Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          S0FaECgWkRXpmN4CM7in2Pb0y5/q0U89q7Btt3xu5j8=
Subject key identifier:   48:99:7A:66:A6:CE:AF:55:68:8D:29:CB:D5:89:87:A9:67:9C:8B:9C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       453C3924E9F6DB57387F039DB61D30E82B57BF34
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
Signing time:             Thu 07 Aug 2025 09:37:50 +0000
ROA not before:           Thu 07 Aug 2025 09:32:50 +0000
ROA not after:            Thu 06 Aug 2026 09:37:50 +0000
asID:                     56655
IP address blocks:        143.14.40.0/22 maxlen: 22
                          143.14.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:3c:39:24:e9:f6:db:57:38:7f:03:9d:b6:1d:30:e8:2b:57:bf:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  7 09:32:50 2025 GMT
            Not After : Aug  6 09:37:50 2026 GMT
        Subject: CN=48997A66A6CEAF55688D29CBD58987A9679C8B9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:60:17:14:ff:38:a2:6f:81:a3:48:05:6f:8c:
                    a7:1a:e3:c6:91:a1:ab:b2:af:5a:58:35:d9:33:32:
                    d7:78:37:f5:4b:fb:7a:4d:79:4a:2d:b7:6e:3f:64:
                    44:68:13:f2:6e:30:68:f6:2f:1e:12:9d:3c:0d:07:
                    e5:10:bb:80:42:9f:da:39:4a:8d:ef:2e:11:af:0b:
                    ba:89:7e:6a:2f:33:b3:05:e5:b2:de:29:df:d4:14:
                    34:0f:57:35:af:ec:c9:cb:1d:26:f6:b9:af:2e:2a:
                    fe:a8:7b:56:fe:ca:3d:8d:6b:3c:ee:95:e2:88:e4:
                    97:ca:18:83:15:0f:80:06:46:27:83:0c:e7:00:bf:
                    21:6d:81:c4:b8:10:97:fc:22:e0:b0:d8:8e:7f:94:
                    70:40:11:4b:33:e1:98:08:5c:51:f5:26:ac:ad:dc:
                    ea:87:46:16:94:97:2d:d0:5a:fb:aa:f2:af:17:7d:
                    47:be:96:df:af:c3:f7:d8:48:e5:4d:64:54:92:96:
                    5e:d7:a4:b7:f4:1a:37:e9:e6:c1:93:94:e5:2c:de:
                    0b:7f:9c:0c:50:26:63:4f:2e:d7:38:1c:eb:f5:db:
                    47:43:26:c6:df:b1:80:28:b9:fa:28:48:10:3b:2d:
                    87:cf:d0:42:db:a2:a7:52:87:d2:c3:05:a4:fd:03:
                    cd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:99:7A:66:A6:CE:AF:55:68:8D:29:CB:D5:89:87:A9:67:9C:8B:9C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.40.0/22
                  143.14.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:c3:b5:8a:cf:0a:58:6a:01:19:bf:e6:4f:ff:82:72:4f:e8:
         e9:e5:cb:b7:80:7e:aa:1b:5f:ef:2b:cc:ba:29:f9:05:50:8e:
         6b:4b:e3:17:7d:8b:ae:6b:14:e1:da:0d:32:84:fd:21:74:f7:
         65:39:b3:33:01:b5:50:4a:e2:97:9d:12:5b:bb:3c:00:1b:64:
         36:f0:ae:e1:a0:15:f3:12:37:a4:8f:c6:43:ea:5d:21:56:bb:
         1e:df:b7:5e:2a:e4:9d:e6:14:96:04:fe:35:99:95:df:df:5e:
         05:df:55:9b:a2:9a:ae:92:e2:e8:f0:86:e3:f9:3e:fa:6c:f9:
         10:ce:b3:a9:fc:a5:2e:36:90:b5:78:3e:1b:57:13:8b:15:db:
         fa:50:52:66:a0:35:8d:44:69:b5:3a:f3:12:37:2d:17:ba:a7:
         87:29:52:17:1a:64:05:8a:a8:b7:03:64:30:59:31:2c:12:d0:
         d9:18:26:c3:d0:c5:fe:d8:7f:2b:1c:11:8f:01:f8:ab:88:e6:
         4a:fc:df:df:e4:22:ce:34:52:7b:ab:1e:28:49:cc:6a:c4:89:
         d7:80:db:33:2a:f5:76:dc:43:de:86:71:00:95:56:5c:e5:fa:
         43:8c:f5:d0:22:77:41:31:74:ef:97:a8:5d:00:28:1e:9e:be:
         a3:b4:8a:c1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIURTw5JOn221c4fwOdth0w6CtXvzQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDcwOTMyNTBaFw0yNjA4MDYwOTM3NTBaMDMxMTAvBgNV
BAMTKDQ4OTk3QTY2QTZDRUFGNTU2ODhEMjlDQkQ1ODk4N0E5Njc5QzhCOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuYBcU/ziib4GjSAVvjKca48aR
oauyr1pYNdkzMtd4N/VL+3pNeUott24/ZERoE/JuMGj2Lx4SnTwNB+UQu4BCn9o5
So3vLhGvC7qJfmovM7MF5bLeKd/UFDQPVzWv7MnLHSb2ua8uKv6oe1b+yj2Nazzu
leKI5JfKGIMVD4AGRieDDOcAvyFtgcS4EJf8IuCw2I5/lHBAEUsz4ZgIXFH1Jqyt
3OqHRhaUly3QWvuq8q8XfUe+lt+vw/fYSOVNZFSSll7XpLf0Gjfp5sGTlOUs3gt/
nAxQJmNPLtc4HOv120dDJsbfsYAoufooSBA7LYfP0ELboqdSh9LDBaT9A82DAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUSJl6ZqbOr1VojSnL1YmHqWeci5wwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKPDigD
BACPDnwwDQYJKoZIhvcNAQELBQADggEBAJ7DtYrPClhqARm/5k//gnJP6Only7eA
fqobX+8rzLop+QVQjmtL4xd9i65rFOHaDTKE/SF092U5szMBtVBK4pedElu7PAAb
ZDbwruGgFfMSN6SPxkPqXSFWux7ft14q5J3mFJYE/jWZld/fXgXfVZuimq6S4ujw
huP5Pvps+RDOs6n8pS42kLV4PhtXE4sV2/pQUmagNY1EabU68xI3LRe6p4cpUhca
ZAWKqLcDZDBZMSwS0NkYJsPQxf7YfyscEY8B+KuI5kr839/kIs40UnurHihJzGrE
ideA2zMq9XbcQ96GcQCVVlzl+kOM9dAid0ExdO+XqF0AKB6evqO0isE=
-----END CERTIFICATE-----