Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa
File:                     322e35392e36312e302f32342d3234203d3e203438323636.roa (raw, json)
Hash identifier:          sgoOb4bX1m2rIZlacxTZqlmJneicsHhOxQYCb/BB8fA=
Subject key identifier:   17:83:C3:BF:6F:09:F5:62:B3:70:87:90:B4:75:F9:09:78:C5:E6:E6
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       56500B417F36B07853BFFD735FBFC60268993043
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa
Signing time:             Mon 02 Mar 2026 01:24:37 +0000
ROA not before:           Mon 02 Mar 2026 01:19:37 +0000
ROA not after:            Mon 01 Mar 2027 01:24:37 +0000
asID:                     48266
IP address blocks:        2.59.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:24:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:50:0b:41:7f:36:b0:78:53:bf:fd:73:5f:bf:c6:02:68:99:30:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Mar  2 01:19:37 2026 GMT
            Not After : Mar  1 01:24:37 2027 GMT
        Subject: CN=1783C3BF6F09F562B3708790B475F90978C5E6E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:31:1c:70:10:a5:29:d8:7f:70:bd:f7:eb:b3:
                    3c:2a:c4:7b:ed:fa:e1:6c:fc:7c:ce:af:2d:2f:ed:
                    54:5e:39:82:8d:07:a0:99:e5:43:13:05:4e:a5:61:
                    e3:7c:24:c2:a5:8a:de:ae:8b:67:30:6c:08:d8:56:
                    bd:34:e9:56:f1:5e:17:9b:40:ba:c9:80:d9:b8:d5:
                    6d:55:fe:6f:09:bd:90:36:79:05:28:1d:94:de:28:
                    03:39:7a:2d:08:eb:b7:37:35:a6:94:28:d0:15:0c:
                    2e:d7:0e:65:4b:44:7b:b6:d4:6d:c1:69:74:80:c5:
                    7b:71:29:aa:ce:f6:62:30:5a:7e:b9:28:8e:79:d3:
                    c5:2f:30:4a:92:50:d6:96:f2:61:22:37:3f:85:f5:
                    30:f2:5d:31:b8:98:c6:c2:ff:05:b0:29:55:37:38:
                    ee:0e:25:37:b8:d5:af:15:19:6e:a5:00:78:2c:3a:
                    e3:a9:02:48:a8:20:e3:76:ec:28:b1:42:d4:77:2f:
                    4c:42:09:03:c0:39:cd:ba:3a:c4:fe:58:05:39:50:
                    42:7d:74:52:dd:7a:2b:b8:7a:49:0f:35:5c:88:b4:
                    9e:9d:b0:8b:28:a3:ca:b4:91:0c:a5:8d:9c:01:77:
                    e4:0c:88:3a:3d:98:5f:72:72:76:b8:20:f1:1c:3d:
                    d0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:83:C3:BF:6F:09:F5:62:B3:70:87:90:B4:75:F9:09:78:C5:E6:E6
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:26:39:a8:18:2e:66:48:84:23:84:ff:1e:d8:67:86:ad:54:
         dc:c1:72:b7:39:1e:10:a7:67:34:b6:a9:4b:ce:0d:a2:12:58:
         4b:95:0c:e4:af:6b:49:41:0a:17:81:6a:46:94:84:fd:84:51:
         10:6c:6e:e5:54:52:af:6b:0c:00:c0:cc:72:d3:8f:65:c8:87:
         b7:6c:e7:ab:1c:f4:6b:f8:ca:5b:50:82:6a:6d:b2:02:cc:26:
         18:1d:90:33:5d:48:2d:38:c6:98:8a:bf:26:61:4d:31:b8:67:
         b9:15:ef:e8:46:02:eb:16:dd:92:ca:db:24:86:ac:98:41:e6:
         ba:03:cf:f7:5c:6f:d5:9a:14:96:4f:1a:cb:23:53:1e:d0:c5:
         79:ba:64:b6:69:a0:19:6b:7e:96:35:4e:08:16:a7:7d:d5:2d:
         63:36:f6:9c:db:c6:be:e4:24:27:4b:07:d0:aa:e8:5a:e4:f4:
         d2:c9:82:88:e5:8c:dd:f8:33:35:d9:11:2c:02:b4:40:8c:ce:
         c0:fd:91:64:36:1e:50:c1:4b:51:8f:4e:78:2f:58:79:67:eb:
         ce:7c:08:a1:7b:80:8b:2b:8f:32:b2:22:37:f5:5e:fc:cf:2a:
         fb:64:1d:f0:8d:61:a4:37:62:57:18:76:fd:ed:dc:a7:3c:75:
         65:32:00:47
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUVlALQX82sHhTv/1zX7/GAmiZMEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjAzMDIwMTE5MzdaFw0yNzAzMDEwMTI0MzdaMDMxMTAvBgNV
BAMTKDE3ODNDM0JGNkYwOUY1NjJCMzcwODc5MEI0NzVGOTA5NzhDNUU2RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvMRxwEKUp2H9wvffrszwqxHvt
+uFs/HzOry0v7VReOYKNB6CZ5UMTBU6lYeN8JMKlit6ui2cwbAjYVr006VbxXheb
QLrJgNm41W1V/m8JvZA2eQUoHZTeKAM5ei0I67c3NaaUKNAVDC7XDmVLRHu21G3B
aXSAxXtxKarO9mIwWn65KI5508UvMEqSUNaW8mEiNz+F9TDyXTG4mMbC/wWwKVU3
OO4OJTe41a8VGW6lAHgsOuOpAkioION27CixQtR3L0xCCQPAOc26OsT+WAU5UEJ9
dFLdeiu4ekkPNVyItJ6dsIsoo8q0kQyljZwBd+QMiDo9mF9ycna4IPEcPdDZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUF4PDv28J9WKzcIeQtHX5CXjF5uYwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM4MzIzNjM2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs9MA0G
CSqGSIb3DQEBCwUAA4IBAQCIJjmoGC5mSIQjhP8e2GeGrVTcwXK3OR4Qp2c0tqlL
zg2iElhLlQzkr2tJQQoXgWpGlIT9hFEQbG7lVFKvawwAwMxy049lyIe3bOerHPRr
+MpbUIJqbbICzCYYHZAzXUgtOMaYir8mYU0xuGe5Fe/oRgLrFt2SytskhqyYQea6
A8/3XG/VmhSWTxrLI1Me0MV5umS2aaAZa36WNU4IFqd91S1jNvac28a+5CQnSwfQ
quha5PTSyYKI5Yzd+DM12REsArRAjM7A/ZFkNh5QwUtRj054L1h5Z+vOfAihe4CL
K48ysiI39V78zyr7ZB3wjWGkN2JXGHb97dynPHVlMgBH
-----END CERTIFICATE-----