Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3134382e302f32332d3234203d3e20343030383636.roa
File:                     322e35392e3134382e302f32332d3234203d3e20343030383636.roa (raw, json)
Hash identifier:          RmBJAbpaRD5yvIDMpfpJIGDSuZo1p/Sr1a2mxeoLtaI=
Subject key identifier:   B9:E8:6A:C4:49:A0:12:BF:E6:6E:D8:F0:D8:C5:79:D3:3A:D9:DD:28
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       27A8EBD651E4CB710963F6B3BBF77102DCF3699B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3134382e302f32332d3234203d3e20343030383636.roa
Signing time:             Fri 15 May 2026 17:24:15 +0000
ROA not before:           Fri 15 May 2026 17:19:15 +0000
ROA not after:            Fri 14 May 2027 17:24:15 +0000
asID:                     400866
IP address blocks:        2.59.148.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:a8:eb:d6:51:e4:cb:71:09:63:f6:b3:bb:f7:71:02:dc:f3:69:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 17:19:15 2026 GMT
            Not After : May 14 17:24:15 2027 GMT
        Subject: CN=B9E86AC449A012BFE66ED8F0D8C579D33AD9DD28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:62:6f:2a:8f:68:35:d7:92:ea:03:4d:05:29:
                    b7:47:a1:2e:5f:5c:8f:19:74:e0:2f:68:f3:22:d7:
                    92:4d:1f:86:09:d4:47:b8:c0:fc:42:00:97:61:5a:
                    0a:0a:86:94:77:3c:0c:1f:e5:4d:cc:6a:1a:a8:0e:
                    19:a8:22:9c:20:2c:fd:54:df:df:d6:56:55:34:d1:
                    6c:4d:1e:65:c1:12:a6:35:d7:5c:04:9c:61:01:ff:
                    b5:71:f2:0b:8d:cf:66:b2:10:bc:af:75:5f:2f:78:
                    1a:26:aa:83:9b:88:bf:9e:8b:30:3e:a0:38:eb:59:
                    1f:7a:46:d1:0d:f6:f1:90:24:ae:d3:8f:3d:04:df:
                    72:16:56:c0:03:25:66:c2:3a:6c:28:25:f4:e5:c2:
                    a7:f6:f0:7d:3b:0f:9b:2b:9a:19:ad:b9:02:c9:6d:
                    cf:ce:e3:be:74:7c:64:c6:0d:47:32:96:81:cb:4c:
                    06:47:de:19:45:7f:a4:de:d2:fe:bf:b4:22:7b:61:
                    9c:3b:04:65:f8:80:74:f8:a1:92:3a:8d:5c:03:f3:
                    aa:51:6e:f9:31:a5:a8:f0:58:71:62:e2:11:d8:54:
                    00:8f:5b:c8:2e:ab:cf:ca:15:94:3f:d2:a6:fb:b2:
                    71:6d:bf:ad:9a:9e:eb:e9:c8:3f:9a:7d:22:e8:00:
                    3d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:E8:6A:C4:49:A0:12:BF:E6:6E:D8:F0:D8:C5:79:D3:3A:D9:DD:28
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3134382e302f32332d3234203d3e20343030383636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:ef:c3:c6:ff:73:d1:eb:60:c0:0e:12:68:bc:7b:ed:0d:1f:
         61:e0:4f:33:0e:43:63:ef:fb:3f:c5:17:e2:3b:7b:79:cd:a1:
         25:31:8d:09:e6:64:3d:69:66:f8:14:bc:76:33:29:93:f1:bf:
         71:c9:9e:fb:cd:99:10:a9:80:b4:52:66:78:66:80:1c:87:89:
         84:75:db:93:5e:32:43:6f:fa:76:d9:a3:81:65:85:19:79:7b:
         4f:f6:65:05:ae:a9:35:c9:0f:9b:d8:88:e5:a2:d9:64:0a:66:
         38:db:57:6d:5c:6c:fa:af:08:f8:a1:44:36:eb:95:20:ba:67:
         f6:fd:7c:4b:0f:76:a2:de:f8:f6:d2:0d:ba:00:17:75:66:22:
         2d:b0:48:28:e1:eb:57:88:01:21:e5:80:f6:27:fe:1d:d3:38:
         e3:fe:90:84:84:19:ed:8f:b9:31:44:1a:d5:fa:17:80:79:4d:
         a2:26:1b:08:35:74:61:f0:c6:86:cd:e2:f8:26:8e:51:27:c1:
         18:fe:ee:54:23:32:8a:b2:98:a7:4f:a5:66:b1:2d:0d:d3:bc:
         73:59:a3:d7:ba:78:b2:14:32:58:45:4c:8e:4b:d8:20:94:2a:
         e3:4f:26:bb:2c:e4:7e:f4:47:cf:a3:5b:6f:3f:56:aa:fe:4f:
         04:7e:f6:93
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ6jr1lHky3EJY/azu/dxAtzzaZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MTUxNzE5MTVaFw0yNzA1MTQxNzI0MTVaMDMxMTAvBgNV
BAMTKEI5RTg2QUM0NDlBMDEyQkZFNjZFRDhGMEQ4QzU3OUQzM0FEOUREMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClYm8qj2g115LqA00FKbdHoS5f
XI8ZdOAvaPMi15JNH4YJ1Ee4wPxCAJdhWgoKhpR3PAwf5U3MahqoDhmoIpwgLP1U
39/WVlU00WxNHmXBEqY111wEnGEB/7Vx8guNz2ayELyvdV8veBomqoObiL+eizA+
oDjrWR96RtEN9vGQJK7Tjz0E33IWVsADJWbCOmwoJfTlwqf28H07D5srmhmtuQLJ
bc/O4750fGTGDUcyloHLTAZH3hlFf6Te0v6/tCJ7YZw7BGX4gHT4oZI6jVwD86pR
bvkxpajwWHFi4hHYVACPW8guq8/KFZQ/0qb7snFtv62anuvpyD+afSLoAD0dAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuehqxEmgEr/mbtjw2MV50zrZ3SgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIyZTM1MzkyZTMxMzQzODJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzAzMDM4MzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQI7
lDANBgkqhkiG9w0BAQsFAAOCAQEASu/Dxv9z0etgwA4SaLx77Q0fYeBPMw5DY+/7
P8UX4jt7ec2hJTGNCeZkPWlm+BS8djMpk/G/ccme+82ZEKmAtFJmeGaAHIeJhHXb
k14yQ2/6dtmjgWWFGXl7T/ZlBa6pNckPm9iI5aLZZApmONtXbVxs+q8I+KFENuuV
ILpn9v18Sw92ot749tINugAXdWYiLbBIKOHrV4gBIeWA9if+HdM44/6QhIQZ7Y+5
MUQa1foXgHlNoiYbCDV0YfDGhs3i+CaOUSfBGP7uVCMyirKYp0+lZrEtDdO8c1mj
17p4shQyWEVMjkvYIJQq408muyzkfvRHz6Nbbz9Wqv5PBH72kw==
-----END CERTIFICATE-----