Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS996.roa
File:                     AS996.roa (raw, json)
Hash identifier:          IA4R0Tbo5TU7JVNy8B2QDuKfNscEh9OlPL6cqFCMx64=
Subject key identifier:   A3:22:C0:30:7B:0A:A1:3E:76:B2:CC:BC:1B:DA:B0:6C:C5:BC:45:D0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7E2842FD6740262D3BB636762C79DCC403D2CAA8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS996.roa
Signing time:             Sat 09 Aug 2025 06:47:57 +0000
ROA not before:           Sat 09 Aug 2025 06:42:57 +0000
ROA not after:            Sat 08 Aug 2026 06:47:57 +0000
asID:                     996
IP address blocks:        2a0a:ba00::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:28:42:fd:67:40:26:2d:3b:b6:36:76:2c:79:dc:c4:03:d2:ca:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  9 06:42:57 2025 GMT
            Not After : Aug  8 06:47:57 2026 GMT
        Subject: CN=A322C0307B0AA13E76B2CCBC1BDAB06CC5BC45D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:98:b0:82:59:10:f2:ce:25:56:df:c8:53:52:
                    4c:f7:e1:db:ce:bb:0f:66:3d:5d:82:48:be:a8:a2:
                    63:dd:bb:52:ff:b8:93:4b:0f:2b:3d:62:85:27:3c:
                    c8:bd:6c:0a:29:bd:fe:de:a7:4a:d6:ee:2e:f4:4f:
                    0e:58:b5:64:a9:a5:38:77:a2:63:0f:18:97:d8:9f:
                    9f:75:b2:db:a4:9a:78:ab:92:b3:c8:90:00:39:0b:
                    8d:d8:66:e3:3d:39:2e:7d:36:30:b5:6c:56:36:08:
                    ee:d7:8d:32:3d:6e:4d:d1:1e:f9:ea:84:df:71:4e:
                    df:7a:cc:fd:6d:41:0e:40:a2:e3:d5:93:86:35:af:
                    ce:fe:80:21:2a:f6:fb:80:dd:7d:3e:5e:44:e0:02:
                    ba:64:fb:12:c5:d2:c4:04:22:45:2a:47:bc:e6:dc:
                    ac:96:60:f2:3e:6b:f6:f3:cc:67:0e:89:8f:7a:d9:
                    1b:06:98:46:5f:46:2e:31:d3:a4:f1:bd:05:98:a1:
                    2e:2d:84:bc:16:00:ea:06:f2:6e:d7:e7:ab:56:02:
                    f8:78:52:19:3c:27:41:24:07:1f:55:6e:a1:ef:92:
                    ca:e5:51:74:7e:2d:70:be:3d:0a:27:fe:4f:c4:6d:
                    dc:c3:eb:8d:52:a0:a7:69:7e:c1:fa:65:7e:a9:b9:
                    46:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:22:C0:30:7B:0A:A1:3E:76:B2:CC:BC:1B:DA:B0:6C:C5:BC:45:D0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:ba00::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:76:a3:06:b7:c8:d8:3a:0b:d9:4a:a2:8e:0c:dc:58:2b:27:
         54:b1:cd:e5:cc:0d:28:36:71:43:84:02:57:2c:b1:4e:58:7f:
         c7:76:8c:06:df:8b:4f:c3:60:23:88:86:e5:03:9c:3a:64:aa:
         dd:44:88:11:08:c6:12:5c:e6:37:4a:10:b6:d2:18:9e:b4:34:
         3b:36:9c:b8:b0:22:91:60:74:ce:87:11:74:cf:07:be:fb:4e:
         ad:25:dc:f5:f4:08:09:79:74:29:0a:e3:39:d0:05:9b:fe:12:
         3e:45:30:2a:d1:a0:95:68:9a:c5:32:b0:5f:b5:e4:80:be:0e:
         a4:15:2a:3f:e9:f2:0d:bc:17:b6:f9:02:0a:60:64:83:a6:dd:
         6b:3c:d5:8b:9e:93:b0:3e:31:2d:d7:90:16:f2:0e:46:10:1e:
         af:b3:c7:90:10:bb:a1:da:a9:42:ea:32:1e:14:75:4b:fd:67:
         b8:8a:7c:8b:66:72:31:24:65:09:5b:8e:0a:94:86:92:ae:a7:
         7b:9a:24:2e:83:f0:9a:8e:b6:c8:04:14:b0:5c:ab:a6:ce:b4:
         38:d3:f8:58:91:d7:71:a3:31:70:25:21:58:a2:c5:14:ea:f4:
         2e:2d:7a:34:d0:76:fd:83:96:ff:0d:2a:33:63:56:7c:a8:c3:
         2b:2d:f9:a9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUfihC/WdAJi07tjZ2LHncxAPSyqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDkwNjQyNTdaFw0yNjA4MDgwNjQ3NTdaMDMxMTAvBgNV
BAMTKEEzMjJDMDMwN0IwQUExM0U3NkIyQ0NCQzFCREFCMDZDQzVCQzQ1RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClmLCCWRDyziVW38hTUkz34dvO
uw9mPV2CSL6oomPdu1L/uJNLDys9YoUnPMi9bAopvf7ep0rW7i70Tw5YtWSppTh3
omMPGJfYn591stukmnirkrPIkAA5C43YZuM9OS59NjC1bFY2CO7XjTI9bk3RHvnq
hN9xTt96zP1tQQ5AouPVk4Y1r87+gCEq9vuA3X0+XkTgArpk+xLF0sQEIkUqR7zm
3KyWYPI+a/bzzGcOiY962RsGmEZfRi4x06TxvQWYoS4thLwWAOoG8m7X56tWAvh4
Uhk8J0EkBx9VbqHvksrlUXR+LXC+PQon/k/EbdzD641SoKdpfsH6ZX6puUbrAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUoyLAMHsKoT52ssy8G9qwbMW8RdAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTk2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgq6ADAN
BgkqhkiG9w0BAQsFAAOCAQEAdXajBrfI2DoL2UqijgzcWCsnVLHN5cwNKDZxQ4QC
VyyxTlh/x3aMBt+LT8NgI4iG5QOcOmSq3USIEQjGElzmN0oQttIYnrQ0OzacuLAi
kWB0zocRdM8HvvtOrSXc9fQICXl0KQrjOdAFm/4SPkUwKtGglWiaxTKwX7XkgL4O
pBUqP+nyDbwXtvkCCmBkg6bdazzVi56TsD4xLdeQFvIORhAer7PHkBC7odqpQuoy
HhR1S/1nuIp8i2ZyMSRlCVuOCpSGkq6ne5okLoPwmo62yAQUsFyrps60ONP4WJHX
caMxcCUhWKLFFOr0Li16NNB2/YOW/w0qM2NWfKjDKy35qQ==
-----END CERTIFICATE-----