Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42960.roa
File:                     AS42960.roa (raw, json)
Hash identifier:          /ui8vHfI0PIjKM64/9yHixpKH921aPKS1KbAJu0+wKM=
Subject key identifier:   0C:7C:6E:84:80:F7:39:4F:8C:89:3A:43:E5:15:0E:1B:94:FB:55:D1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       735C74A2173D5C6DB500C0F1451C5220663A65AE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42960.roa
Signing time:             Mon 28 Jul 2025 14:03:46 +0000
ROA not before:           Mon 28 Jul 2025 13:58:46 +0000
ROA not after:            Mon 27 Jul 2026 14:03:46 +0000
asID:                     42960
IP address blocks:        143.14.120.0/22 maxlen: 24
                          155.117.122.0/24 maxlen: 24
                          155.117.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:5c:74:a2:17:3d:5c:6d:b5:00:c0:f1:45:1c:52:20:66:3a:65:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 28 13:58:46 2025 GMT
            Not After : Jul 27 14:03:46 2026 GMT
        Subject: CN=0C7C6E8480F7394F8C893A43E5150E1B94FB55D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a0:ca:1e:96:d8:2a:a2:43:97:4e:d3:ad:27:
                    f5:53:e5:f9:18:7a:92:7a:f6:32:b4:82:9d:32:01:
                    bf:3a:39:7e:27:7b:4a:c6:0f:4c:ab:8f:0a:89:59:
                    5b:57:68:a7:ea:01:81:05:bd:8e:5b:e2:34:74:c9:
                    4b:40:c8:f0:d6:ae:8a:e6:09:51:5a:e2:9d:70:5d:
                    a1:e6:37:d8:3c:9a:b8:09:c0:45:04:ab:82:fd:f4:
                    b7:f9:bd:35:62:1f:6b:b9:1c:e1:f1:9f:48:25:bb:
                    91:ac:5e:05:78:6c:a1:79:e2:36:70:ea:b1:fd:1f:
                    be:4a:e0:10:f8:49:54:84:52:14:84:80:ae:03:8e:
                    f4:e6:d2:3b:ac:9a:78:9b:c0:0f:51:c6:c5:a9:6e:
                    3f:32:c2:2c:05:d9:07:13:32:e3:b6:1e:25:4f:94:
                    81:79:55:23:c8:00:c1:27:65:3d:6a:2e:cf:3f:ed:
                    58:78:fe:7e:df:d5:dd:a7:3f:22:80:04:66:fd:42:
                    14:db:ee:45:f5:f5:2a:69:37:3d:b6:fe:50:1d:95:
                    8c:ed:80:58:b5:db:e8:97:ca:cb:0f:3b:cd:f0:83:
                    2a:cc:86:2a:85:5d:d6:20:2a:95:d8:8e:2d:fb:88:
                    47:f5:f7:d2:07:c2:5e:cf:58:21:b4:21:80:6c:cb:
                    cf:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:7C:6E:84:80:F7:39:4F:8C:89:3A:43:E5:15:0E:1B:94:FB:55:D1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42960.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.120.0/22
                  155.117.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:bc:51:d8:40:d3:27:52:1d:61:2d:9d:5c:0c:7f:74:8c:1a:
         02:60:7f:6b:a3:83:a0:f4:d8:d7:fb:ed:0c:c6:c8:92:30:99:
         24:12:be:ae:5b:f1:33:a2:be:38:b9:41:dd:8e:ea:04:0a:93:
         3b:47:db:ab:0d:e3:65:6a:c4:16:c7:83:13:4e:bf:05:b1:32:
         75:d7:e3:07:58:b6:0a:c0:d3:07:f4:dd:48:90:e4:b7:5e:ed:
         de:4d:5d:c0:6a:6e:0c:5b:5c:ad:61:d1:b5:a6:e9:ff:35:40:
         97:d3:2b:3f:ce:96:56:15:80:e7:5b:f2:86:66:f2:e7:64:7d:
         9f:57:51:f5:90:07:33:08:11:2d:a7:9d:b5:aa:da:d3:e5:77:
         9c:d0:73:2d:7e:e2:a2:f6:89:a4:af:dc:2f:54:43:2f:77:45:
         1d:82:aa:ca:cb:78:02:cc:53:fe:6b:3a:35:35:c0:05:27:57:
         6d:41:5a:81:b4:6e:1e:26:4c:52:16:2b:92:9f:8a:4b:81:67:
         39:73:05:21:5a:ef:8e:0a:5f:f5:57:ec:60:cd:e6:78:d1:37:
         75:0a:38:dc:5d:bb:a0:05:8d:d1:8c:66:bd:57:73:d2:fc:57:
         7b:ed:3c:b9:34:a1:ee:d9:21:e6:66:99:97:17:22:20:2f:90:
         45:15:0e:fb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUc1x0ohc9XG21AMDxRRxSIGY6Za4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MjgxMzU4NDZaFw0yNjA3MjcxNDAzNDZaMDMxMTAvBgNV
BAMTKDBDN0M2RTg0ODBGNzM5NEY4Qzg5M0E0M0U1MTUwRTFCOTRGQjU1RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCboMoeltgqokOXTtOtJ/VT5fkY
epJ69jK0gp0yAb86OX4ne0rGD0yrjwqJWVtXaKfqAYEFvY5b4jR0yUtAyPDWrorm
CVFa4p1wXaHmN9g8mrgJwEUEq4L99Lf5vTViH2u5HOHxn0glu5GsXgV4bKF54jZw
6rH9H75K4BD4SVSEUhSEgK4DjvTm0jusmnibwA9RxsWpbj8ywiwF2QcTMuO2HiVP
lIF5VSPIAMEnZT1qLs8/7Vh4/n7f1d2nPyKABGb9QhTb7kX19SppNz22/lAdlYzt
gFi12+iXyssPO83wgyrMhiqFXdYgKpXYji37iEf199IHwl7PWCG0IYBsy887AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUDHxuhID3OU+MiTpD5RUOG5T7VdEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDI5NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKPDngD
BAGbdXowDQYJKoZIhvcNAQELBQADggEBAJe8UdhA0ydSHWEtnVwMf3SMGgJgf2uj
g6D02Nf77QzGyJIwmSQSvq5b8TOivji5Qd2O6gQKkztH26sN42VqxBbHgxNOvwWx
MnXX4wdYtgrA0wf03UiQ5Lde7d5NXcBqbgxbXK1h0bWm6f81QJfTKz/OllYVgOdb
8oZm8udkfZ9XUfWQBzMIES2nnbWq2tPld5zQcy1+4qL2iaSv3C9UQy93RR2CqsrL
eALMU/5rOjU1wAUnV21BWoG0bh4mTFIWK5KfikuBZzlzBSFa744KX/VX7GDN5njR
N3UKONxdu6AFjdGMZr1Xc9L8V3vtPLk0oe7ZIeZmmZcXIiAvkEUVDvs=
-----END CERTIFICATE-----