Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e20323039363432.roa
File:                     322e35392e36332e302f32342d3234203d3e20323039363432.roa (raw, json)
Hash identifier:          RaxlZegunO166WwhSyVfZX5K+6/U6SSWAALUv6FWG/c=
Subject key identifier:   E4:8E:A1:57:39:1B:8A:78:9A:B7:FB:A9:06:B4:46:4B:C5:D6:CA:34
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       0A25EAF693BBDBC6DFBBF897CC3748054DF30EBA
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e20323039363432.roa
Signing time:             Wed 07 May 2025 12:54:07 +0000
ROA not before:           Wed 07 May 2025 12:49:07 +0000
ROA not after:            Wed 06 May 2026 12:54:07 +0000
asID:                     209642
IP address blocks:        2.59.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 15:14:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:25:ea:f6:93:bb:db:c6:df:bb:f8:97:cc:37:48:05:4d:f3:0e:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: May  7 12:49:07 2025 GMT
            Not After : May  6 12:54:07 2026 GMT
        Subject: CN=E48EA157391B8A789AB7FBA906B4464BC5D6CA34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:69:d1:69:27:46:3c:20:28:42:c2:27:45:58:
                    dd:ad:8a:66:07:5b:fe:f5:d9:38:1d:7f:da:e2:c3:
                    57:0b:2f:25:63:48:a1:a8:5e:e4:6d:31:ea:45:1d:
                    c1:04:92:e5:fb:e9:cc:ec:a7:80:3b:5a:70:94:b4:
                    18:a9:61:f7:64:14:e9:35:86:0b:e7:d8:0c:8a:24:
                    f5:8a:44:4a:e3:bb:29:07:ad:2f:c1:f4:2f:bc:e5:
                    e6:62:35:98:1d:59:b7:c1:cc:3b:68:61:3d:66:59:
                    12:2b:71:35:c3:ed:59:80:f9:b1:57:5e:33:46:be:
                    b6:02:c9:1e:05:cd:3d:c6:48:41:c4:67:94:75:16:
                    5e:66:f0:23:da:f4:44:93:d5:58:eb:2c:b1:d2:9f:
                    01:63:e9:cd:50:9a:42:75:ea:b8:61:92:bd:5c:3b:
                    64:4a:e3:01:e7:45:ec:02:3b:5d:18:a3:fd:25:f1:
                    a4:43:18:36:11:b9:9c:fa:e2:9a:dd:57:5b:1e:a3:
                    96:86:14:de:7b:04:ac:e8:4f:e4:19:53:b1:cd:ff:
                    8b:66:6b:ad:7e:c1:af:3a:7f:87:b4:0b:41:31:f4:
                    d9:83:47:96:40:cc:eb:bf:69:4c:51:16:dd:9e:39:
                    43:a2:3e:96:fa:04:66:23:86:f1:52:83:ac:76:dd:
                    07:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:8E:A1:57:39:1B:8A:78:9A:B7:FB:A9:06:B4:46:4B:C5:D6:CA:34
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e20323039363432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:16:5d:d5:ac:3f:9b:07:f8:ec:6f:20:16:97:cf:99:63:23:
         97:63:c3:56:5c:d1:0d:ce:7b:8a:d9:be:dd:72:3d:30:77:01:
         32:ab:15:bc:45:51:aa:db:d0:de:26:9d:03:aa:f3:22:80:4d:
         25:ff:df:2b:b5:74:76:cd:11:be:68:31:81:ef:5b:fe:26:d3:
         cd:69:2c:00:0f:ad:a7:73:ee:f5:92:b4:0a:c5:ab:16:08:0f:
         1c:03:fb:74:28:ab:58:e3:4f:8c:c9:ed:c6:10:36:23:6b:7a:
         ef:dc:34:fb:9e:f6:b9:a8:32:21:da:3d:86:9d:ee:dc:36:47:
         db:19:6b:ea:09:7e:f7:19:2b:a3:76:d8:76:76:95:bf:af:df:
         08:2e:8c:49:80:31:71:92:51:41:15:1e:8e:57:67:6a:9d:05:
         42:e3:47:6d:b4:2a:bd:c2:4c:35:5c:a1:70:e7:41:25:28:79:
         dc:38:8c:93:0a:8a:8a:fe:28:95:fe:4f:ad:d7:4f:f3:54:70:
         4d:ad:83:6a:23:f1:93:b0:0a:46:81:97:0e:e3:cb:e8:f3:e5:
         10:19:24:c1:c1:9c:b6:83:d3:b9:71:d8:df:78:d9:3a:44:a9:
         99:a9:8e:86:62:d8:f6:12:33:51:33:05:78:e8:33:8f:a2:59:
         3a:32:43:b2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCiXq9pO728bfu/iXzDdIBU3zDrowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA1MDcxMjQ5MDdaFw0yNjA1MDYxMjU0MDdaMDMxMTAvBgNV
BAMTKEU0OEVBMTU3MzkxQjhBNzg5QUI3RkJBOTA2QjQ0NjRCQzVENkNBMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGadFpJ0Y8IChCwidFWN2timYH
W/712Tgdf9riw1cLLyVjSKGoXuRtMepFHcEEkuX76czsp4A7WnCUtBipYfdkFOk1
hgvn2AyKJPWKRErjuykHrS/B9C+85eZiNZgdWbfBzDtoYT1mWRIrcTXD7VmA+bFX
XjNGvrYCyR4FzT3GSEHEZ5R1Fl5m8CPa9EST1VjrLLHSnwFj6c1QmkJ16rhhkr1c
O2RK4wHnRewCO10Yo/0l8aRDGDYRuZz64prdV1seo5aGFN57BKzoT+QZU7HN/4tm
a61+wa86f4e0C0Ex9NmDR5ZAzOu/aUxRFt2eOUOiPpb6BGYjhvFSg6x23QeHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU5I6hVzkbiniat/upBrRGS8XWyjQwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzkzNjM0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOz8w
DQYJKoZIhvcNAQELBQADggEBAGMWXdWsP5sH+OxvIBaXz5ljI5djw1Zc0Q3Oe4rZ
vt1yPTB3ATKrFbxFUarb0N4mnQOq8yKATSX/3yu1dHbNEb5oMYHvW/4m081pLAAP
radz7vWStArFqxYIDxwD+3Qoq1jjT4zJ7cYQNiNreu/cNPue9rmoMiHaPYad7tw2
R9sZa+oJfvcZK6N22HZ2lb+v3wgujEmAMXGSUUEVHo5XZ2qdBULjR220Kr3CTDVc
oXDnQSUoedw4jJMKior+KJX+T63XT/NUcE2tg2oj8ZOwCkaBlw7jy+jz5RAZJMHB
nLaD07lx2N942TpEqZmpjoZi2PYSM1EzBXjoM4+iWToyQ7I=
-----END CERTIFICATE-----