Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa
File:                     AS59432.roa (raw, json)
Hash identifier:          P/CYihwfzhZOC/p68Rtm3/psm6Hgoa5SDZ0OCdFqCdc=
Subject key identifier:   03:62:C1:67:C9:A8:8F:D1:E6:72:39:91:39:2F:D9:CB:C7:9F:A4:E8
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       60C174BD67ECC7891F3F29EAC6697C381D119FAB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa
Signing time:             Fri 17 Oct 2025 07:31:34 +0000
ROA not before:           Fri 17 Oct 2025 07:26:34 +0000
ROA not after:            Fri 16 Oct 2026 07:31:34 +0000
asID:                     59432
IP address blocks:        143.20.105.0/24 maxlen: 24
                          143.20.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:c1:74:bd:67:ec:c7:89:1f:3f:29:ea:c6:69:7c:38:1d:11:9f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 17 07:26:34 2025 GMT
            Not After : Oct 16 07:31:34 2026 GMT
        Subject: CN=0362C167C9A88FD1E6723991392FD9CBC79FA4E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:dd:22:85:9a:a1:d7:a7:d1:29:a1:37:2d:8b:
                    ac:81:01:88:8a:dc:c2:50:3c:5e:80:cd:65:8a:32:
                    33:7e:05:f0:32:64:12:39:0d:f0:29:bb:26:5b:71:
                    17:c8:78:ee:cc:06:09:c9:dc:f7:95:86:97:a8:9f:
                    29:32:58:e0:f3:af:df:60:bf:cd:9b:76:be:ac:e6:
                    53:0b:63:be:47:86:94:48:82:3d:37:96:b1:42:77:
                    a7:41:8a:eb:86:e7:fc:c3:54:de:f6:24:2f:74:4f:
                    08:77:a3:45:24:45:0a:bc:ec:46:2b:5c:e5:25:4f:
                    e8:8f:1b:e7:10:31:7c:38:82:1a:d9:6d:e3:92:03:
                    c3:4d:fa:f6:44:d6:67:49:72:95:54:78:2e:c7:97:
                    18:07:6b:bd:1d:70:7c:2f:48:ea:59:98:77:4e:60:
                    51:c4:60:81:41:7f:13:95:c7:6e:6b:81:52:78:0b:
                    56:19:96:1c:c4:b3:bd:f2:c9:e8:cd:c7:32:d6:39:
                    d5:ab:61:fe:25:57:77:93:5a:17:ff:84:3d:04:27:
                    38:a0:67:a9:d6:b4:30:d1:3c:f1:39:4c:e9:7d:43:
                    a6:29:c6:2c:11:a3:ce:38:6b:2f:91:7b:ff:4e:eb:
                    9c:95:62:79:46:4b:62:7e:9e:cf:ed:4a:7d:99:4a:
                    df:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:62:C1:67:C9:A8:8F:D1:E6:72:39:91:39:2F:D9:CB:C7:9F:A4:E8
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS59432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.105.0/24
                  143.20.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:9e:e0:ee:46:3e:45:02:1a:c6:7d:02:11:23:c9:47:45:a1:
         f7:4d:8f:b1:c7:ac:7d:61:a0:de:01:b5:b1:43:91:8f:41:5d:
         e5:b2:3b:6d:08:5f:45:06:ab:f2:30:f5:ce:e4:15:0e:8d:ef:
         f3:ed:5f:59:af:61:e3:33:73:83:60:40:0f:1d:fc:cf:b3:b4:
         d8:89:7a:e1:82:dc:62:04:bc:e7:2e:ff:d4:b8:7a:eb:b5:c7:
         bd:19:98:5c:4f:b1:e1:b2:a3:b6:1c:33:cc:4f:6a:b3:59:ff:
         81:98:88:45:da:94:63:09:d1:00:06:99:12:fb:f5:a8:54:b8:
         02:3a:a4:91:a0:5f:63:49:76:e5:4e:9a:5d:63:75:9d:ae:ec:
         7a:10:71:2c:d9:fa:32:5d:1d:d5:a1:f8:dd:db:d4:9f:1f:e5:
         5e:64:6d:0f:17:c2:c9:29:63:32:b2:5b:a4:6b:40:74:b9:c4:
         64:17:f6:39:f7:a4:28:4f:b2:1a:e8:2b:f7:ed:b1:5a:18:a0:
         e8:28:b6:cf:ab:e7:04:7e:5f:5c:c3:b8:d5:49:84:05:64:3a:
         21:7b:8c:13:a5:3c:65:5a:76:aa:67:c3:08:de:99:6e:e7:51:
         07:11:47:f9:a3:65:8c:d4:bf:b3:d3:4b:1f:17:b7:88:68:74:
         4f:aa:0c:97
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUYMF0vWfsx4kfPynqxml8OB0Rn6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMTcwNzI2MzRaFw0yNjEwMTYwNzMxMzRaMDMxMTAvBgNV
BAMTKDAzNjJDMTY3QzlBODhGRDFFNjcyMzk5MTM5MkZEOUNCQzc5RkE0RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh3SKFmqHXp9EpoTcti6yBAYiK
3MJQPF6AzWWKMjN+BfAyZBI5DfApuyZbcRfIeO7MBgnJ3PeVhpeonykyWODzr99g
v82bdr6s5lMLY75HhpRIgj03lrFCd6dBiuuG5/zDVN72JC90Twh3o0UkRQq87EYr
XOUlT+iPG+cQMXw4ghrZbeOSA8NN+vZE1mdJcpVUeC7HlxgHa70dcHwvSOpZmHdO
YFHEYIFBfxOVx25rgVJ4C1YZlhzEs73yyejNxzLWOdWrYf4lV3eTWhf/hD0EJzig
Z6nWtDDRPPE5TOl9Q6YpxiwRo844ay+Re/9O65yVYnlGS2J+ns/tSn2ZSt/RAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUA2LBZ8moj9HmcjmROS/Zy8efpOgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTk0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFGkD
BACPFMAwDQYJKoZIhvcNAQELBQADggEBAAme4O5GPkUCGsZ9AhEjyUdFofdNj7HH
rH1hoN4BtbFDkY9BXeWyO20IX0UGq/Iw9c7kFQ6N7/PtX1mvYeMzc4NgQA8d/M+z
tNiJeuGC3GIEvOcu/9S4euu1x70ZmFxPseGyo7YcM8xParNZ/4GYiEXalGMJ0QAG
mRL79ahUuAI6pJGgX2NJduVOml1jdZ2u7HoQcSzZ+jJdHdWh+N3b1J8f5V5kbQ8X
wskpYzKyW6RrQHS5xGQX9jn3pChPshroK/ftsVoYoOgots+r5wR+X1zDuNVJhAVk
OiF7jBOlPGVadqpnwwjemW7nUQcRR/mjZYzUv7PTSx8Xt4hodE+qDJc=
-----END CERTIFICATE-----