Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS22439.roa
File:                     AS22439.roa (raw, json)
Hash identifier:          pALh4jXck/oDRC5Ci9jugmAl8py7t/Nx5LJ8wq5GW+Q=
Subject key identifier:   A0:04:DC:36:0E:FF:03:52:88:B5:85:70:BE:A0:50:A2:45:00:FF:83
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4F8116B13B79B6284CA6D8D62A9F442CD0FF9E8D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS22439.roa
Signing time:             Fri 25 Jul 2025 08:07:41 +0000
ROA not before:           Fri 25 Jul 2025 08:02:41 +0000
ROA not after:            Fri 24 Jul 2026 08:07:41 +0000
asID:                     22439
IP address blocks:        2a0f:85c1:270::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:81:16:b1:3b:79:b6:28:4c:a6:d8:d6:2a:9f:44:2c:d0:ff:9e:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:41 2025 GMT
            Not After : Jul 24 08:07:41 2026 GMT
        Subject: CN=A004DC360EFF035288B58570BEA050A24500FF83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9c:23:aa:2f:40:89:d0:cf:70:47:3d:4b:53:
                    f0:3e:a4:08:d1:fb:e4:5f:38:db:03:29:cb:af:c5:
                    86:95:4d:40:33:4a:af:f5:64:dc:a8:75:69:a4:5c:
                    24:14:8f:d1:26:d1:7c:8e:6f:8c:c1:d3:32:44:41:
                    75:dc:3c:7c:9d:97:07:ad:49:1c:e7:5a:34:cf:3a:
                    a0:82:32:80:2e:d9:9b:e1:f2:c1:c5:9f:24:1b:ea:
                    77:04:6d:37:90:af:96:d1:64:3e:3b:2a:cb:04:98:
                    63:71:86:52:fd:f8:5d:9e:9d:0a:e3:00:00:23:a7:
                    c4:ee:bf:28:3b:42:b3:ba:1c:62:3f:d8:98:c1:e8:
                    72:e8:a4:1b:ce:44:b5:e2:5f:cb:6d:d2:f8:af:28:
                    c6:09:56:82:d0:65:d6:25:fd:91:e0:9d:bc:8e:af:
                    d9:b8:f3:df:c4:a2:b1:c2:fd:c5:dd:fb:8d:3e:18:
                    7f:87:86:a5:b5:01:7d:e0:b3:09:57:3a:37:24:95:
                    7b:21:6b:c0:0a:96:43:14:d3:f0:a3:65:68:5a:97:
                    0a:04:c6:aa:93:38:9f:33:11:ef:31:90:81:99:08:
                    71:93:99:b8:45:71:c4:00:1e:9f:d9:20:df:75:73:
                    38:de:7a:d1:00:d3:db:41:42:7e:11:b9:72:c2:1a:
                    b2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:04:DC:36:0E:FF:03:52:88:B5:85:70:BE:A0:50:A2:45:00:FF:83
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS22439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:270::/44

    Signature Algorithm: sha256WithRSAEncryption
         72:2c:5c:6f:2b:79:11:82:bf:d7:f2:e8:91:e5:14:ee:5b:52:
         b3:ae:55:a2:1d:3b:ab:2f:99:c2:24:d2:32:da:12:16:89:c5:
         e3:0a:9f:db:30:10:49:be:f9:be:18:c0:f4:5b:4e:70:c9:ee:
         80:0b:7c:43:78:d5:46:f6:62:0e:73:85:21:a2:58:ef:16:5b:
         94:ef:06:d7:83:36:a0:f8:5f:8c:eb:e8:56:e5:53:54:db:e2:
         b8:7a:9a:eb:c9:a4:cf:0e:55:21:ea:aa:bd:6c:b0:cd:2b:1f:
         44:7e:0d:3b:72:0e:11:43:21:23:1e:5a:34:d9:ac:e0:d8:ed:
         9e:94:6c:ed:38:ec:23:db:12:69:c7:00:30:d0:ef:d9:c7:7f:
         9a:8a:4b:ae:5e:f4:9b:a4:58:d2:3b:16:6c:ae:67:e9:de:59:
         90:2d:ea:6b:af:c5:34:36:b7:03:ae:25:1f:99:47:3d:a0:0c:
         fc:e7:12:fd:7c:1c:1d:d5:00:98:bb:96:4b:be:9c:3e:6b:62:
         ed:71:7a:cb:43:f2:73:bf:cb:e7:7f:27:85:b2:93:bb:9e:d1:
         97:f0:ac:ae:32:cc:75:57:ea:45:c6:ee:b5:a6:1f:8c:47:17:
         bb:9e:08:36:c5:05:01:65:d8:1f:ac:66:fa:9e:9a:56:01:bf:
         e0:96:5d:da
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUT4EWsTt5tihMptjWKp9ELND/no0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDFaFw0yNjA3MjQwODA3NDFaMDMxMTAvBgNV
BAMTKEEwMDREQzM2MEVGRjAzNTI4OEI1ODU3MEJFQTA1MEEyNDUwMEZGODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmnCOqL0CJ0M9wRz1LU/A+pAjR
++RfONsDKcuvxYaVTUAzSq/1ZNyodWmkXCQUj9Em0XyOb4zB0zJEQXXcPHydlwet
SRznWjTPOqCCMoAu2Zvh8sHFnyQb6ncEbTeQr5bRZD47KssEmGNxhlL9+F2enQrj
AAAjp8Tuvyg7QrO6HGI/2JjB6HLopBvORLXiX8tt0vivKMYJVoLQZdYl/ZHgnbyO
r9m489/EorHC/cXd+40+GH+HhqW1AX3gswlXOjcklXsha8AKlkMU0/CjZWhalwoE
xqqTOJ8zEe8xkIGZCHGTmbhFccQAHp/ZIN91czjeetEA09tBQn4RuXLCGrInAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUoATcNg7/A1KItYVwvqBQokUA/4MwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjI0Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
AnAwDQYJKoZIhvcNAQELBQADggEBAHIsXG8reRGCv9fy6JHlFO5bUrOuVaIdO6sv
mcIk0jLaEhaJxeMKn9swEEm++b4YwPRbTnDJ7oALfEN41Ub2Yg5zhSGiWO8WW5Tv
BteDNqD4X4zr6FblU1Tb4rh6muvJpM8OVSHqqr1ssM0rH0R+DTtyDhFDISMeWjTZ
rODY7Z6UbO047CPbEmnHADDQ79nHf5qKS65e9JukWNI7FmyuZ+neWZAt6muvxTQ2
twOuJR+ZRz2gDPznEv18HB3VAJi7lku+nD5rYu1xestD8nO/y+d/J4Wyk7ue0Zfw
rK4yzHVX6kXG7rWmH4xHF7ueCDbFBQFl2B+sZvqemlYBv+CWXdo=
-----END CERTIFICATE-----