Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa
File:                     AS50321.roa (raw, json)
Hash identifier:          Ul+EhUQ8h1PErzNQQSIsYsnihMCkPTqB4qZjxEuOerk=
Subject key identifier:   C0:72:A9:E8:AE:5B:F3:73:27:67:12:40:59:B9:6A:93:79:BB:77:E7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2D6B73CAFA1309B45340A6EF0B584600B6F67FC0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa
Signing time:             Mon 22 Sep 2025 07:44:02 +0000
ROA not before:           Mon 22 Sep 2025 07:39:02 +0000
ROA not after:            Mon 21 Sep 2026 07:44:02 +0000
asID:                     50321
IP address blocks:        141.11.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:6b:73:ca:fa:13:09:b4:53:40:a6:ef:0b:58:46:00:b6:f6:7f:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 22 07:39:02 2025 GMT
            Not After : Sep 21 07:44:02 2026 GMT
        Subject: CN=C072A9E8AE5BF3732767124059B96A9379BB77E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ce:c0:2f:72:e3:e4:57:5f:02:1f:2f:58:6a:
                    9c:26:b5:0a:bd:4c:53:83:44:97:0b:b3:33:cf:8a:
                    f5:2d:84:35:42:bc:d0:0d:78:15:dc:ab:63:34:41:
                    86:4f:11:01:2c:a3:96:3e:8e:30:42:6b:2a:64:4b:
                    a2:10:bf:25:45:78:43:17:33:6f:4c:c0:98:1c:3b:
                    91:57:02:75:a6:56:58:1c:b1:9e:5a:2b:a7:1b:aa:
                    2a:8d:cb:c7:01:9e:29:eb:4c:d8:75:6f:2d:96:d0:
                    30:01:a2:9a:81:e5:28:3a:67:23:76:ed:6e:d9:de:
                    64:42:60:42:99:a9:c6:b4:ac:a0:e4:ce:60:4c:b3:
                    8f:d4:0a:27:5d:55:6b:66:64:d4:a2:63:03:86:be:
                    cb:bd:f7:98:dd:a8:fe:8d:cf:32:c3:61:6e:65:d5:
                    55:b5:84:75:d4:05:24:f4:e0:aa:c8:37:68:09:4a:
                    7c:27:da:0f:d9:32:c6:c6:ee:a8:32:0e:02:b4:57:
                    de:b7:e0:92:3d:f7:34:31:4c:fb:72:51:85:fc:9b:
                    ac:19:a1:59:b2:1c:61:77:29:46:6b:f5:e7:95:6a:
                    76:9b:f0:b7:4c:8c:c9:30:a3:c8:7e:1f:30:a7:d7:
                    e3:56:5f:0b:28:f0:aa:90:51:2e:c1:ff:71:8b:00:
                    5a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:72:A9:E8:AE:5B:F3:73:27:67:12:40:59:B9:6A:93:79:BB:77:E7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:1c:07:ff:29:ac:fb:6d:31:d6:2b:f6:fe:3b:11:c4:6d:46:
         7e:2c:58:0c:39:7b:af:b8:27:46:c6:73:dd:6d:4c:c9:de:29:
         cd:80:0c:95:27:3a:d1:a6:0f:82:e2:9a:31:cf:1b:f1:f1:cc:
         59:cb:88:96:50:2e:68:17:11:c9:c3:99:dc:7c:09:e7:5f:07:
         61:ee:39:5d:c9:8f:46:d8:ea:99:10:0e:18:f8:48:df:d7:de:
         d2:92:1b:a8:70:39:54:d8:69:f6:3f:2c:08:42:71:6b:f5:02:
         da:fa:26:76:38:88:df:a2:f0:1e:8d:c1:e3:ed:fc:47:d2:eb:
         cb:2e:db:52:14:36:76:5d:6c:4f:c4:86:49:b4:75:ae:e1:5a:
         ad:e4:6d:b4:2e:63:20:bd:5e:c0:df:52:01:4f:8f:70:b6:0d:
         3b:c1:92:63:3f:01:cd:18:b2:0a:14:95:09:10:3b:02:d7:a0:
         36:3a:4f:32:8d:cd:28:4c:42:bd:9b:73:78:df:0f:d9:73:58:
         20:e0:a7:9f:8f:7d:ff:54:26:ac:6b:59:f9:60:32:12:00:3c:
         b9:d7:a8:a6:bb:f6:ac:6b:9c:80:f2:e7:71:a6:b2:f5:f9:75:
         4e:5e:d6:7b:0b:61:c1:94:d7:0c:50:b5:d0:d3:2f:cd:10:c3:
         bb:c3:ed:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULWtzyvoTCbRTQKbvC1hGALb2f8AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MjIwNzM5MDJaFw0yNjA5MjEwNzQ0MDJaMDMxMTAvBgNV
BAMTKEMwNzJBOUU4QUU1QkYzNzMyNzY3MTI0MDU5Qjk2QTkzNzlCQjc3RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCszsAvcuPkV18CHy9YapwmtQq9
TFODRJcLszPPivUthDVCvNANeBXcq2M0QYZPEQEso5Y+jjBCaypkS6IQvyVFeEMX
M29MwJgcO5FXAnWmVlgcsZ5aK6cbqiqNy8cBninrTNh1by2W0DABopqB5Sg6ZyN2
7W7Z3mRCYEKZqca0rKDkzmBMs4/UCiddVWtmZNSiYwOGvsu995jdqP6NzzLDYW5l
1VW1hHXUBST04KrIN2gJSnwn2g/ZMsbG7qgyDgK0V9634JI99zQxTPtyUYX8m6wZ
oVmyHGF3KUZr9eeVanab8LdMjMkwo8h+HzCn1+NWXwso8KqQUS7B/3GLAFr7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwHKp6K5b83MnZxJAWblqk3m7d+cwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTAzMjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/ww
DQYJKoZIhvcNAQELBQADggEBAAYcB/8prPttMdYr9v47EcRtRn4sWAw5e6+4J0bG
c91tTMneKc2ADJUnOtGmD4LimjHPG/HxzFnLiJZQLmgXEcnDmdx8CedfB2HuOV3J
j0bY6pkQDhj4SN/X3tKSG6hwOVTYafY/LAhCcWv1Atr6JnY4iN+i8B6NwePt/EfS
68su21IUNnZdbE/Ehkm0da7hWq3kbbQuYyC9XsDfUgFPj3C2DTvBkmM/Ac0YsgoU
lQkQOwLXoDY6TzKNzShMQr2bc3jfD9lzWCDgp5+Pff9UJqxrWflgMhIAPLnXqKa7
9qxrnIDy53GmsvX5dU5e1nsLYcGU1wxQtdDTL80Qw7vD7ao=
-----END CERTIFICATE-----