Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa
File:                     322e35392e36302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          BBdnQvjsMGsAKdV0CMmUgkUx9rKK17g08iyDVXfqF5c=
Subject key identifier:   87:B9:C5:C0:66:A4:1B:FF:6E:47:00:0C:2F:E8:7C:0A:AA:90:AE:EB
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       02CCDBAE54E6B2B20003721055AC25C9CD0111E7
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa
Signing time:             Fri 24 Oct 2025 08:55:10 +0000
ROA not before:           Fri 24 Oct 2025 08:50:10 +0000
ROA not after:            Fri 23 Oct 2026 08:55:10 +0000
asID:                     61317
IP address blocks:        2.59.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:cc:db:ae:54:e6:b2:b2:00:03:72:10:55:ac:25:c9:cd:01:11:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Oct 24 08:50:10 2025 GMT
            Not After : Oct 23 08:55:10 2026 GMT
        Subject: CN=87B9C5C066A41BFF6E47000C2FE87C0AAA90AEEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:96:57:0e:41:b7:1e:a5:f7:41:84:75:2f:a4:
                    7a:28:dd:0c:5a:48:d8:a9:49:a3:c5:a6:51:f7:b3:
                    f5:a5:91:32:45:3f:ce:61:89:fb:3e:a5:6a:ab:37:
                    8a:90:78:6a:b4:39:fc:7b:8e:4a:d5:34:c1:51:d9:
                    2f:58:a8:25:90:6b:69:15:fa:fa:e4:04:b2:f0:1d:
                    d5:89:a4:70:37:7b:fc:a8:52:6c:1c:e3:e3:0a:2c:
                    32:c6:ab:e8:af:99:d4:9d:f7:0d:d9:08:0e:01:b6:
                    32:f1:79:0a:e7:d6:7e:d9:d4:75:43:c4:1d:e6:26:
                    c3:a5:4c:00:76:2b:16:af:77:c2:4e:ce:e4:9a:ec:
                    15:fd:07:7d:a6:76:c1:3c:d5:79:3c:e4:57:9b:a2:
                    55:ec:23:ea:9e:f0:03:d0:90:f6:98:b0:01:de:b7:
                    2c:1a:05:f0:58:63:6e:6b:31:52:2e:80:3a:3e:28:
                    f2:58:e4:4a:3f:83:f5:92:d2:f2:e0:23:0e:cd:d8:
                    b8:e8:7f:fa:e9:fb:88:3e:82:2b:27:ac:08:54:68:
                    18:df:b3:32:b4:2b:ea:16:c4:64:e8:31:6e:b9:05:
                    95:ac:24:52:0f:86:9e:dd:d7:48:3d:57:fd:12:54:
                    d3:fd:92:56:b0:e7:a7:c8:94:3e:cf:13:c5:06:b2:
                    38:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B9:C5:C0:66:A4:1B:FF:6E:47:00:0C:2F:E8:7C:0A:AA:90:AE:EB
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:0f:64:3d:af:ca:14:9d:04:37:02:9b:33:65:d6:59:89:70:
         41:2e:88:2c:15:b2:e7:bf:fb:c6:ae:c5:84:3e:b7:c4:7c:59:
         b2:e0:8c:35:88:98:27:20:fd:fc:f1:44:b8:3d:44:4c:cc:5e:
         7e:3b:92:c1:74:25:ec:11:c9:e8:93:57:a8:ad:c8:7e:76:92:
         16:f2:16:bb:92:5d:56:91:fb:8f:08:3c:8b:50:3e:89:6c:02:
         dc:50:0a:12:e9:61:af:8c:6f:3c:7a:c8:9f:81:8e:45:40:15:
         94:01:68:66:b0:b5:93:e6:56:38:ef:40:16:4d:06:38:df:e0:
         fa:40:d2:e3:ea:3a:44:34:df:12:1d:a9:fb:35:15:03:f2:18:
         ec:a8:7b:4d:82:2d:ba:77:04:fd:f3:b2:64:15:a3:51:a8:bb:
         39:94:31:72:e0:01:84:72:41:cd:a1:7d:3f:80:9d:61:88:a0:
         74:cb:aa:95:23:c7:e0:1b:3c:e9:31:3d:7f:64:5f:9d:52:3a:
         66:b2:d7:88:21:21:b5:ce:88:75:b8:02:1d:68:f4:35:cb:c3:
         ab:f1:8e:2e:ef:a4:7c:64:2a:8a:37:e8:1e:d4:63:47:e3:00:
         9e:4b:69:1e:84:f9:d4:0e:71:e5:31:fc:a1:2f:11:c0:a9:c6:
         88:5c:11:0a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAszbrlTmsrIAA3IQVawlyc0BEecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTEwMjQwODUwMTBaFw0yNjEwMjMwODU1MTBaMDMxMTAvBgNV
BAMTKDg3QjlDNUMwNjZBNDFCRkY2RTQ3MDAwQzJGRTg3QzBBQUE5MEFFRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrllcOQbcepfdBhHUvpHoo3Qxa
SNipSaPFplH3s/WlkTJFP85hifs+pWqrN4qQeGq0Ofx7jkrVNMFR2S9YqCWQa2kV
+vrkBLLwHdWJpHA3e/yoUmwc4+MKLDLGq+ivmdSd9w3ZCA4BtjLxeQrn1n7Z1HVD
xB3mJsOlTAB2Kxavd8JOzuSa7BX9B32mdsE81Xk85FebolXsI+qe8APQkPaYsAHe
tywaBfBYY25rMVIugDo+KPJY5Eo/g/WS0vLgIw7N2Ljof/rp+4g+gisnrAhUaBjf
szK0K+oWxGToMW65BZWsJFIPhp7d10g9V/0SVNP9klaw56fIlD7PE8UGsjiHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUh7nFwGakG/9uRwAML+h8CqqQruswHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs8MA0G
CSqGSIb3DQEBCwUAA4IBAQCbD2Q9r8oUnQQ3ApszZdZZiXBBLogsFbLnv/vGrsWE
PrfEfFmy4Iw1iJgnIP388US4PURMzF5+O5LBdCXsEcnok1eorch+dpIW8ha7kl1W
kfuPCDyLUD6JbALcUAoS6WGvjG88esifgY5FQBWUAWhmsLWT5lY470AWTQY43+D6
QNLj6jpENN8SHan7NRUD8hjsqHtNgi26dwT987JkFaNRqLs5lDFy4AGEckHNoX0/
gJ1hiKB0y6qVI8fgGzzpMT1/ZF+dUjpmsteIISG1zoh1uAIdaPQ1y8Or8Y4u76R8
ZCqKN+ge1GNH4wCeS2kehPnUDnHlMfyhLxHAqcaIXBEK
-----END CERTIFICATE-----