Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          wBjL3/dLt7LK8m5J3Aq0dC/l/4PETAQ8s/731F9dJpY=
Subject key identifier:   F2:D9:08:9D:CE:E7:47:4B:7F:CB:13:DD:BA:63:CD:5C:05:A6:B8:70
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4B25EA7E92B2A930C3ACDD232BE7CB585FCF8FDA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56655.roa
Signing time:             Thu 07 Aug 2025 07:30:13 +0000
ROA not before:           Thu 07 Aug 2025 07:25:13 +0000
ROA not after:            Thu 06 Aug 2026 07:30:13 +0000
asID:                     56655
IP address blocks:        82.25.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:25:ea:7e:92:b2:a9:30:c3:ac:dd:23:2b:e7:cb:58:5f:cf:8f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  7 07:25:13 2025 GMT
            Not After : Aug  6 07:30:13 2026 GMT
        Subject: CN=F2D9089DCEE7474B7FCB13DDBA63CD5C05A6B870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d4:88:4c:c2:02:7f:cc:fa:ae:74:19:d7:e5:
                    65:01:ea:d1:1e:6b:7c:56:c9:eb:3d:1e:58:20:10:
                    99:03:f7:e7:95:28:eb:3b:ce:49:6f:d1:13:2b:43:
                    7e:26:b2:d8:12:1a:c5:1b:1a:52:d7:c3:b0:e2:dc:
                    79:f7:a0:e4:03:ac:c9:a8:74:0c:ec:18:0d:41:ef:
                    0b:a4:47:ec:cf:bb:c6:21:9d:a4:1a:c7:88:e3:23:
                    05:47:a9:57:e5:38:a2:c1:df:a7:a0:59:dd:39:6b:
                    10:47:84:bb:c7:ba:38:5c:02:2a:44:e9:2a:cc:70:
                    c9:b3:e3:3b:90:53:e0:7b:54:be:1a:56:28:89:70:
                    4f:e7:48:bf:6b:a1:de:cd:8a:22:e9:81:07:60:0d:
                    0a:c3:b5:9a:03:ae:89:e5:f9:2e:d6:6f:7a:77:a5:
                    64:b4:ca:24:a6:db:31:01:50:50:09:bc:89:83:35:
                    b8:ab:16:2d:27:c6:c8:c3:b0:44:df:b3:b6:4f:92:
                    0e:13:6d:66:06:49:df:e2:e8:38:64:7d:40:29:11:
                    17:cb:98:8b:9c:55:88:74:32:93:39:83:01:b8:70:
                    6b:83:c5:ec:fb:2b:43:dc:86:11:89:f7:29:27:35:
                    81:e6:f9:31:46:91:81:e5:18:1a:d9:e9:46:91:09:
                    00:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:D9:08:9D:CE:E7:47:4B:7F:CB:13:DD:BA:63:CD:5C:05:A6:B8:70
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:0a:2e:83:fa:19:af:94:aa:9a:51:51:36:56:db:07:7a:fd:
         bf:e5:73:b9:79:cd:32:e1:d4:ab:2e:31:39:cb:66:7d:fa:24:
         e6:b7:cd:e2:17:d0:a3:09:f9:8a:15:0c:ea:a7:38:90:81:ff:
         d8:40:d2:7b:92:23:bc:64:04:89:5c:88:f7:19:1b:38:5a:76:
         96:39:e6:c0:1a:29:6a:68:61:73:20:1c:36:37:d0:29:cf:a8:
         aa:51:7e:f5:71:15:ef:22:aa:43:cf:71:2f:cf:69:c5:8b:84:
         66:66:0f:50:36:11:6b:6f:22:9f:88:fe:21:d3:ad:da:03:c8:
         23:dd:ab:5a:d1:1d:6f:4a:94:d2:b7:de:32:c1:76:08:82:7a:
         6f:f7:82:93:d2:0f:cd:51:d3:3a:03:3e:e9:c3:d6:42:63:3b:
         70:b6:6a:64:24:6a:3d:1e:97:b7:87:18:e0:29:f1:b6:f6:22:
         4f:36:f1:4d:1e:52:72:d9:f1:99:a5:a2:af:d4:f5:62:08:b4:
         4a:c4:09:f3:a9:f4:3b:f5:f6:b7:d5:24:e0:96:5c:70:97:cc:
         d8:f5:dc:36:1c:c6:28:90:79:a8:9e:26:59:1b:de:bf:fc:bc:
         ec:06:04:11:12:a4:9a:38:fb:4a:8f:c6:7e:19:36:32:62:4d:
         ae:f7:f8:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSyXqfpKyqTDDrN0jK+fLWF/Pj9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDcwNzI1MTNaFw0yNjA4MDYwNzMwMTNaMDMxMTAvBgNV
BAMTKEYyRDkwODlEQ0VFNzQ3NEI3RkNCMTNEREJBNjNDRDVDMDVBNkI4NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL1IhMwgJ/zPqudBnX5WUB6tEe
a3xWyes9HlggEJkD9+eVKOs7zklv0RMrQ34mstgSGsUbGlLXw7Di3Hn3oOQDrMmo
dAzsGA1B7wukR+zPu8YhnaQax4jjIwVHqVflOKLB36egWd05axBHhLvHujhcAipE
6SrMcMmz4zuQU+B7VL4aViiJcE/nSL9rod7NiiLpgQdgDQrDtZoDronl+S7Wb3p3
pWS0yiSm2zEBUFAJvImDNbirFi0nxsjDsETfs7ZPkg4TbWYGSd/i6DhkfUApERfL
mIucVYh0MpM5gwG4cGuDxez7K0PchhGJ9yknNYHm+TFGkYHlGBrZ6UaRCQClAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU8tkInc7nR0t/yxPdumPNXAWmuHAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGSsw
DQYJKoZIhvcNAQELBQADggEBAIkKLoP6Ga+UqppRUTZW2wd6/b/lc7l5zTLh1Ksu
MTnLZn36JOa3zeIX0KMJ+YoVDOqnOJCB/9hA0nuSI7xkBIlciPcZGzhadpY55sAa
KWpoYXMgHDY30CnPqKpRfvVxFe8iqkPPcS/PacWLhGZmD1A2EWtvIp+I/iHTrdoD
yCPdq1rRHW9KlNK33jLBdgiCem/3gpPSD81R0zoDPunD1kJjO3C2amQkaj0el7eH
GOAp8bb2Ik828U0eUnLZ8Zmloq/U9WIItErECfOp9Dv19rfVJOCWXHCXzNj13DYc
xiiQeaieJlkb3r/8vOwGBBESpJo4+0qPxn4ZNjJiTa73+Do=
-----END CERTIFICATE-----