Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS60123.roa
File:                     AS60123.roa (raw, json)
Hash identifier:          QtgZXfsHBEnogO7UuZmZIr/ZqG9Z8/NgNBqi4sK9HBo=
Subject key identifier:   D8:A2:42:18:B2:98:56:15:43:BF:96:3A:69:64:84:A7:86:F7:44:EB
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       5E8B72D9A4A0250810BCFF72B706B75E91AF789A
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS60123.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     60123
IP address blocks:        213.240.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:8b:72:d9:a4:a0:25:08:10:bc:ff:72:b7:06:b7:5e:91:af:78:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=D8A24218B298561543BF963A696484A786F744EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:18:28:2c:fa:e9:d3:45:18:da:25:23:88:57:
                    1c:c1:d7:ef:04:d7:05:de:96:53:3c:ca:d9:58:44:
                    6d:9d:b2:20:2b:b2:d7:e5:59:70:d0:b6:13:d6:d6:
                    b1:9f:ab:9f:8d:08:ee:a8:0e:52:cc:b9:df:9d:7c:
                    80:fc:f1:16:56:12:be:8e:13:7d:3d:0b:8c:a1:65:
                    5c:7e:c8:93:bd:27:c0:71:ed:4b:6f:89:a7:3f:09:
                    8a:f7:74:33:73:52:49:3c:93:25:18:e9:fc:6e:09:
                    ca:7a:1f:4f:48:38:13:64:6a:c8:75:04:ee:a0:46:
                    a1:0b:8b:ef:c4:be:1d:83:26:60:c2:f3:55:76:82:
                    6f:b6:3b:3a:cb:66:48:53:cc:84:27:44:a8:fd:2e:
                    58:e6:f1:9a:69:0e:e1:11:56:fd:5a:7f:d6:f8:e8:
                    3f:8f:29:13:0d:d8:64:f2:5f:58:1c:f8:89:e7:95:
                    92:6f:15:20:e1:ff:19:24:55:31:fe:28:26:15:71:
                    48:fb:6d:42:75:4a:03:10:36:3b:4b:bb:7b:75:b2:
                    87:bf:71:a5:dd:d0:50:d9:9e:59:bc:48:a1:88:20:
                    52:51:c0:b7:69:09:ae:eb:b1:2e:87:25:e5:7e:14:
                    90:96:5c:3c:53:25:24:30:7f:ba:73:74:84:83:03:
                    6d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A2:42:18:B2:98:56:15:43:BF:96:3A:69:64:84:A7:86:F7:44:EB
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS60123.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.240.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d2:55:5c:a8:0a:4f:2a:99:6f:3e:b1:08:13:9a:28:e8:aa:
         5f:87:98:e1:89:a6:d1:aa:de:bf:a7:3e:7b:30:f0:05:72:2c:
         ca:be:50:69:2a:ee:be:0b:03:53:af:72:01:c3:62:3a:42:c9:
         b3:05:12:a2:11:ee:1b:3e:05:9b:93:12:60:8d:26:63:ee:3a:
         72:90:4a:f5:da:de:5f:23:5b:d8:d9:d1:4d:10:74:7a:ee:90:
         58:e7:d0:1c:28:00:f6:38:8f:bb:49:0f:89:eb:7b:3d:1d:d2:
         cf:fc:16:9e:e1:14:76:5b:d7:d2:b5:c5:a8:5f:90:4d:d4:6a:
         46:64:3e:28:25:ce:ae:4b:08:36:a8:cd:b6:58:bb:b0:fb:ad:
         70:fe:eb:b0:95:be:44:59:c3:bb:c0:da:24:7c:85:91:c7:e7:
         6f:36:62:5b:a7:a6:bf:2c:1d:38:64:7b:23:05:89:67:83:67:
         55:ab:6d:f0:b9:b5:67:c3:0a:eb:bc:ff:08:52:98:0e:10:9d:
         df:d1:05:05:2a:33:71:85:86:94:c9:fa:0f:f1:db:29:d9:56:
         fe:f9:06:60:ec:2d:bb:71:e4:3d:74:40:9f:51:92:f1:f6:51:
         1b:75:8a:32:74:f4:a8:5e:e6:4a:21:e6:80:2b:b3:ac:46:20:
         22:ad:4a:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXoty2aSgJQgQvP9ytwa3XpGveJowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKEQ4QTI0MjE4QjI5ODU2MTU0M0JGOTYzQTY5NjQ4NEE3ODZGNzQ0RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1GCgs+unTRRjaJSOIVxzB1+8E
1wXellM8ytlYRG2dsiArstflWXDQthPW1rGfq5+NCO6oDlLMud+dfID88RZWEr6O
E309C4yhZVx+yJO9J8Bx7Utviac/CYr3dDNzUkk8kyUY6fxuCcp6H09IOBNkash1
BO6gRqELi+/Evh2DJmDC81V2gm+2OzrLZkhTzIQnRKj9Lljm8ZppDuERVv1af9b4
6D+PKRMN2GTyX1gc+InnlZJvFSDh/xkkVTH+KCYVcUj7bUJ1SgMQNjtLu3t1soe/
caXd0FDZnlm8SKGIIFJRwLdpCa7rsS6HJeV+FJCWXDxTJSQwf7pzdISDA201AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU2KJCGLKYVhVDv5Y6aWSEp4b3ROswHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNjAxMjMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADV8JQw
DQYJKoZIhvcNAQELBQADggEBAJfSVVyoCk8qmW8+sQgTmijoql+HmOGJptGq3r+n
Pnsw8AVyLMq+UGkq7r4LA1OvcgHDYjpCybMFEqIR7hs+BZuTEmCNJmPuOnKQSvXa
3l8jW9jZ0U0QdHrukFjn0BwoAPY4j7tJD4nrez0d0s/8Fp7hFHZb19K1xahfkE3U
akZkPiglzq5LCDaozbZYu7D7rXD+67CVvkRZw7vA2iR8hZHH5282Ylunpr8sHThk
eyMFiWeDZ1WrbfC5tWfDCuu8/whSmA4Qnd/RBQUqM3GFhpTJ+g/x2ynZVv75BmDs
Lbtx5D10QJ9RkvH2URt1ijJ09Khe5koh5oArs6xGICKtSoQ=
-----END CERTIFICATE-----