Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa
File:                     AS59432.roa (raw, json)
Hash identifier:          96cSc4avHRHIDQZ7THBJ+gSDNUB21tbKO1yjT/vnzRg=
Subject key identifier:   03:54:E0:A3:68:98:D0:2B:3E:CD:31:E5:55:47:9B:14:92:3E:C3:7D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0995A62EF5FCF9979EC4053309DDAF384BED712E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa
Signing time:             Fri 20 Jun 2025 07:53:25 +0000
ROA not before:           Fri 20 Jun 2025 07:48:25 +0000
ROA not after:            Fri 19 Jun 2026 07:53:25 +0000
asID:                     59432
IP address blocks:        143.20.12.0/24 maxlen: 24
                          143.20.82.0/24 maxlen: 24
                          143.20.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:95:a6:2e:f5:fc:f9:97:9e:c4:05:33:09:dd:af:38:4b:ed:71:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 20 07:48:25 2025 GMT
            Not After : Jun 19 07:53:25 2026 GMT
        Subject: CN=0354E0A36898D02B3ECD31E555479B14923EC37D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6c:a7:32:8d:42:3e:6a:d0:aa:09:29:57:d8:
                    1f:07:50:3b:cc:76:be:a8:5c:0a:ab:b1:a5:e6:70:
                    05:cd:d6:df:e1:3d:6a:9c:0b:1a:b5:4c:84:63:17:
                    08:41:20:dd:2d:13:c6:bd:3a:73:8e:09:38:cb:0d:
                    5c:ec:2f:44:0c:4d:b1:ef:05:97:c4:22:a7:fb:50:
                    2d:7c:bf:0b:18:b7:66:5b:de:2c:5b:2e:bb:13:2a:
                    47:0d:b9:c7:35:c0:6a:84:30:b1:d1:cd:c6:b1:8a:
                    6a:84:a7:a3:44:2a:65:00:11:7a:00:7c:15:96:a3:
                    77:a0:53:bc:58:03:f2:87:57:e2:6f:65:1b:b2:69:
                    71:64:e1:71:ff:65:8a:ba:31:96:fb:d9:a5:62:98:
                    af:77:be:53:10:0c:6e:20:70:a8:10:c1:c7:3c:b1:
                    19:c1:59:dd:d9:1b:cf:90:35:f0:ee:f8:1f:b5:72:
                    23:8e:68:a8:ca:c7:17:c9:02:8d:8e:64:39:e5:4e:
                    c4:05:c7:e8:43:9d:73:bf:de:df:36:82:db:2e:e9:
                    56:2c:be:7b:44:82:20:47:8f:e1:55:67:24:68:7f:
                    34:82:37:ee:0d:92:09:c9:1e:5c:bc:cd:50:74:ff:
                    35:a0:94:07:7a:09:a8:a7:02:2f:35:11:e1:48:0e:
                    84:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:54:E0:A3:68:98:D0:2B:3E:CD:31:E5:55:47:9B:14:92:3E:C3:7D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.12.0/24
                  143.20.82.0/24
                  143.20.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:44:68:3d:62:ba:56:15:c7:5c:b1:33:3c:d5:35:28:fa:77:
         64:0f:90:85:9f:ff:d8:81:7f:2a:5a:db:60:91:0c:cf:01:fc:
         5a:b4:0a:95:4f:54:ca:0b:80:29:7f:63:34:27:6e:fa:9d:bd:
         fe:f9:f7:0d:58:ea:56:f7:1e:6c:e4:93:a2:e2:4b:03:9e:b8:
         bb:d4:56:da:e0:51:ea:a4:ad:70:b7:b7:91:31:53:1b:3e:b1:
         c5:3c:7e:91:15:bc:bf:78:93:84:82:8f:4b:80:f2:06:c8:2e:
         15:1e:85:ac:42:6d:13:21:1a:db:b5:a1:10:0e:6e:90:49:1c:
         6d:b0:72:b0:ff:d6:2e:db:e9:65:2c:f5:6b:aa:09:32:83:d0:
         d7:de:36:31:c8:0c:86:e1:03:66:2c:25:e6:fc:0b:11:03:f9:
         6e:08:31:11:1f:cd:88:cb:95:b6:f6:9d:4f:3d:5b:0f:1d:49:
         2d:d4:d1:6f:8e:6c:20:7d:43:08:28:44:7e:bb:53:46:1f:34:
         47:57:64:e9:43:90:3e:5c:b2:12:71:e8:82:54:25:7e:f4:c7:
         1a:b2:25:fb:56:16:20:8a:97:28:dd:55:26:7f:a0:78:49:fe:
         5c:44:9d:40:b2:d5:e0:ef:5f:68:76:ca:96:64:b3:6e:14:8d:
         66:32:2e:4f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUCZWmLvX8+ZeexAUzCd2vOEvtcS4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjAwNzQ4MjVaFw0yNjA2MTkwNzUzMjVaMDMxMTAvBgNV
BAMTKDAzNTRFMEEzNjg5OEQwMkIzRUNEMzFFNTU1NDc5QjE0OTIzRUMzN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRbKcyjUI+atCqCSlX2B8HUDvM
dr6oXAqrsaXmcAXN1t/hPWqcCxq1TIRjFwhBIN0tE8a9OnOOCTjLDVzsL0QMTbHv
BZfEIqf7UC18vwsYt2Zb3ixbLrsTKkcNucc1wGqEMLHRzcaximqEp6NEKmUAEXoA
fBWWo3egU7xYA/KHV+JvZRuyaXFk4XH/ZYq6MZb72aVimK93vlMQDG4gcKgQwcc8
sRnBWd3ZG8+QNfDu+B+1ciOOaKjKxxfJAo2OZDnlTsQFx+hDnXO/3t82gtsu6VYs
vntEgiBHj+FVZyRofzSCN+4NkgnJHly8zVB0/zWglAd6CainAi81EeFIDoQ5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUA1Tgo2iY0Cs+zTHlVUebFJI+w30wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTk0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFAwD
BACPFFIDBACPFHgwDQYJKoZIhvcNAQELBQADggEBADVEaD1iulYVx1yxMzzVNSj6
d2QPkIWf/9iBfypa22CRDM8B/Fq0CpVPVMoLgCl/YzQnbvqdvf759w1Y6lb3Hmzk
k6LiSwOeuLvUVtrgUeqkrXC3t5ExUxs+scU8fpEVvL94k4SCj0uA8gbILhUehaxC
bRMhGtu1oRAObpBJHG2wcrD/1i7b6WUs9WuqCTKD0NfeNjHIDIbhA2YsJeb8CxED
+W4IMREfzYjLlbb2nU89Ww8dSS3U0W+ObCB9QwgoRH67U0YfNEdXZOlDkD5cshJx
6IJUJX70xxqyJftWFiCKlyjdVSZ/oHhJ/lxEnUCy1eDvX2h2ypZks24UjWYyLk8=
-----END CERTIFICATE-----