Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa
File:                     AS59432.roa (raw, json)
Hash identifier:          5qa5JICmf48fZc7jaUQkoITVc16qJyQDbRHC/o62M6U=
Subject key identifier:   A3:29:D8:09:03:B7:FE:CB:B8:01:2C:81:9A:79:72:92:58:7E:34:90
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6B7F2067E32AC81AFEECF6A546981661C254C721
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     59432
IP address blocks:        143.20.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:7f:20:67:e3:2a:c8:1a:fe:ec:f6:a5:46:98:16:61:c2:54:c7:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=A329D80903B7FECBB8012C819A797292587E3490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:dd:bc:c7:f7:2c:a7:86:d2:94:f1:ca:47:bd:
                    2d:c5:68:bf:d2:03:3e:a8:8e:d1:d8:94:8f:7a:7b:
                    6a:a9:f1:a8:80:f7:29:6a:ca:fd:7f:8d:f6:32:b9:
                    a5:a0:8b:3d:ed:d0:86:c2:84:e5:f5:68:b0:21:b0:
                    46:cb:b0:4c:aa:08:1e:2c:85:d4:56:5b:f9:5a:0f:
                    2d:2c:96:13:69:cd:82:3c:04:fc:31:ac:14:fa:6b:
                    19:de:69:f9:61:df:18:85:8c:5e:52:89:d8:67:f9:
                    5b:99:53:98:8c:1d:ba:50:74:cc:58:e7:53:42:69:
                    d2:ab:1e:23:16:3f:08:50:de:ba:94:9c:4a:c9:e2:
                    b7:d7:ed:3f:52:d3:8a:cf:3e:ba:04:ae:6f:76:a3:
                    55:ba:4e:b3:cc:9c:d1:56:17:8a:4f:0f:55:4c:81:
                    e5:c2:20:66:e1:c1:d9:b7:14:d3:ae:d2:cb:72:51:
                    96:26:0e:78:9b:f0:b3:5b:f5:4c:cf:14:19:dd:5c:
                    b9:bb:61:92:ab:90:5a:9c:93:63:77:aa:93:fa:60:
                    09:59:56:8b:2b:7c:60:57:a2:4f:f4:79:14:98:2d:
                    a4:91:4f:62:4d:74:13:24:17:0d:15:87:b2:34:e0:
                    20:db:05:f6:fd:6d:f4:72:8a:f1:97:75:ac:eb:da:
                    29:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:29:D8:09:03:B7:FE:CB:B8:01:2C:81:9A:79:72:92:58:7E:34:90
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:8b:92:46:97:09:11:d4:15:be:17:4c:6c:51:4e:36:6c:71:
         4a:49:a5:f5:da:99:55:34:9d:ec:01:d6:e2:04:cc:8e:c3:a0:
         85:e3:33:c7:09:d5:19:52:de:9b:73:10:77:09:df:23:ac:50:
         6c:a7:fc:8f:7c:66:dc:3d:79:a0:af:2f:5f:d1:ff:67:f6:c5:
         09:a4:48:47:ec:bf:41:e6:3a:03:d1:6d:45:3f:16:a8:a9:b9:
         02:0e:4b:0d:2f:88:4a:8f:cb:63:d0:ff:85:8f:ce:45:78:88:
         9d:64:0a:c7:b4:5f:78:84:21:bd:61:ff:2a:61:f5:c3:8c:01:
         66:30:84:ce:36:f0:fb:3f:dc:b3:69:51:a8:28:59:b2:6b:33:
         84:74:0a:f3:42:57:5e:c8:64:01:24:f8:9a:51:5d:e7:21:2c:
         78:77:95:57:8c:a3:2f:f7:7d:09:b3:13:22:21:f3:3e:4c:93:
         c2:98:60:15:94:69:d9:61:13:65:55:99:ef:f6:1d:82:a5:02:
         b6:b1:cf:91:1c:2c:b0:3b:71:3d:68:9f:6b:70:08:fb:3c:6d:
         fb:78:cd:df:2f:47:6c:30:8c:8c:d7:47:3a:26:1a:30:fa:c6:
         2e:fd:3d:79:b7:6c:ed:ce:c3:78:8f:e8:d7:66:65:8d:63:3b:
         b9:e1:7c:6b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUa38gZ+MqyBr+7PalRpgWYcJUxyEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKEEzMjlEODA5MDNCN0ZFQ0JCODAxMkM4MTlBNzk3MjkyNTg3RTM0OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV3bzH9yynhtKU8cpHvS3FaL/S
Az6ojtHYlI96e2qp8aiA9ylqyv1/jfYyuaWgiz3t0IbChOX1aLAhsEbLsEyqCB4s
hdRWW/laDy0slhNpzYI8BPwxrBT6axneaflh3xiFjF5Sidhn+VuZU5iMHbpQdMxY
51NCadKrHiMWPwhQ3rqUnErJ4rfX7T9S04rPProErm92o1W6TrPMnNFWF4pPD1VM
geXCIGbhwdm3FNOu0styUZYmDnib8LNb9UzPFBndXLm7YZKrkFqck2N3qpP6YAlZ
VosrfGBXok/0eRSYLaSRT2JNdBMkFw0Vh7I04CDbBfb9bfRyivGXdazr2inDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUoynYCQO3/su4ASyBmnlyklh+NJAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTk0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFHgw
DQYJKoZIhvcNAQELBQADggEBACqLkkaXCRHUFb4XTGxRTjZscUpJpfXamVU0newB
1uIEzI7DoIXjM8cJ1RlS3ptzEHcJ3yOsUGyn/I98Ztw9eaCvL1/R/2f2xQmkSEfs
v0HmOgPRbUU/FqipuQIOSw0viEqPy2PQ/4WPzkV4iJ1kCse0X3iEIb1h/yph9cOM
AWYwhM428Ps/3LNpUagoWbJrM4R0CvNCV17IZAEk+JpRXechLHh3lVeMoy/3fQmz
EyIh8z5Mk8KYYBWUadlhE2VVme/2HYKlAraxz5EcLLA7cT1on2twCPs8bft4zd8v
R2wwjIzXRzomGjD6xi79PXm3bO3Ow3iP6NdmZY1jO7nhfGs=
-----END CERTIFICATE-----