Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa
File:                     AS56962.roa (raw, json)
Hash identifier:          S+Vtm7+53dnJeseEtH9n65btcGgNC16OHCUZHegt9Sg=
Subject key identifier:   60:70:FC:12:7F:9B:5F:07:A3:2D:3A:EA:A2:93:F1:C3:5D:E2:2E:3C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       59A4A38F1C59B269329B28761A479E10EAAA724C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa
Signing time:             Tue 05 May 2026 07:47:11 +0000
ROA not before:           Tue 05 May 2026 07:42:11 +0000
ROA not after:            Tue 04 May 2027 07:47:11 +0000
asID:                     56962
IP address blocks:        141.11.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:58:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:a4:a3:8f:1c:59:b2:69:32:9b:28:76:1a:47:9e:10:ea:aa:72:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  5 07:42:11 2026 GMT
            Not After : May  4 07:47:11 2027 GMT
        Subject: CN=6070FC127F9B5F07A32D3AEAA293F1C35DE22E3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9e:67:99:f1:b9:ef:a2:c5:d8:b3:a2:5d:f9:
                    ca:cf:a8:5b:80:fe:c4:32:58:01:65:2b:ec:c3:4a:
                    fc:a9:7a:ef:79:7a:4c:04:aa:15:e1:bf:16:9f:4b:
                    32:ca:b9:33:73:fd:fa:af:30:1e:a7:51:f5:53:aa:
                    67:55:fa:58:33:15:e7:22:7c:22:e2:95:fa:1b:34:
                    d9:83:d0:08:5c:ca:78:bd:1c:81:d5:76:b9:4e:43:
                    ff:5e:3f:20:de:2a:61:89:83:6a:78:6e:58:90:75:
                    37:81:d1:87:b8:7d:58:c8:52:80:b2:f4:49:cd:93:
                    0c:46:c1:98:20:74:1f:3c:4b:e3:84:ec:74:82:99:
                    98:8a:f0:09:e1:d6:71:df:e7:99:ea:49:6a:0b:17:
                    a2:63:91:2e:69:e3:10:47:ac:65:f6:f6:c1:dc:a3:
                    2a:15:81:2b:e1:9e:59:c3:98:0b:28:7f:3c:43:23:
                    10:cb:37:b6:f8:df:1c:1f:e6:b6:44:25:69:c9:f4:
                    f0:90:ba:ab:42:a6:0f:76:ec:57:8c:18:e4:c3:73:
                    0b:16:a4:7b:43:6e:40:09:5b:1a:58:f1:53:b4:22:
                    6f:d6:bc:47:ec:26:68:34:51:1c:e1:3d:39:dc:55:
                    c3:05:a4:84:f1:b4:f6:7c:48:32:17:dc:04:27:7f:
                    3b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:70:FC:12:7F:9B:5F:07:A3:2D:3A:EA:A2:93:F1:C3:5D:E2:2E:3C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:1d:82:3a:31:d0:29:0b:33:ab:27:04:a8:80:cd:bd:2c:55:
         52:2d:71:22:ed:3c:ac:71:cb:a8:8a:47:9a:9c:63:75:08:30:
         c7:17:50:a1:d0:3c:0e:01:4a:11:c0:8a:f8:1f:38:c2:11:cb:
         f6:34:99:cd:97:cd:0c:e8:bd:e2:69:22:cc:d7:bb:eb:29:ec:
         69:63:67:8c:7d:af:7e:1d:6d:4a:82:80:df:19:3e:24:4e:3d:
         f0:f3:cd:4f:dc:84:6a:51:60:e9:e3:64:18:9e:4d:2d:fc:e5:
         35:21:0b:f0:3f:41:79:a2:ea:be:9f:fd:2b:4d:24:20:be:6f:
         cd:c8:58:50:90:c7:ab:7d:e1:ce:9a:b7:25:26:09:ac:8e:9d:
         15:4d:b7:1e:d2:eb:d9:4a:7c:c7:a9:83:43:b5:88:56:f1:8c:
         dc:35:dd:9b:82:9b:a7:df:8a:56:b5:fd:8b:7a:03:ae:97:4c:
         ea:0f:91:ce:83:a2:75:f7:c2:87:9b:17:98:5e:67:bf:4a:5f:
         6c:3b:87:df:79:0f:27:3d:44:8e:09:b7:f8:f3:e3:63:7f:15:
         9c:49:72:a7:31:66:00:07:c6:9a:1d:d7:5b:fc:46:98:8b:5f:
         5b:db:14:75:22:3d:fe:9f:7b:38:dc:f7:aa:f6:3b:69:58:0a:
         7d:52:2b:fa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWaSjjxxZsmkymyh2GkeeEOqqckwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MDUwNzQyMTFaFw0yNzA1MDQwNzQ3MTFaMDMxMTAvBgNV
BAMTKDYwNzBGQzEyN0Y5QjVGMDdBMzJEM0FFQUEyOTNGMUMzNURFMjJFM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqnmeZ8bnvosXYs6Jd+crPqFuA
/sQyWAFlK+zDSvypeu95ekwEqhXhvxafSzLKuTNz/fqvMB6nUfVTqmdV+lgzFeci
fCLilfobNNmD0Ahcyni9HIHVdrlOQ/9ePyDeKmGJg2p4bliQdTeB0Ye4fVjIUoCy
9EnNkwxGwZggdB88S+OE7HSCmZiK8Anh1nHf55nqSWoLF6JjkS5p4xBHrGX29sHc
oyoVgSvhnlnDmAsofzxDIxDLN7b43xwf5rZEJWnJ9PCQuqtCpg927FeMGOTDcwsW
pHtDbkAJWxpY8VO0Im/WvEfsJmg0URzhPTncVcMFpITxtPZ8SDIX3AQnfzufAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUYHD8En+bXwejLTrqopPxw13iLjwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTY5NjIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCxgw
DQYJKoZIhvcNAQELBQADggEBALQdgjox0CkLM6snBKiAzb0sVVItcSLtPKxxy6iK
R5qcY3UIMMcXUKHQPA4BShHAivgfOMIRy/Y0mc2XzQzoveJpIszXu+sp7GljZ4x9
r34dbUqCgN8ZPiROPfDzzU/chGpRYOnjZBieTS385TUhC/A/QXmi6r6f/StNJCC+
b83IWFCQx6t94c6atyUmCayOnRVNtx7S69lKfMepg0O1iFbxjNw13ZuCm6ffila1
/Yt6A66XTOoPkc6DonX3woebF5heZ79KX2w7h995Dyc9RI4Jt/jz42N/FZxJcqcx
ZgAHxpod11v8RpiLX1vbFHUiPf6fezjc96r2O2lYCn1SK/o=
-----END CERTIFICATE-----