Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa
File:                     322e35392e36322e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          UYplWrPuNpBK4+VRoAMeNfrXsCP+FyebbT8k9JdoYnw=
Subject key identifier:   A1:C1:86:F5:9B:58:71:F3:4F:5B:4D:A0:4D:70:59:74:A8:34:AE:27
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       2CB062EE45551BC00D99861F2CADA152648F8BED
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa
Signing time:             Mon 01 Jun 2026 06:47:20 +0000
ROA not before:           Mon 01 Jun 2026 06:42:20 +0000
ROA not after:            Mon 31 May 2027 06:47:20 +0000
asID:                     63023
IP address blocks:        2.59.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:22:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:b0:62:ee:45:55:1b:c0:0d:99:86:1f:2c:ad:a1:52:64:8f:8b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun  1 06:42:20 2026 GMT
            Not After : May 31 06:47:20 2027 GMT
        Subject: CN=A1C186F59B5871F34F5B4DA04D705974A834AE27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:53:1a:7a:f9:22:02:d8:7a:ae:81:6c:52:dc:
                    02:04:b8:18:b7:0e:1c:b1:48:95:8b:f0:a1:2d:13:
                    68:09:84:75:36:a9:d3:c9:bb:39:68:fb:b5:9c:33:
                    29:c7:ff:3c:85:97:6a:20:9c:9b:56:ec:91:1a:9d:
                    74:60:e0:70:21:32:31:77:1c:ee:8a:54:e1:75:89:
                    7b:21:d5:9a:b7:c5:ef:4d:fb:03:b1:4b:c7:72:2c:
                    ad:30:06:c9:95:49:f0:f3:77:f7:a1:7b:8e:9e:e5:
                    83:eb:86:3c:ee:6c:4f:8b:72:8d:1d:db:d1:0e:77:
                    59:bf:ac:26:01:19:60:1a:34:99:50:26:81:bc:f7:
                    d9:30:f2:0f:94:0f:4d:53:a8:2f:7b:dc:8b:76:44:
                    a4:cc:61:a0:f4:04:b5:5f:26:0b:2c:c0:7c:57:a4:
                    99:98:5a:c0:55:3b:2b:1c:6d:e2:0e:c0:ec:fc:f9:
                    29:19:ef:cb:3b:9d:4c:b3:14:e9:c6:16:82:0c:8b:
                    41:04:36:d7:35:8e:16:3b:4d:11:8e:dc:b9:a6:23:
                    3d:3d:d4:9a:c3:69:a3:5a:41:a9:0b:0f:94:84:ba:
                    f0:de:61:fe:a1:c4:ce:c2:11:dd:ab:00:91:df:13:
                    da:e9:63:37:44:4a:7b:a5:bc:ed:24:19:1f:95:32:
                    56:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C1:86:F5:9B:58:71:F3:4F:5B:4D:A0:4D:70:59:74:A8:34:AE:27
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:f0:13:aa:f8:17:21:d6:c0:0d:94:ce:b4:18:0a:c8:b3:f7:
         bb:77:b8:24:58:be:cc:7e:cc:5b:ba:8c:f5:8f:8f:ee:80:7f:
         fe:21:83:f9:c8:07:e8:ee:bc:98:ae:66:6e:0c:03:4d:b3:ef:
         b6:a1:f8:de:ff:d6:5a:58:0b:78:6d:b2:27:ae:a7:b2:0a:85:
         81:40:1f:5d:64:68:af:7f:d3:2d:81:69:4a:c3:d8:03:11:5b:
         01:e6:a7:d7:d7:23:76:64:15:32:de:db:f5:f9:98:ff:9f:fb:
         b9:6e:34:b8:63:7a:53:a6:e5:b3:fc:92:db:fd:84:86:a0:7c:
         94:29:45:e3:4f:4d:37:2b:f9:c2:ce:01:85:ec:58:01:4e:e0:
         29:1a:cf:7e:69:62:21:0b:e9:b6:2a:fd:a3:46:5a:53:92:f3:
         bd:77:23:bc:27:15:00:57:6a:49:76:00:7b:17:1a:71:3b:9d:
         80:c3:db:21:cc:63:ab:56:cf:9c:47:26:48:a3:9b:68:29:4c:
         f5:0e:76:14:0d:24:cb:60:8b:86:71:1c:c2:be:ca:38:45:16:
         92:a0:bc:22:34:71:2a:98:bf:f8:08:79:a7:f2:9c:a2:6f:65:
         21:34:13:8f:86:98:ce:4f:93:df:12:df:ed:a2:de:c2:20:bd:
         4a:a4:98:02
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULLBi7kVVG8ANmYYfLK2hUmSPi+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjA2MDEwNjQyMjBaFw0yNzA1MzEwNjQ3MjBaMDMxMTAvBgNV
BAMTKEExQzE4NkY1OUI1ODcxRjM0RjVCNERBMDRENzA1OTc0QTgzNEFFMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkUxp6+SIC2HqugWxS3AIEuBi3
DhyxSJWL8KEtE2gJhHU2qdPJuzlo+7WcMynH/zyFl2ognJtW7JEanXRg4HAhMjF3
HO6KVOF1iXsh1Zq3xe9N+wOxS8dyLK0wBsmVSfDzd/ehe46e5YPrhjzubE+Lco0d
29EOd1m/rCYBGWAaNJlQJoG899kw8g+UD01TqC973It2RKTMYaD0BLVfJgsswHxX
pJmYWsBVOyscbeIOwOz8+SkZ78s7nUyzFOnGFoIMi0EENtc1jhY7TRGO3LmmIz09
1JrDaaNaQakLD5SEuvDeYf6hxM7CEd2rAJHfE9rpYzdESnulvO0kGR+VMlaVAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUocGG9ZtYcfNPW02gTXBZdKg0ricwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs+MA0G
CSqGSIb3DQEBCwUAA4IBAQBf8BOq+Bch1sANlM60GArIs/e7d7gkWL7Mfsxbuoz1
j4/ugH/+IYP5yAfo7ryYrmZuDANNs++2ofje/9ZaWAt4bbInrqeyCoWBQB9dZGiv
f9MtgWlKw9gDEVsB5qfX1yN2ZBUy3tv1+Zj/n/u5bjS4Y3pTpuWz/JLb/YSGoHyU
KUXjT003K/nCzgGF7FgBTuApGs9+aWIhC+m2Kv2jRlpTkvO9dyO8JxUAV2pJdgB7
FxpxO52Aw9shzGOrVs+cRyZIo5toKUz1DnYUDSTLYIuGcRzCvso4RRaSoLwiNHEq
mL/4CHmn8pyib2UhNBOPhpjOT5PfEt/tot7CIL1KpJgC
-----END CERTIFICATE-----