Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          uboCQeCpu3Z+qwYmqiJm8A23lO8LzVAFKLKoxCB8x6M=
Subject key identifier:   88:13:90:54:33:EC:94:8F:B7:1A:EB:7A:EA:22:06:98:79:1E:E5:4B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4FC9A2692411F7F017303823AF768E2831DBCFF4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
Signing time:             Tue 07 Oct 2025 00:02:15 +0000
ROA not before:           Mon 06 Oct 2025 23:57:15 +0000
ROA not after:            Tue 06 Oct 2026 00:02:15 +0000
asID:                     56655
IP address blocks:        143.14.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:c9:a2:69:24:11:f7:f0:17:30:38:23:af:76:8e:28:31:db:cf:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  6 23:57:15 2025 GMT
            Not After : Oct  6 00:02:15 2026 GMT
        Subject: CN=8813905433EC948FB71AEB7AEA220698791EE54B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b3:1c:a2:23:84:35:52:79:2e:bb:c1:c1:1e:
                    2c:bb:55:fb:ad:29:55:8a:c0:84:df:95:b3:e0:b1:
                    58:cd:54:0d:bf:45:e6:be:d9:83:ea:70:5c:05:55:
                    26:bb:79:ea:aa:c5:b8:7e:d1:5f:72:d5:d1:ac:f1:
                    14:40:9e:19:15:da:43:ee:4e:83:ce:d8:2f:f7:ab:
                    b0:f8:33:59:d9:98:5f:7c:b7:9e:5e:b2:82:a0:b4:
                    06:8a:a8:e8:e1:91:40:e4:96:0c:f6:a9:83:9e:9b:
                    d6:c6:73:75:e0:c9:60:7f:4f:b2:53:a1:bf:fe:36:
                    c7:d6:bf:c3:34:1e:df:51:9a:c4:db:02:9d:f2:ac:
                    42:a6:fd:f7:05:c6:29:84:ec:10:45:ff:f3:27:f3:
                    97:70:63:c6:63:35:7a:c3:37:6d:27:47:0f:5d:2b:
                    72:be:a7:23:21:dc:80:d5:f4:02:1c:34:d3:18:ca:
                    29:77:45:ca:c0:f3:9f:6d:11:b8:8a:5d:c8:71:67:
                    8f:d9:8b:47:0f:44:a8:d7:bd:eb:fb:b0:6f:cc:7b:
                    db:c1:82:14:77:c5:5e:f5:95:5f:10:99:3e:70:0b:
                    13:fc:71:b5:10:f8:b9:72:97:3c:13:a7:96:63:40:
                    2f:b7:3d:6a:ca:2a:53:95:c5:b7:cf:85:fd:df:ba:
                    f8:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:13:90:54:33:EC:94:8F:B7:1A:EB:7A:EA:22:06:98:79:1E:E5:4B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:39:27:94:4f:35:c7:ac:1f:2e:14:3e:31:a6:93:cd:f8:93:
         ff:db:b9:89:bc:d0:40:30:e2:fa:bb:12:3c:ba:46:20:0c:49:
         be:4d:9d:a0:6a:08:7d:e1:e0:c1:86:87:eb:f0:73:0d:2a:0a:
         56:dd:6e:d6:b6:3c:e0:66:84:20:02:6b:46:99:a7:a1:08:cd:
         49:24:75:ee:67:45:17:6c:45:d4:d2:31:c8:e1:0d:cf:9b:f0:
         e9:e5:ac:cf:67:64:30:c2:4b:e4:60:38:74:69:67:88:c2:8a:
         c9:dc:95:0d:9e:6d:36:51:87:49:f8:3a:aa:84:fc:ed:36:45:
         67:e7:da:c7:c9:bc:2f:30:35:5c:1d:df:41:17:58:bf:68:a4:
         86:0a:ae:aa:ee:78:26:c8:de:4e:25:da:02:f5:ff:16:d2:ba:
         47:35:6f:34:49:e5:8e:f6:fe:3b:1e:42:93:70:54:4e:55:7d:
         bd:e9:05:78:88:39:0c:34:6b:5a:35:f3:6a:e2:ec:82:c5:70:
         ae:65:93:78:27:5f:35:01:ac:a1:92:28:0c:a1:2d:b8:fe:09:
         7b:c1:4d:62:5e:e5:f5:45:9a:d8:cc:63:b3:86:dd:d2:17:97:
         73:7e:47:91:7e:01:c0:b8:d7:f5:3f:d9:2e:83:fc:8a:43:65:
         cf:82:92:d8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUT8miaSQR9/AXMDgjr3aOKDHbz/QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDYyMzU3MTVaFw0yNjEwMDYwMDAyMTVaMDMxMTAvBgNV
BAMTKDg4MTM5MDU0MzNFQzk0OEZCNzFBRUI3QUVBMjIwNjk4NzkxRUU1NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpsxyiI4Q1Unkuu8HBHiy7Vfut
KVWKwITflbPgsVjNVA2/Rea+2YPqcFwFVSa7eeqqxbh+0V9y1dGs8RRAnhkV2kPu
ToPO2C/3q7D4M1nZmF98t55esoKgtAaKqOjhkUDklgz2qYOem9bGc3XgyWB/T7JT
ob/+NsfWv8M0Ht9RmsTbAp3yrEKm/fcFximE7BBF//Mn85dwY8ZjNXrDN20nRw9d
K3K+pyMh3IDV9AIcNNMYyil3RcrA859tEbiKXchxZ4/Zi0cPRKjXvev7sG/Me9vB
ghR3xV71lV8QmT5wCxP8cbUQ+LlylzwTp5ZjQC+3PWrKKlOVxbfPhf3fuvgZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUiBOQVDPslI+3Gut66iIGmHke5UswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPDigw
DQYJKoZIhvcNAQELBQADggEBADg5J5RPNcesHy4UPjGmk834k//buYm80EAw4vq7
Ejy6RiAMSb5NnaBqCH3h4MGGh+vwcw0qClbdbta2POBmhCACa0aZp6EIzUkkde5n
RRdsRdTSMcjhDc+b8OnlrM9nZDDCS+RgOHRpZ4jCisnclQ2ebTZRh0n4OqqE/O02
RWfn2sfJvC8wNVwd30EXWL9opIYKrqrueCbI3k4l2gL1/xbSukc1bzRJ5Y72/jse
QpNwVE5Vfb3pBXiIOQw0a1o182ri7ILFcK5lk3gnXzUBrKGSKAyhLbj+CXvBTWJe
5fVFmtjMY7OG3dIXl3N+R5F+AcC41/U/2S6D/IpDZc+Cktg=
-----END CERTIFICATE-----