Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          uetQmf7mpvBQ4ZmBRgevwF2cv0556swBmqz4hM1FlAQ=
Subject key identifier:   BB:A7:B6:36:85:1F:33:8B:1B:4A:B2:F4:EF:0D:0A:4A:C6:74:71:1C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5F1FEC2108BA612CFFB5ADF6E18739CE8BAC314E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56655.roa
Signing time:             Mon 13 Oct 2025 17:11:49 +0000
ROA not before:           Mon 13 Oct 2025 17:06:49 +0000
ROA not after:            Mon 12 Oct 2026 17:11:49 +0000
asID:                     56655
IP address blocks:        82.22.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:35:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:1f:ec:21:08:ba:61:2c:ff:b5:ad:f6:e1:87:39:ce:8b:ac:31:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 13 17:06:49 2025 GMT
            Not After : Oct 12 17:11:49 2026 GMT
        Subject: CN=BBA7B636851F338B1B4AB2F4EF0D0A4AC674711C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:46:7c:48:a7:2c:29:a6:61:6a:03:67:fc:bc:
                    4b:a6:06:a3:aa:55:46:d2:63:d7:37:86:b3:a9:5a:
                    7e:0e:92:5c:09:4f:5b:da:92:e2:c3:b2:4f:d9:97:
                    4c:31:54:dc:6a:86:75:d8:3a:c7:62:94:71:5f:bc:
                    7e:a6:f7:d4:81:a5:af:61:87:89:1b:eb:bd:06:2b:
                    76:2d:f1:ff:80:b5:8d:ed:36:df:ea:19:89:50:0e:
                    f8:e1:bd:22:ed:69:c3:e8:15:e2:e8:ac:82:01:36:
                    43:46:4d:8a:5c:8c:99:cf:c2:29:91:26:6d:e5:04:
                    0f:80:06:6e:be:1b:eb:d7:0a:c1:b0:71:91:3b:3f:
                    76:94:09:6c:b5:ec:5d:3c:47:de:cf:f9:76:30:2a:
                    cc:ab:b1:41:2f:10:f0:f0:a5:19:07:5d:21:13:c3:
                    60:29:a7:02:e3:37:bc:6c:42:34:1a:10:eb:1d:5a:
                    b7:a0:ee:92:47:c1:5e:a3:3c:35:7d:0a:76:1f:fe:
                    a6:a2:93:7a:5c:b2:c8:5f:f9:5d:4b:14:6f:8c:25:
                    f7:c0:0e:3c:d2:50:28:f7:e1:4d:64:ac:77:50:a2:
                    25:f4:5f:b1:f5:a8:58:cf:99:c2:e6:8a:7e:e0:75:
                    01:61:6e:82:c8:d3:08:07:82:4b:30:b3:00:34:8b:
                    1e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:A7:B6:36:85:1F:33:8B:1B:4A:B2:F4:EF:0D:0A:4A:C6:74:71:1C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:26:b6:37:27:53:14:8c:bd:50:d4:10:cb:13:a6:f1:cd:49:
         f4:df:64:2e:21:ae:6d:74:44:77:3f:b3:32:e9:64:08:37:fa:
         ad:d9:84:fd:32:2f:a1:13:8a:3c:9a:86:2e:98:a7:5b:e2:e4:
         f2:d7:bb:0e:30:f1:b8:5c:8c:dd:ad:d8:c2:78:11:86:cd:46:
         25:b7:3c:85:60:c5:a9:99:d1:9e:97:99:2e:fb:03:51:ea:f5:
         28:c3:42:80:b5:4c:5d:51:2b:55:55:e1:de:a2:e2:47:b4:78:
         38:f0:53:9f:0e:a9:01:5a:9a:12:4a:7b:f4:79:5e:7d:75:51:
         f1:01:b4:c7:16:82:87:05:de:35:66:16:4d:79:c4:50:f4:25:
         e5:ea:d1:f3:72:59:ee:f5:8f:11:86:42:0d:c7:d6:ce:98:48:
         34:45:61:da:48:28:d4:4a:3f:9a:76:b0:a1:bc:cd:76:12:89:
         62:f6:3a:1a:07:4d:a6:df:a5:1f:be:e3:67:41:ba:0c:7a:71:
         49:ad:1f:f9:f2:0c:25:9b:dc:51:3e:ed:d2:25:32:d1:c7:75:
         3e:5c:a5:5e:a8:50:39:49:58:2e:29:f3:ce:4d:62:8a:ce:7e:
         45:96:a6:d4:1d:f4:3c:18:aa:a7:8b:87:f4:2b:80:4b:fc:53:
         ef:16:01:53
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXx/sIQi6YSz/ta324Yc5zousMU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTMxNzA2NDlaFw0yNjEwMTIxNzExNDlaMDMxMTAvBgNV
BAMTKEJCQTdCNjM2ODUxRjMzOEIxQjRBQjJGNEVGMEQwQTRBQzY3NDcxMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoRnxIpywppmFqA2f8vEumBqOq
VUbSY9c3hrOpWn4OklwJT1vakuLDsk/Zl0wxVNxqhnXYOsdilHFfvH6m99SBpa9h
h4kb670GK3Yt8f+AtY3tNt/qGYlQDvjhvSLtacPoFeLorIIBNkNGTYpcjJnPwimR
Jm3lBA+ABm6+G+vXCsGwcZE7P3aUCWy17F08R97P+XYwKsyrsUEvEPDwpRkHXSET
w2AppwLjN7xsQjQaEOsdWreg7pJHwV6jPDV9CnYf/qaik3pcsshf+V1LFG+MJffA
DjzSUCj34U1krHdQoiX0X7H1qFjPmcLmin7gdQFhboLI0wgHgkswswA0ix4bAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUu6e2NoUfM4sbSrL07w0KSsZ0cRwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFjsw
DQYJKoZIhvcNAQELBQADggEBAF0mtjcnUxSMvVDUEMsTpvHNSfTfZC4hrm10RHc/
szLpZAg3+q3ZhP0yL6ETijyahi6Yp1vi5PLXuw4w8bhcjN2t2MJ4EYbNRiW3PIVg
xamZ0Z6XmS77A1Hq9SjDQoC1TF1RK1VV4d6i4ke0eDjwU58OqQFamhJKe/R5Xn11
UfEBtMcWgocF3jVmFk15xFD0JeXq0fNyWe71jxGGQg3H1s6YSDRFYdpIKNRKP5p2
sKG8zXYSiWL2OhoHTabfpR++42dBugx6cUmtH/nyDCWb3FE+7dIlMtHHdT5cpV6o
UDlJWC4p885NYorOfkWWptQd9DwYqqeLh/QrgEv8U+8WAVM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:03:49 2025 by rpki-client