Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59432.roa
File:                     AS59432.roa (raw, json)
Hash identifier:          T2teaeI2H54ZOrMRxVLwZiXKQtgt7w37zn88WogYtog=
Subject key identifier:   13:FB:36:95:B9:E3:35:64:4C:31:6B:B1:7C:F6:6D:85:E5:56:AA:A7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7ABB9CAD876EB6AB5B1446D8A0FB200B8C01BF22
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59432.roa
Signing time:             Fri 20 Jun 2025 07:53:26 +0000
ROA not before:           Fri 20 Jun 2025 07:48:26 +0000
ROA not after:            Fri 19 Jun 2026 07:53:26 +0000
asID:                     59432
IP address blocks:        82.23.181.0/24 maxlen: 24
                          82.25.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:bb:9c:ad:87:6e:b6:ab:5b:14:46:d8:a0:fb:20:0b:8c:01:bf:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 20 07:48:26 2025 GMT
            Not After : Jun 19 07:53:26 2026 GMT
        Subject: CN=13FB3695B9E335644C316BB17CF66D85E556AAA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:82:90:54:ee:df:03:d5:30:52:65:41:3e:f1:
                    26:84:f2:8a:9f:73:24:32:35:dd:8f:53:99:c9:13:
                    98:39:e7:ed:23:4f:96:b6:a8:d4:c8:b7:8e:7b:b4:
                    af:d0:ed:0c:31:ba:5e:ac:92:5d:6e:18:45:d1:92:
                    1d:bb:27:c8:09:ea:d3:1f:53:2d:01:ab:d0:46:e6:
                    a6:1f:ae:01:5b:b2:a5:08:18:61:a0:e1:59:b8:52:
                    f5:f7:71:13:60:1a:4a:39:6e:9f:e7:6b:42:70:7c:
                    fe:03:6f:d7:01:08:ed:96:75:63:fe:ff:54:7d:74:
                    23:18:71:7e:ae:32:00:2f:3d:d1:03:ae:27:6d:d8:
                    7d:bb:84:07:73:c7:58:4b:1f:62:d2:f3:c3:c7:dd:
                    7f:0e:fa:14:ca:a2:4c:be:19:02:f3:d5:28:54:d8:
                    7a:0b:e5:4c:8c:20:f9:13:13:08:25:04:90:b7:37:
                    2f:15:b6:ce:f0:f9:c3:be:8d:e7:1e:98:2e:aa:59:
                    ae:f9:f8:71:aa:6a:48:43:77:8c:9a:53:ef:f9:40:
                    15:ba:75:ad:ea:93:bb:c3:ae:1f:ae:a4:1f:8a:57:
                    03:8c:97:d4:a0:f2:f0:de:cf:3f:59:88:df:e9:b5:
                    d0:cd:a0:7c:a8:ed:63:d1:c6:39:58:4d:3a:bb:8a:
                    3b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:FB:36:95:B9:E3:35:64:4C:31:6B:B1:7C:F6:6D:85:E5:56:AA:A7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.181.0/24
                  82.25.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:d7:2d:ab:32:1d:f3:f6:5a:bf:b2:ef:95:7e:49:60:25:42:
         c5:e1:cd:38:ec:3e:49:5a:cf:47:d6:e0:c2:54:54:10:9e:e8:
         4d:fb:de:80:20:c8:ac:9a:8b:2e:3e:7d:84:15:18:48:b0:a8:
         2f:99:6c:d3:4c:98:4a:72:2f:d1:fb:e0:64:2f:0c:24:dd:f8:
         e7:13:ab:1b:61:76:c4:12:ac:eb:99:b6:e0:fb:ea:be:d0:fe:
         dc:b8:9c:f0:f3:3d:56:b8:1c:78:08:4f:03:08:db:2b:37:e1:
         8b:17:fb:1a:b4:92:1b:9d:d6:26:6e:60:49:5e:0e:33:50:f2:
         a6:e2:c0:06:ac:6a:95:af:33:0e:74:30:7d:5e:fc:29:38:05:
         ec:f8:30:3d:3c:0c:85:c1:86:73:42:9f:85:8f:31:ac:e9:3b:
         46:2b:85:88:73:f3:b1:41:1d:71:5d:32:7e:e9:84:33:ab:32:
         9a:5b:89:f8:61:e1:b1:ff:5a:3b:20:b2:49:be:44:38:1d:ff:
         d3:07:95:e1:b8:fe:62:b3:79:64:28:be:63:7e:fd:c9:b4:3d:
         9f:c1:55:9d:09:7a:cb:c2:1b:df:b1:d4:35:7e:2a:a6:96:87:
         d6:28:a8:e1:e1:a7:3c:1b:f0:62:c5:71:1e:bb:94:c2:48:60:
         89:7f:b2:d0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUerucrYdutqtbFEbYoPsgC4wBvyIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjAwNzQ4MjZaFw0yNjA2MTkwNzUzMjZaMDMxMTAvBgNV
BAMTKDEzRkIzNjk1QjlFMzM1NjQ0QzMxNkJCMTdDRjY2RDg1RTU1NkFBQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZgpBU7t8D1TBSZUE+8SaE8oqf
cyQyNd2PU5nJE5g55+0jT5a2qNTIt457tK/Q7Qwxul6skl1uGEXRkh27J8gJ6tMf
Uy0Bq9BG5qYfrgFbsqUIGGGg4Vm4UvX3cRNgGko5bp/na0JwfP4Db9cBCO2WdWP+
/1R9dCMYcX6uMgAvPdEDridt2H27hAdzx1hLH2LS88PH3X8O+hTKoky+GQLz1ShU
2HoL5UyMIPkTEwglBJC3Ny8Vts7w+cO+jecemC6qWa75+HGqakhDd4yaU+/5QBW6
da3qk7vDrh+upB+KVwOMl9Sg8vDezz9ZiN/ptdDNoHyo7WPRxjlYTTq7ijsFAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUE/s2lbnjNWRMMWuxfPZtheVWqqcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTk0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSF7UD
BABSGcgwDQYJKoZIhvcNAQELBQADggEBAKLXLasyHfP2Wr+y75V+SWAlQsXhzTjs
Pklaz0fW4MJUVBCe6E373oAgyKyaiy4+fYQVGEiwqC+ZbNNMmEpyL9H74GQvDCTd
+OcTqxthdsQSrOuZtuD76r7Q/ty4nPDzPVa4HHgITwMI2ys34YsX+xq0khud1iZu
YEleDjNQ8qbiwAasapWvMw50MH1e/Ck4Bez4MD08DIXBhnNCn4WPMazpO0YrhYhz
87FBHXFdMn7phDOrMppbifhh4bH/Wjsgskm+RDgd/9MHleG4/mKzeWQovmN+/cm0
PZ/BVZ0JesvCG9+x1DV+KqaWh9YoqOHhpzwb8GLFcR67lMJIYIl/stA=
-----END CERTIFICATE-----