3:2f:63:ea:c1:
         d5:e6:de:58
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFRJeIjFDrRef5auFYq29Rl347WowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA0MTcxMDQyMDVaFw0yNzA0MTYxMDQ3MDVaMDMxMTAvBgNV
BAMTKEYwMkEwQTgzMjMxNDUwQkNCODk1ODg2MkEzRDlBNDdBRDRCQTZCQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkmra2dVEL2dLgI5gxtt5EPRcu
gnB4OGvqGqFodh0UQ4xWRWH/TRxA7Ox0uJfjgGlqlNwv2+c/JDUiFFrPJjfi0Ka0
c7XofGz3C8PYyFlPWg3ozY54DUKDS/nMdsKZ7bL7SZVfYAdhYh7JJmWe++L2A79x
k9Pz0yzTC2DL9KUcMZfgiCT6hpr0QAmIHkK9+wv826esYbjJKtziNWOtqtA0WLTU
mZEgb1isMRZsy0bWRT6CDRd7pnykFCyVNyqXEKN9grYhv0DAvChqa2itg6trMoor
bRrv+Pcz180I8MoYMYibZnxzOotvWhmoSr6Y/yp7vRjUIK0mvkQv2ulU6lAJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8CoKgyMUULy4lYhio9mketS6a78wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzQzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzYzMjMyMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
+TANBgkqhkiG9w0BAQsFAAOCAQEAIV75Vy/aAbCFlLF0qRqv5rUfsXsuqQxEfipQ
Eo+SiQK9b6Gm7oW6ryKJQ0Z6mHV2zr/SFM2B0Xng+CGv3JevXQJNFWLEOBVQwErb
fpMvAwTvljZXm++cRqFu/qS8+FM0ItXgtvwuNfvAsrwZ/xhOrbVbODgafNtpUR66
gU06wHjxc5HYig3UJaQxZjUl/pVf0o3X9Uzys1noGtmzZtK1rOvFXiDw0W5Q8gzm
Z9cuHcYfdEPHSZ1Intn9xI7Yf8Xn9TCGjCinohuNCXvcypaV1AuiBm7nsTaPdY7A
YMzlPHKVNHJgsZQ66O7HXCuD3BU5i2RToINv1cMvY+rB1ebeWA==
-----END CERTIFICATE-----