Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59841.roa
File:                     AS59841.roa (raw, json)
Hash identifier:          1YaB50wCVAwB8o1sIR5dAa3izFbbHiV6PyoII0hQTqg=
Subject key identifier:   39:5E:41:EB:87:43:12:3D:9A:0A:E9:25:68:7B:5C:5D:AF:E2:E6:4B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7DCFD859A80B2CE2407F3B21AF1542F0680EB1B7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59841.roa
Signing time:             Wed 11 Jun 2025 07:25:56 +0000
ROA not before:           Wed 11 Jun 2025 07:20:56 +0000
ROA not after:            Wed 10 Jun 2026 07:25:56 +0000
asID:                     59841
IP address blocks:        2a0c:fa40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:cf:d8:59:a8:0b:2c:e2:40:7f:3b:21:af:15:42:f0:68:0e:b1:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 07:20:56 2025 GMT
            Not After : Jun 10 07:25:56 2026 GMT
        Subject: CN=395E41EB8743123D9A0AE925687B5C5DAFE2E64B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:36:48:ed:8b:10:8f:92:41:d5:a9:9f:a2:ff:
                    de:50:ce:c2:fd:13:2d:9a:08:69:a7:a3:d5:49:fc:
                    5f:e9:50:fd:5d:db:ca:d7:81:b9:50:51:5d:20:75:
                    bd:f2:49:09:8b:60:69:45:8c:f0:71:6c:f6:05:d7:
                    6f:07:af:ba:df:1b:59:6b:73:7a:29:5a:73:1d:f0:
                    5a:3c:59:cc:fe:79:1f:c0:e7:51:0a:1a:7a:3a:16:
                    ad:4b:d7:87:54:4e:5e:24:97:05:74:8b:9d:69:a5:
                    b1:6c:e4:e3:9b:10:9e:e1:b6:4f:1f:8c:33:d1:f0:
                    91:04:30:2d:e1:96:2c:ca:12:ee:b2:d2:ef:82:57:
                    fd:c0:e8:c7:fa:d3:9c:66:50:be:ab:81:45:d7:56:
                    6b:7d:3e:76:a9:84:72:df:f1:bc:c6:aa:8b:e4:03:
                    96:ae:05:1a:d3:cd:42:d9:7f:a8:24:cf:f2:21:c2:
                    ad:8b:e5:ed:4b:e0:b7:f6:af:49:e8:9c:3b:17:92:
                    1b:ac:9c:89:ea:9c:ce:8d:69:0d:be:1c:96:c2:8f:
                    61:63:cb:84:d8:f5:ae:8f:ec:8c:88:9e:80:3f:25:
                    54:bd:10:30:52:0f:31:0a:53:5a:6c:ed:0b:30:ea:
                    17:6d:fb:03:19:d7:df:08:b9:ff:38:29:a4:7d:90:
                    a8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5E:41:EB:87:43:12:3D:9A:0A:E9:25:68:7B:5C:5D:AF:E2:E6:4B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59841.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:fa40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:96:e7:49:60:2b:9d:93:c3:8e:d2:66:52:53:8e:dd:11:33:
         55:4f:3f:17:42:97:87:b6:f2:fb:61:f5:49:c7:c3:a9:c3:d4:
         97:2f:92:07:ee:86:a4:00:5b:6f:af:cf:c0:92:48:6d:04:d5:
         f6:d7:85:03:fd:4c:bd:67:c2:d1:84:b2:1d:65:4d:40:0a:52:
         91:ac:f0:08:39:39:c3:16:f4:a4:03:e7:da:0b:50:6b:1a:6d:
         cb:95:96:6c:57:89:de:89:17:11:a2:4b:26:92:bd:5d:a4:b7:
         0f:ce:6e:49:9e:e6:24:2a:e3:88:ef:fc:1b:c4:44:46:1a:f8:
         b5:44:ae:e6:72:0a:33:cc:1c:5b:b6:1e:02:0c:d2:41:90:8d:
         33:fe:6f:88:cf:3f:7c:44:98:1a:a0:f6:d2:6d:7d:18:29:0b:
         e7:ff:0a:f6:a2:29:c9:3d:6b:cf:cc:48:c3:6d:6e:9f:a6:29:
         8c:e2:41:5e:aa:27:b0:52:c2:dd:b2:f1:67:2c:4f:e5:c3:8a:
         23:d9:57:ef:19:47:22:ba:26:44:a6:b7:c5:90:28:7c:45:95:
         bf:01:4a:d1:07:96:89:f4:7c:fe:b2:11:50:74:69:9f:37:c8:
         f6:ea:fa:a8:66:9c:91:74:14:cb:76:4e:3f:e0:c5:92:a5:b4:
         3b:13:4f:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfc/YWagLLOJAfzshrxVC8GgOsbcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTEwNzIwNTZaFw0yNjA2MTAwNzI1NTZaMDMxMTAvBgNV
BAMTKDM5NUU0MUVCODc0MzEyM0Q5QTBBRTkyNTY4N0I1QzVEQUZFMkU2NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcNkjtixCPkkHVqZ+i/95QzsL9
Ey2aCGmno9VJ/F/pUP1d28rXgblQUV0gdb3ySQmLYGlFjPBxbPYF128Hr7rfG1lr
c3opWnMd8Fo8Wcz+eR/A51EKGno6Fq1L14dUTl4klwV0i51ppbFs5OObEJ7htk8f
jDPR8JEEMC3hlizKEu6y0u+CV/3A6Mf605xmUL6rgUXXVmt9PnaphHLf8bzGqovk
A5auBRrTzULZf6gkz/Ihwq2L5e1L4Lf2r0nonDsXkhusnInqnM6NaQ2+HJbCj2Fj
y4TY9a6P7IyInoA/JVS9EDBSDzEKU1ps7Qsw6hdt+wMZ198Iuf84KaR9kKgBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOV5B64dDEj2aCuklaHtcXa/i5kswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTk4NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqDPpA
MA0GCSqGSIb3DQEBCwUAA4IBAQClludJYCudk8OO0mZSU47dETNVTz8XQpeHtvL7
YfVJx8Opw9SXL5IH7oakAFtvr8/AkkhtBNX214UD/Uy9Z8LRhLIdZU1AClKRrPAI
OTnDFvSkA+faC1BrGm3LlZZsV4neiRcRoksmkr1dpLcPzm5JnuYkKuOI7/wbxERG
Gvi1RK7mcgozzBxbth4CDNJBkI0z/m+Izz98RJgaoPbSbX0YKQvn/wr2oinJPWvP
zEjDbW6fpimM4kFeqiewUsLdsvFnLE/lw4oj2VfvGUciuiZEprfFkCh8RZW/AUrR
B5aJ9Hz+shFQdGmfN8j26vqoZpyRdBTLdk4/4MWSpbQ7E0/6
-----END CERTIFICATE-----