Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS60128.roa
File:                     AS60128.roa (raw, json)
Hash identifier:          LYwh4MoU7+i8XzsRvFs92IcyFCoJKzZY9vGXelEbElA=
Subject key identifier:   D4:08:D1:CB:E7:E2:B0:27:46:1D:34:02:6A:27:61:43:ED:26:99:EA
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       1265F228FAE8B9CA9BA6C484A508D3284B4745DD
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS60128.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     60128
IP address blocks:        46.236.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:65:f2:28:fa:e8:b9:ca:9b:a6:c4:84:a5:08:d3:28:4b:47:45:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=D408D1CBE7E2B027461D34026A276143ED2699EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:31:c6:2f:69:4d:34:c3:4b:45:14:2b:e6:67:
                    d3:3f:9c:fd:48:de:77:db:84:8d:78:55:a8:f7:3b:
                    f9:e1:b1:c6:c4:e9:2d:30:45:ac:9d:ff:cc:7c:a0:
                    be:f1:15:73:63:f3:5e:f2:77:d2:67:32:b0:5d:30:
                    92:eb:c3:e2:b3:e8:73:00:d8:a9:1a:47:0b:2c:cf:
                    6c:70:f3:16:41:db:8e:d1:4f:00:52:38:8e:bf:b2:
                    9a:d6:31:2a:bc:79:fa:1e:27:2c:1c:95:a3:55:27:
                    88:e4:cc:b0:00:c4:11:db:b3:63:3a:2b:84:02:ba:
                    ea:a1:61:c8:f3:a3:70:53:f4:a6:af:e5:1f:ce:de:
                    6d:e1:d6:2e:64:a1:4a:97:97:a7:2c:e7:35:30:3b:
                    65:cc:cd:59:46:b0:68:c6:de:19:98:26:66:35:bb:
                    52:b4:44:5d:bb:d5:88:df:88:24:e2:f8:2f:94:15:
                    88:5d:3d:3a:24:0c:f6:af:d9:61:72:70:82:e4:d9:
                    65:8e:03:ca:9b:fe:7b:b6:b7:62:f7:90:9b:21:92:
                    4b:d1:ee:a5:76:81:8c:05:a5:08:ca:8f:2c:a9:8a:
                    4c:54:07:65:4f:ec:39:5a:d3:32:3f:d0:ee:02:85:
                    bd:bf:b9:52:e8:73:db:99:3b:f5:0f:ef:54:3b:ee:
                    ad:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:08:D1:CB:E7:E2:B0:27:46:1D:34:02:6A:27:61:43:ED:26:99:EA
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS60128.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:61:4c:60:b6:28:8b:46:68:90:25:b9:87:66:0e:07:a1:82:
         eb:6c:ab:e1:01:c9:e7:3a:df:42:b4:17:30:c9:70:af:49:84:
         7c:01:0b:7f:96:71:97:26:1c:e9:24:61:9a:3d:6f:ce:1e:9a:
         ff:ce:4b:dd:a0:fb:ef:f3:b1:3a:5a:8c:7b:5d:bc:bc:d9:e0:
         ed:4e:0c:ee:f3:be:5c:95:70:c6:66:be:06:2c:e3:6d:d1:4d:
         4d:f5:35:4b:a1:75:41:80:28:a1:84:f4:50:1d:fc:13:cc:7e:
         5a:60:83:77:6b:49:e5:dd:dc:c0:0b:21:4f:d2:8f:4f:70:3f:
         64:69:df:d1:d5:4e:56:12:69:f0:52:3f:5a:73:09:2f:34:f9:
         57:f3:cc:d3:be:1a:25:7d:4b:dc:80:b3:93:78:7d:2a:81:ed:
         e7:21:16:38:04:9f:97:9d:d8:f9:e9:cc:a9:af:f2:f0:51:b4:
         29:32:b4:b5:c9:5f:40:2c:8d:ac:0d:4c:bb:63:d6:86:1b:a6:
         4c:3c:14:f3:20:e8:c1:ae:14:96:86:86:66:07:12:d7:56:93:
         cb:00:ce:67:3f:dc:36:be:69:6d:11:22:ef:54:59:27:2b:25:
         c3:bf:e3:00:a3:9a:b5:55:6c:ea:33:92:6f:89:2d:1a:06:13:
         5a:d5:55:3c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEmXyKProucqbpsSEpQjTKEtHRd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKEQ0MDhEMUNCRTdFMkIwMjc0NjFEMzQwMjZBMjc2MTQzRUQyNjk5RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTMcYvaU00w0tFFCvmZ9M/nP1I
3nfbhI14Vaj3O/nhscbE6S0wRayd/8x8oL7xFXNj817yd9JnMrBdMJLrw+Kz6HMA
2KkaRwssz2xw8xZB247RTwBSOI6/sprWMSq8efoeJywclaNVJ4jkzLAAxBHbs2M6
K4QCuuqhYcjzo3BT9Kav5R/O3m3h1i5koUqXl6cs5zUwO2XMzVlGsGjG3hmYJmY1
u1K0RF271YjfiCTi+C+UFYhdPTokDPav2WFycILk2WWOA8qb/nu2t2L3kJshkkvR
7qV2gYwFpQjKjyypikxUB2VP7Dla0zI/0O4Chb2/uVLoc9uZO/UP71Q77q2vAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU1AjRy+fisCdGHTQCaidhQ+0mmeowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNjAxMjgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAu7Now
DQYJKoZIhvcNAQELBQADggEBAHhhTGC2KItGaJAluYdmDgehgutsq+EByec630K0
FzDJcK9JhHwBC3+WcZcmHOkkYZo9b84emv/OS92g++/zsTpajHtdvLzZ4O1ODO7z
vlyVcMZmvgYs423RTU31NUuhdUGAKKGE9FAd/BPMflpgg3drSeXd3MALIU/Sj09w
P2Rp39HVTlYSafBSP1pzCS80+VfzzNO+GiV9S9yAs5N4fSqB7echFjgEn5ed2Pnp
zKmv8vBRtCkytLXJX0AsjawNTLtj1oYbpkw8FPMg6MGuFJaGhmYHEtdWk8sAzmc/
3Da+aW0RIu9UWScrJcO/4wCjmrVVbOozkm+JLRoGE1rVVTw=
-----END CERTIFICATE-----