Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135392e302f32342d3234203d3e20313938373533.roa
File:                     322e35392e3135392e302f32342d3234203d3e20313938373533.roa (raw, json)
Hash identifier:          SpoUyXq0LrtQRLhOyR4uqbgtw7vKRMFtdW3bGn+xYp4=
Subject key identifier:   BA:47:6D:36:AC:59:A0:EA:D3:1B:D2:DB:11:0E:EB:5A:56:95:0F:41
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5DEBE18A0221A0C87FD80825E45C436104B8D88D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135392e302f32342d3234203d3e20313938373533.roa
Signing time:             Thu 14 May 2026 21:24:20 +0000
ROA not before:           Thu 14 May 2026 21:19:20 +0000
ROA not after:            Thu 13 May 2027 21:24:20 +0000
asID:                     198753
IP address blocks:        2.59.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:eb:e1:8a:02:21:a0:c8:7f:d8:08:25:e4:5c:43:61:04:b8:d8:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 14 21:19:20 2026 GMT
            Not After : May 13 21:24:20 2027 GMT
        Subject: CN=BA476D36AC59A0EAD31BD2DB110EEB5A56950F41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fd:f8:46:2d:93:14:8a:b6:21:74:4a:82:6a:
                    e2:59:0f:8f:0e:c6:c2:0e:04:fa:d6:7a:d5:f1:8e:
                    ee:74:cb:5c:8a:25:74:c1:a6:e3:46:ad:e9:2b:b8:
                    37:a4:f3:eb:36:79:f3:1a:95:ee:b4:0c:69:da:87:
                    3b:1c:9e:8f:d4:39:2b:fb:9b:46:40:9f:36:21:65:
                    14:ff:37:c5:30:46:54:5e:ee:18:d9:40:26:fc:7e:
                    58:c8:71:03:e4:1d:45:6a:cd:23:7f:e1:4f:74:b4:
                    a9:b2:68:4b:b5:60:76:28:4c:88:19:be:37:77:26:
                    4e:6f:d3:9d:b0:93:aa:d0:ef:f8:db:88:f2:a4:ad:
                    51:fa:23:0b:9a:21:80:7e:9a:76:6b:d0:7a:5d:c6:
                    a8:84:96:cd:f1:cf:59:3f:4b:7c:02:04:bb:26:93:
                    1e:ed:c2:c2:ff:31:6b:97:12:1a:91:e2:31:2e:f5:
                    78:f4:aa:29:ef:c0:df:e9:74:17:25:a4:d7:97:63:
                    4c:f4:5a:ec:53:2e:54:8f:7b:bf:ec:cf:e7:61:10:
                    76:0f:68:8e:27:4f:13:c9:1f:bb:7e:25:6f:dc:82:
                    ea:47:73:2e:f6:d6:65:e7:84:fe:08:94:66:e5:4c:
                    d6:4f:42:f2:0c:3f:b3:5d:df:1a:51:6d:c3:ec:fc:
                    f4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:47:6D:36:AC:59:A0:EA:D3:1B:D2:DB:11:0E:EB:5A:56:95:0F:41
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135392e302f32342d3234203d3e20313938373533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:38:fb:71:ab:68:23:29:b1:b8:9e:85:27:b0:e2:00:a0:2b:
         fa:14:57:ee:d9:e9:b4:a4:6d:f7:50:10:16:44:b8:7a:c4:71:
         33:3d:69:30:22:83:c7:83:57:8c:57:63:5d:c6:0b:a9:28:6e:
         56:5d:4b:96:11:be:30:51:18:88:95:5e:d3:89:2c:a1:d1:3f:
         40:a8:e5:aa:82:4f:3c:12:cd:45:61:44:c3:9a:f2:e3:4f:25:
         c7:70:c6:dc:9f:9c:e2:e5:e3:e3:e1:eb:df:32:99:c7:15:f2:
         60:27:de:56:cc:19:69:e8:51:e8:03:d4:3a:69:6b:0d:ed:62:
         7c:e6:aa:66:36:28:19:67:2c:80:b1:01:38:02:2b:c0:7c:18:
         78:6a:c9:13:bd:00:ba:f8:7b:71:12:b0:ed:a4:c1:f3:8e:a6:
         0d:2a:6d:da:90:9e:17:fb:25:bc:6f:3c:2d:41:1a:a5:01:76:
         a6:2b:44:ec:46:56:87:bf:16:c7:f0:40:1f:4d:3e:f7:e3:f7:
         ff:7d:58:c1:5b:4f:d0:d0:4c:c3:55:f4:a8:b2:3d:a2:00:8f:
         89:f4:e0:1e:2c:b4:f1:d8:67:24:2a:89:81:f0:7c:e2:50:03:
         df:98:0c:2f:d7:e5:71:9f:da:93:cb:c0:f9:3a:7d:23:4c:3a:
         ff:81:f8:4e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXevhigIhoMh/2Agl5FxDYQS42I0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MTQyMTE5MjBaFw0yNzA1MTMyMTI0MjBaMDMxMTAvBgNV
BAMTKEJBNDc2RDM2QUM1OUEwRUFEMzFCRDJEQjExMEVFQjVBNTY5NTBGNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7/fhGLZMUirYhdEqCauJZD48O
xsIOBPrWetXxju50y1yKJXTBpuNGrekruDek8+s2efMale60DGnahzscno/UOSv7
m0ZAnzYhZRT/N8UwRlRe7hjZQCb8fljIcQPkHUVqzSN/4U90tKmyaEu1YHYoTIgZ
vjd3Jk5v052wk6rQ7/jbiPKkrVH6IwuaIYB+mnZr0HpdxqiEls3xz1k/S3wCBLsm
kx7twsL/MWuXEhqR4jEu9Xj0qinvwN/pdBclpNeXY0z0WuxTLlSPe7/sz+dhEHYP
aI4nTxPJH7t+JW/cgupHcy721mXnhP4IlGblTNZPQvIMP7Nd3xpRbcPs/PRpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUukdtNqxZoOrTG9LbEQ7rWlaVD0EwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIyZTM1MzkyZTMxMzUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzODM3MzUzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI7
nzANBgkqhkiG9w0BAQsFAAOCAQEAWTj7catoIymxuJ6FJ7DiAKAr+hRX7tnptKRt
91AQFkS4esRxMz1pMCKDx4NXjFdjXcYLqShuVl1LlhG+MFEYiJVe04ksodE/QKjl
qoJPPBLNRWFEw5ry408lx3DG3J+c4uXj4+Hr3zKZxxXyYCfeVswZaehR6APUOmlr
De1ifOaqZjYoGWcsgLEBOAIrwHwYeGrJE70Auvh7cRKw7aTB846mDSpt2pCeF/sl
vG88LUEapQF2pitE7EZWh78Wx/BAH00+9+P3/31YwVtP0NBMw1X0qLI9ogCPifTg
Hiy08dhnJCqJgfB84lAD35gML9flcZ/ak8vA+Tp9I0w6/4H4Tg==
-----END CERTIFICATE-----