Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2856.roa
File:                     AS2856.roa (raw, json)
Hash identifier:          MVe2Z1t+TDIaV/jTlnVpRAwNnxIaHPJcbTaeWh/zABk=
Subject key identifier:   60:F8:4A:B3:37:5A:C5:AD:9E:8F:2C:1C:94:C8:89:C5:82:A5:39:28
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       65955482746E8DAEFF615E97D7E1085F97D7CE3E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2856.roa
Signing time:             Sun 08 Jun 2025 09:35:00 +0000
ROA not before:           Sun 08 Jun 2025 09:30:00 +0000
ROA not after:            Sun 07 Jun 2026 09:35:00 +0000
asID:                     2856
IP address blocks:        167.148.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:95:54:82:74:6e:8d:ae:ff:61:5e:97:d7:e1:08:5f:97:d7:ce:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  8 09:30:00 2025 GMT
            Not After : Jun  7 09:35:00 2026 GMT
        Subject: CN=60F84AB3375AC5AD9E8F2C1C94C889C582A53928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:36:fa:71:1a:68:82:be:ad:8d:64:0d:18:2c:
                    02:bd:99:93:eb:84:7d:5f:99:bd:84:de:be:f5:d5:
                    00:af:5b:8a:30:26:5d:66:bf:57:d3:bf:14:38:9b:
                    4b:6f:50:90:4d:ff:69:54:4f:11:8f:bf:d5:f6:c0:
                    6d:ed:44:b0:fc:2a:2b:94:93:54:86:78:38:74:8a:
                    d0:e7:8c:2f:a0:39:51:da:30:d7:32:70:5a:b0:7d:
                    04:b9:ab:2b:8b:61:88:24:17:d2:0c:1a:6a:04:ab:
                    55:89:cd:7b:1a:0b:8f:23:e8:1a:8b:a7:f6:cc:1f:
                    39:6d:10:39:d8:2b:39:8c:54:85:66:f0:eb:f4:a5:
                    ed:bf:70:fa:e9:9c:36:62:af:08:3a:ee:52:07:68:
                    57:e3:fd:56:7b:33:32:43:a0:6b:37:cd:0c:14:f4:
                    62:df:01:a8:22:bd:cb:77:e3:b9:0a:d8:4d:f8:5f:
                    3a:1e:64:7b:16:aa:14:95:4c:96:fe:33:d2:45:6f:
                    42:66:3c:af:18:22:ff:1f:6e:47:4a:d4:38:d3:6a:
                    d7:e7:9c:bf:0c:16:f2:92:90:03:9a:45:8a:c6:bf:
                    6a:09:11:e1:9f:f5:ad:34:e0:a1:86:39:8e:ba:cc:
                    cc:22:77:b5:9b:32:31:18:54:6c:dc:e9:90:eb:b9:
                    fe:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F8:4A:B3:37:5A:C5:AD:9E:8F:2C:1C:94:C8:89:C5:82:A5:39:28
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:95:48:38:63:ff:ee:89:d6:6d:a5:90:bf:da:a4:84:6b:25:
         fb:25:67:ac:36:cb:97:d1:68:55:b8:cf:ad:24:3e:aa:20:86:
         10:40:ac:b9:10:48:b7:5d:7c:94:88:5e:63:88:1c:f0:da:98:
         83:88:c5:5c:19:10:96:53:57:81:9b:64:4f:d3:94:18:f2:a2:
         7b:9a:9b:2d:79:23:e0:14:9a:76:2a:cd:a7:cc:2d:f8:f5:4b:
         e2:a7:fe:8d:2b:15:55:30:7e:87:f3:92:4b:44:3c:e4:ef:5a:
         b6:bf:2d:87:19:90:9c:4e:fc:b5:e5:70:60:b2:2b:c3:b2:d3:
         49:8d:e7:bb:82:11:80:40:6c:0e:28:72:8e:b2:e0:18:5a:43:
         76:07:55:d8:0e:80:98:65:ce:21:c1:f6:c9:ef:36:50:48:e8:
         44:a9:6a:8c:94:ea:2a:0e:aa:6d:fd:9e:19:b7:5f:bb:74:df:
         63:ef:41:03:ab:cb:e8:d2:aa:33:a2:76:9f:1b:7e:bd:fb:21:
         f2:e9:31:7e:cc:cb:71:14:30:a4:1d:90:f7:84:a7:4a:bf:3f:
         b0:f4:b4:3b:26:d4:7b:ec:8a:0d:56:07:e1:e4:1f:9b:a1:9d:
         f5:89:66:9e:d7:c8:ee:ba:38:cb:5f:2e:86:4f:fb:03:30:c1:
         38:b6:4b:f9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUZZVUgnRuja7/YV6X1+EIX5fXzj4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDgwOTMwMDBaFw0yNjA2MDcwOTM1MDBaMDMxMTAvBgNV
BAMTKDYwRjg0QUIzMzc1QUM1QUQ5RThGMkMxQzk0Qzg4OUM1ODJBNTM5MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3NvpxGmiCvq2NZA0YLAK9mZPr
hH1fmb2E3r711QCvW4owJl1mv1fTvxQ4m0tvUJBN/2lUTxGPv9X2wG3tRLD8KiuU
k1SGeDh0itDnjC+gOVHaMNcycFqwfQS5qyuLYYgkF9IMGmoEq1WJzXsaC48j6BqL
p/bMHzltEDnYKzmMVIVm8Ov0pe2/cPrpnDZirwg67lIHaFfj/VZ7MzJDoGs3zQwU
9GLfAagivct347kK2E34XzoeZHsWqhSVTJb+M9JFb0JmPK8YIv8fbkdK1DjTatfn
nL8MFvKSkAOaRYrGv2oJEeGf9a004KGGOY66zMwid7WbMjEYVGzc6ZDruf6hAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUYPhKszdaxa2ejywclMiJxYKlOSgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjg1Ni5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAqeUPDAN
BgkqhkiG9w0BAQsFAAOCAQEAGpVIOGP/7onWbaWQv9qkhGsl+yVnrDbLl9FoVbjP
rSQ+qiCGEECsuRBIt118lIheY4gc8NqYg4jFXBkQllNXgZtkT9OUGPKie5qbLXkj
4BSadirNp8wt+PVL4qf+jSsVVTB+h/OSS0Q85O9atr8thxmQnE78teVwYLIrw7LT
SY3nu4IRgEBsDihyjrLgGFpDdgdV2A6AmGXOIcH2ye82UEjoRKlqjJTqKg6qbf2e
Gbdfu3TfY+9BA6vL6NKqM6J2nxt+vfsh8ukxfszLcRQwpB2Q94SnSr8/sPS0OybU
e+yKDVYH4eQfm6Gd9YlmntfI7ro4y18uhk/7AzDBOLZL+Q==
-----END CERTIFICATE-----