Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59432.roa
File:                     AS59432.roa (raw, json)
Hash identifier:          UEfQG9nsvpC80oOjBydIdXtfsD8Yn3/8bNXE0FjLRHY=
Subject key identifier:   1A:52:72:EE:40:DE:D8:7B:96:E1:E6:CB:01:DA:01:F7:1F:31:14:31
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       734FE43555F87EE65D2E982DA52FF00AC5256281
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59432.roa
Signing time:             Wed 20 Aug 2025 00:00:13 +0000
ROA not before:           Tue 19 Aug 2025 23:55:13 +0000
ROA not after:            Wed 19 Aug 2026 00:00:13 +0000
asID:                     59432
IP address blocks:        82.23.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:4f:e4:35:55:f8:7e:e6:5d:2e:98:2d:a5:2f:f0:0a:c5:25:62:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 19 23:55:13 2025 GMT
            Not After : Aug 19 00:00:13 2026 GMT
        Subject: CN=1A5272EE40DED87B96E1E6CB01DA01F71F311431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:22:18:94:ab:f1:cd:2d:e8:c4:1a:e0:8d:54:
                    ec:61:26:09:22:ab:54:d1:c5:7e:d8:82:32:60:6c:
                    72:33:fd:b4:03:2c:bd:79:d2:02:1a:01:1b:76:53:
                    d8:02:d5:f8:e5:35:09:34:01:70:c8:b7:2e:19:26:
                    18:68:78:04:9d:db:89:3a:b7:c6:a8:6a:34:5e:8d:
                    4b:29:ce:40:af:ad:85:c3:de:38:b5:72:72:c3:7b:
                    37:4f:85:1e:68:6f:2b:c1:a0:61:c1:d4:06:1c:1b:
                    2a:ba:d1:00:54:65:1c:62:da:80:60:d0:20:a1:7e:
                    7c:3d:85:e7:59:61:5d:14:d6:a0:1e:c0:2d:7e:70:
                    46:33:e5:a6:6d:d8:fa:ee:07:af:db:9b:3a:7b:9a:
                    7c:dd:f3:2f:a6:1d:f7:ac:d9:c8:86:3c:c3:d1:a1:
                    1b:4d:cc:1c:ef:8e:2b:92:7b:f3:59:98:96:80:f8:
                    d1:a1:f5:6a:f1:15:4b:3c:b6:a9:96:e7:cb:05:c3:
                    a7:b7:8a:30:36:79:8a:91:cb:70:ca:cf:8a:86:37:
                    ec:e6:e1:0e:9f:a7:59:02:16:3b:8c:77:ca:17:52:
                    7f:e1:9c:aa:e2:f4:76:81:c5:0b:3d:be:cf:50:04:
                    91:02:98:e7:e7:4e:4a:42:f1:cd:21:b5:3b:2c:a8:
                    b1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:52:72:EE:40:DE:D8:7B:96:E1:E6:CB:01:DA:01:F7:1F:31:14:31
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:04:a7:ef:9a:bd:3c:16:5f:30:75:00:f4:d2:28:34:cb:fd:
         a7:53:98:cd:26:b2:30:92:b2:99:12:79:1f:5d:7e:24:71:31:
         07:21:f2:e0:af:8a:ef:b0:86:bb:a9:74:c7:39:7c:3e:75:6f:
         56:da:96:04:48:74:43:fb:67:37:cb:d2:e3:e2:c8:8b:65:98:
         49:07:72:73:bd:5e:b0:e1:60:d1:0b:96:35:ed:cb:5d:b9:dc:
         b9:c3:65:02:85:63:3e:16:89:82:79:b9:d9:23:50:cd:33:1c:
         d5:95:ea:53:bb:b7:47:42:24:9d:9c:c0:ea:ea:3a:d7:24:a5:
         8f:72:24:63:64:4e:08:d9:eb:c8:57:50:27:7a:79:05:f5:bb:
         75:35:0e:82:d0:7e:41:16:97:6b:77:9e:73:06:81:77:03:ed:
         bb:09:20:54:72:75:54:f5:12:70:01:5a:f3:00:3f:24:bf:5b:
         13:3e:a4:af:6e:af:27:3e:ce:e6:26:f9:b1:87:0a:5b:76:61:
         5f:c0:b2:cd:5d:ee:3f:05:3f:1b:98:67:3a:8f:78:fa:3e:85:
         ea:32:de:a9:ec:9f:18:6d:e3:6b:87:9f:d9:94:2f:85:2e:a9:
         a5:53:09:20:50:e5:d0:ec:14:19:86:da:79:2e:a7:51:df:5b:
         9b:b2:e9:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUc0/kNVX4fuZdLpgtpS/wCsUlYoEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MTkyMzU1MTNaFw0yNjA4MTkwMDAwMTNaMDMxMTAvBgNV
BAMTKDFBNTI3MkVFNDBERUQ4N0I5NkUxRTZDQjAxREEwMUY3MUYzMTE0MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBIhiUq/HNLejEGuCNVOxhJgki
q1TRxX7YgjJgbHIz/bQDLL150gIaARt2U9gC1fjlNQk0AXDIty4ZJhhoeASd24k6
t8aoajRejUspzkCvrYXD3ji1cnLDezdPhR5obyvBoGHB1AYcGyq60QBUZRxi2oBg
0CChfnw9hedZYV0U1qAewC1+cEYz5aZt2PruB6/bmzp7mnzd8y+mHfes2ciGPMPR
oRtNzBzvjiuSe/NZmJaA+NGh9WrxFUs8tqmW58sFw6e3ijA2eYqRy3DKz4qGN+zm
4Q6fp1kCFjuMd8oXUn/hnKri9HaBxQs9vs9QBJECmOfnTkpC8c0htTssqLHpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUGlJy7kDe2HuW4ebLAdoB9x8xFDEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTk0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSF7Uw
DQYJKoZIhvcNAQELBQADggEBAEoEp++avTwWXzB1APTSKDTL/adTmM0msjCSspkS
eR9dfiRxMQch8uCviu+whrupdMc5fD51b1balgRIdEP7ZzfL0uPiyItlmEkHcnO9
XrDhYNELljXty1253LnDZQKFYz4WiYJ5udkjUM0zHNWV6lO7t0dCJJ2cwOrqOtck
pY9yJGNkTgjZ68hXUCd6eQX1u3U1DoLQfkEWl2t3nnMGgXcD7bsJIFRydVT1EnAB
WvMAPyS/WxM+pK9uryc+zuYm+bGHClt2YV/Ass1d7j8FPxuYZzqPePo+heoy3qns
nxht42uHn9mUL4UuqaVTCSBQ5dDsFBmG2nkup1HfW5uy6Yc=
-----END CERTIFICATE-----