Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          WePizVIm7LoA4DK/udd3xCE4FJlymncV50DyiFZD70M=
Subject key identifier:   6A:D8:92:38:CE:61:E1:23:5E:C6:5A:FE:A9:EB:DD:BE:28:73:09:D9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       229D5AC51AED1B10C75BF82F51E07FEA1156649F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS56655.roa
Signing time:             Fri 25 Jul 2025 08:07:35 +0000
ROA not before:           Fri 25 Jul 2025 08:02:35 +0000
ROA not after:            Fri 24 Jul 2026 08:07:35 +0000
asID:                     56655
IP address blocks:        2a0f:85c1:270::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:9d:5a:c5:1a:ed:1b:10:c7:5b:f8:2f:51:e0:7f:ea:11:56:64:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:35 2025 GMT
            Not After : Jul 24 08:07:35 2026 GMT
        Subject: CN=6AD89238CE61E1235EC65AFEA9EBDDBE287309D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ed:31:19:cd:8d:eb:0e:6a:23:e9:47:fb:0f:
                    56:93:9d:c5:34:91:37:ee:6b:59:10:ce:97:41:41:
                    77:de:74:bb:b1:e5:5b:8d:11:ee:27:42:6c:61:cb:
                    a8:50:48:6c:99:03:b9:c4:8a:d5:37:a8:8e:fd:72:
                    c4:9e:d1:d2:65:c3:ce:7c:f5:00:c5:2b:38:9d:be:
                    fb:dc:0b:b0:b1:36:94:89:09:dc:6e:71:7d:6c:04:
                    e9:c6:be:57:b0:0c:8f:2b:ba:36:5f:53:49:63:e1:
                    7e:c2:cc:d4:b4:c8:e4:57:c1:4c:fc:d2:c7:cd:fb:
                    75:54:80:f4:34:ff:e9:2e:49:63:d0:b0:de:16:e0:
                    29:dd:e5:ac:31:ce:e9:cb:32:d5:ed:d7:a6:c3:4c:
                    6e:b0:d4:dd:44:a0:7f:b1:4a:f1:80:71:57:f6:da:
                    5e:f5:fc:98:55:90:33:d3:ce:ba:be:49:3a:11:79:
                    bd:2c:4c:55:24:59:61:3a:5b:70:4a:27:d6:d4:fd:
                    98:f0:ca:c6:00:89:27:51:8e:62:2e:56:c0:3c:b5:
                    7b:81:55:14:2a:67:66:1a:af:f2:cb:83:8f:47:35:
                    bf:05:6e:34:69:b3:e8:2a:94:5f:97:6a:bf:c8:ad:
                    1c:cb:71:64:9e:db:a0:1f:88:ff:ca:6d:f7:21:b6:
                    8f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D8:92:38:CE:61:E1:23:5E:C6:5A:FE:A9:EB:DD:BE:28:73:09:D9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:270::/44

    Signature Algorithm: sha256WithRSAEncryption
         0f:84:a6:ed:b3:ba:96:12:f4:46:db:bd:d1:e8:37:7a:eb:68:
         da:af:ab:5b:ca:1e:e2:dc:b0:e5:a0:02:80:c9:ee:8d:61:b5:
         fc:b9:3a:10:6a:1e:46:a1:e0:01:40:5f:4e:6f:66:ab:c7:34:
         0e:01:d6:e0:a0:b4:81:c9:36:dc:94:66:a1:95:d1:55:c7:03:
         3b:30:04:f8:7b:d7:24:89:b0:4f:f5:94:20:92:cd:73:b8:2a:
         55:fc:0a:52:93:48:e4:a0:75:fb:59:0a:47:f2:18:23:51:96:
         3a:5b:5f:1f:c1:e4:9d:12:46:ae:10:e7:ff:09:b0:78:8b:b2:
         27:43:f1:d6:63:84:20:ed:6f:2f:66:36:85:54:fe:cd:18:c3:
         4a:39:ce:ec:3b:42:7e:5b:ae:dd:fd:c0:c2:b7:e5:b9:7d:c3:
         45:52:4f:ea:30:e6:d4:3b:7a:bf:9a:2f:0d:6f:2f:17:c2:ea:
         db:b0:77:28:36:9d:e0:f5:6b:0d:d4:80:b7:f7:00:77:9c:48:
         6c:ac:08:ba:90:8a:80:8e:47:46:f5:ea:3c:55:5e:9f:d8:7e:
         f8:06:94:77:0a:00:59:36:c7:0e:0e:c0:3a:66:1e:63:3b:bf:
         92:8a:b6:9e:66:e5:e2:25:42:15:d4:85:31:d8:f8:30:66:47:
         0c:96:c9:99
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUIp1axRrtGxDHW/gvUeB/6hFWZJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzVaFw0yNjA3MjQwODA3MzVaMDMxMTAvBgNV
BAMTKDZBRDg5MjM4Q0U2MUUxMjM1RUM2NUFGRUE5RUJEREJFMjg3MzA5RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ7TEZzY3rDmoj6Uf7D1aTncU0
kTfua1kQzpdBQXfedLux5VuNEe4nQmxhy6hQSGyZA7nEitU3qI79csSe0dJlw858
9QDFKzidvvvcC7CxNpSJCdxucX1sBOnGvlewDI8rujZfU0lj4X7CzNS0yORXwUz8
0sfN+3VUgPQ0/+kuSWPQsN4W4Cnd5awxzunLMtXt16bDTG6w1N1EoH+xSvGAcVf2
2l71/JhVkDPTzrq+SToReb0sTFUkWWE6W3BKJ9bU/ZjwysYAiSdRjmIuVsA8tXuB
VRQqZ2Yar/LLg49HNb8FbjRps+gqlF+Xar/IrRzLcWSe26AfiP/Kbfchto9jAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUatiSOM5h4SNexlr+qevdvihzCdkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqD4XB
AnAwDQYJKoZIhvcNAQELBQADggEBAA+Epu2zupYS9EbbvdHoN3rraNqvq1vKHuLc
sOWgAoDJ7o1htfy5OhBqHkah4AFAX05vZqvHNA4B1uCgtIHJNtyUZqGV0VXHAzsw
BPh71ySJsE/1lCCSzXO4KlX8ClKTSOSgdftZCkfyGCNRljpbXx/B5J0SRq4Q5/8J
sHiLsidD8dZjhCDtby9mNoVU/s0Yw0o5zuw7Qn5brt39wMK35bl9w0VST+ow5tQ7
er+aLw1vLxfC6tuwdyg2neD1aw3UgLf3AHecSGysCLqQioCOR0b16jxVXp/YfvgG
lHcKAFk2xw4OwDpmHmM7v5KKtp5m5eIlQhXUhTHY+DBmRwyWyZk=
-----END CERTIFICATE-----