Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS60602.roa
File:                     AS60602.roa (raw, json)
Hash identifier:          4h0JMm7747b0tudk/dTKisJ+X+QRSutiL2CnKTZcBVw=
Subject key identifier:   AF:7C:39:DC:3D:E8:37:2C:E3:1E:9D:F3:93:65:E5:CB:B6:3E:31:05
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       457DC971D08FE533A98FEF0E51651681A1D20F9D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS60602.roa
Signing time:             Tue 27 Jan 2026 11:55:35 +0000
ROA not before:           Tue 27 Jan 2026 11:50:35 +0000
ROA not after:            Tue 26 Jan 2027 11:55:35 +0000
asID:                     60602
IP address blocks:        82.25.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:7d:c9:71:d0:8f:e5:33:a9:8f:ef:0e:51:65:16:81:a1:d2:0f:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 27 11:50:35 2026 GMT
            Not After : Jan 26 11:55:35 2027 GMT
        Subject: CN=AF7C39DC3DE8372CE31E9DF39365E5CBB63E3105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2f:7a:69:af:d4:ce:62:4a:05:5c:6f:42:a5:
                    11:f0:f4:b2:df:2e:25:b8:01:31:07:7f:a7:f8:5b:
                    7b:58:e3:9e:ce:3d:c2:02:c1:d4:48:2e:68:70:f8:
                    cf:59:ce:0a:69:14:2d:06:f1:9e:94:60:06:49:f2:
                    65:eb:da:ae:4b:f5:2d:79:64:8a:50:bb:44:32:a5:
                    7e:73:a8:af:4f:29:83:5e:67:3d:99:33:d1:19:1a:
                    23:f3:a1:c6:d8:9d:5d:9f:38:15:d5:23:a9:ef:7a:
                    7f:64:fe:5e:d2:aa:ce:d1:b5:86:30:e3:22:fe:0a:
                    21:47:11:1f:4b:9c:4a:70:e1:9c:4a:45:3f:ce:1a:
                    5c:48:36:3c:f9:1c:0f:0c:16:43:12:a5:94:09:f7:
                    d0:eb:a0:38:e4:10:9b:cd:7b:58:30:7a:4c:49:99:
                    6d:e2:36:aa:d9:21:96:1e:90:d9:33:6d:9f:cd:fc:
                    90:bc:c2:19:e7:92:90:95:8c:bd:c3:7b:5e:5e:02:
                    a1:26:09:0c:77:7e:3f:cf:72:a5:45:5f:17:6d:4c:
                    93:40:50:6f:6d:7e:0f:c4:0a:78:bd:61:f1:c2:c0:
                    64:99:ac:f8:9e:03:d9:f3:ec:8c:7f:75:36:cd:ee:
                    f2:7e:76:f1:46:4b:42:0a:9a:05:20:da:35:36:90:
                    4d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:7C:39:DC:3D:E8:37:2C:E3:1E:9D:F3:93:65:E5:CB:B6:3E:31:05
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS60602.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:2f:c8:79:ab:87:82:15:54:81:6a:61:27:f3:b0:55:2b:6f:
         2d:40:8a:8e:32:b5:de:99:e1:27:7c:05:df:c2:5e:9b:66:e4:
         30:1d:87:3d:a5:d8:5c:72:d8:48:2b:f2:ad:f0:df:68:d1:bf:
         2c:7c:63:ee:31:6b:fb:dc:49:24:6b:e4:da:7e:0f:87:7a:c4:
         e5:bf:7d:61:00:c4:5d:f3:a4:ea:43:e9:16:aa:82:ff:e6:0f:
         4c:e9:11:67:8f:ab:b2:6b:c9:ae:49:42:f1:20:71:26:ee:b2:
         9c:6d:85:a4:a0:e3:7b:eb:57:f0:20:21:30:27:a3:0a:1f:90:
         ae:06:21:85:2a:ad:a3:e9:8d:a0:db:33:16:fa:18:0d:ab:1b:
         df:66:f4:b6:a3:77:9d:0d:b7:71:60:a1:10:25:a4:ee:ce:fb:
         63:b1:fd:dd:52:3b:89:6d:e1:91:42:23:e2:df:db:9a:87:25:
         86:73:56:18:30:5c:79:58:3a:ec:4f:46:2b:e9:dd:02:b1:3e:
         bb:2a:2f:d4:e5:15:eb:e8:96:2d:99:eb:81:a2:88:e8:17:02:
         00:28:5f:9b:da:77:6b:ed:fb:80:d9:15:b5:7c:58:91:68:db:
         77:39:0c:5b:f2:59:18:72:ca:7c:c5:b6:97:ad:9a:80:c2:c1:
         d2:d7:70:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURX3JcdCP5TOpj+8OUWUWgaHSD50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMjcxMTUwMzVaFw0yNzAxMjYxMTU1MzVaMDMxMTAvBgNV
BAMTKEFGN0MzOURDM0RFODM3MkNFMzFFOURGMzkzNjVFNUNCQjYzRTMxMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnL3ppr9TOYkoFXG9CpRHw9LLf
LiW4ATEHf6f4W3tY457OPcICwdRILmhw+M9ZzgppFC0G8Z6UYAZJ8mXr2q5L9S15
ZIpQu0QypX5zqK9PKYNeZz2ZM9EZGiPzocbYnV2fOBXVI6nven9k/l7Sqs7RtYYw
4yL+CiFHER9LnEpw4ZxKRT/OGlxINjz5HA8MFkMSpZQJ99DroDjkEJvNe1gwekxJ
mW3iNqrZIZYekNkzbZ/N/JC8whnnkpCVjL3De15eAqEmCQx3fj/PcqVFXxdtTJNA
UG9tfg/ECni9YfHCwGSZrPieA9nz7Ix/dTbN7vJ+dvFGS0IKmgUg2jU2kE1bAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUr3w53D3oNyzjHp3zk2Xly7Y+MQUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNjA2MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGcsw
DQYJKoZIhvcNAQELBQADggEBAIQvyHmrh4IVVIFqYSfzsFUrby1Aio4ytd6Z4Sd8
Bd/CXptm5DAdhz2l2Fxy2Egr8q3w32jRvyx8Y+4xa/vcSSRr5Np+D4d6xOW/fWEA
xF3zpOpD6Raqgv/mD0zpEWePq7Jrya5JQvEgcSbuspxthaSg43vrV/AgITAnowof
kK4GIYUqraPpjaDbMxb6GA2rG99m9Lajd50Nt3FgoRAlpO7O+2Ox/d1SO4lt4ZFC
I+Lf25qHJYZzVhgwXHlYOuxPRivp3QKxPrsqL9TlFevoli2Z64GiiOgXAgAoX5va
d2vt+4DZFbV8WJFo23c5DFvyWRhyynzFtpetmoDCwdLXcAk=
-----END CERTIFICATE-----