Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35362e3235322e302f32342d3234203d3e20313336373837.roa
File:                     322e35362e3235322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          MV1RcRU84vA6IQGrs5T/CjdwnBktioV4UAlJfIJzVME=
Subject key identifier:   62:84:1E:EC:67:F1:84:97:D7:C6:37:9B:E4:F9:8A:40:18:2F:07:00
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1AABEBA711FA98E4475DD5D6C5B3F0DC08F0BA03
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35362e3235322e302f32342d3234203d3e20313336373837.roa
Signing time:             Thu 02 Oct 2025 14:47:47 +0000
ROA not before:           Thu 02 Oct 2025 14:42:47 +0000
ROA not after:            Thu 01 Oct 2026 14:47:47 +0000
asID:                     136787
IP address blocks:        2.56.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:43:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:ab:eb:a7:11:fa:98:e4:47:5d:d5:d6:c5:b3:f0:dc:08:f0:ba:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct  2 14:42:47 2025 GMT
            Not After : Oct  1 14:47:47 2026 GMT
        Subject: CN=62841EEC67F18497D7C6379BE4F98A40182F0700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:15:54:fb:c8:52:c1:f4:56:81:5d:c6:7d:85:
                    41:ba:7c:26:0a:f1:e2:f2:81:0f:fa:7a:71:81:cd:
                    0d:df:18:8a:8b:55:0d:a7:fa:3c:42:7d:7f:0d:fa:
                    a7:4a:60:18:51:e6:65:07:2a:43:2e:dd:4d:ae:a6:
                    1e:a5:5b:71:ce:2b:7b:e1:2a:8d:29:db:cb:de:ea:
                    7a:d2:e8:52:53:d4:cf:06:d5:c3:b1:fc:24:2c:fb:
                    7e:e1:cc:9f:31:a7:f0:31:85:17:de:84:f0:ac:81:
                    c2:b0:6c:5e:cc:83:e3:cb:18:fa:c2:b6:00:2a:d0:
                    3a:1c:30:dd:0e:ba:d8:45:16:3a:fc:5f:64:21:f4:
                    4e:95:ad:ab:60:62:c0:89:71:97:21:5a:35:8b:65:
                    07:06:e9:f7:34:36:91:29:10:1c:fc:a9:fa:62:9d:
                    0c:2a:e1:07:a9:78:57:7a:1b:dc:03:3e:66:99:12:
                    b0:53:7f:82:c6:43:44:d8:61:e4:c4:01:cc:f7:4f:
                    f3:96:7e:85:24:a6:8c:55:49:be:83:d5:72:95:10:
                    6a:a9:fe:6d:64:3a:04:e4:a1:66:db:94:70:ee:02:
                    0c:c3:4e:ef:a4:d7:78:22:9f:ad:7c:3d:fb:05:1f:
                    f6:f2:76:e3:f8:b1:e0:bc:b7:5f:46:71:50:90:d0:
                    e0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:84:1E:EC:67:F1:84:97:D7:C6:37:9B:E4:F9:8A:40:18:2F:07:00
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35362e3235322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:eb:70:90:fc:38:47:64:89:17:3e:71:55:6c:0d:4e:04:59:
         2f:fd:8c:28:ba:19:1a:9c:20:cc:da:80:36:7a:4c:12:7e:6a:
         c5:b5:af:3c:78:a9:88:31:8e:64:9b:87:3d:a3:c4:85:58:21:
         a7:bc:13:5d:e9:38:74:09:08:77:03:98:88:0d:9c:b4:38:ed:
         a5:e4:e5:0e:95:a4:5f:2c:cb:a1:14:8b:54:98:7a:82:f4:ee:
         8e:8b:6e:2c:1d:4d:69:95:84:e5:b0:47:97:52:24:8e:21:1c:
         aa:bc:ad:b3:05:e2:92:a6:a4:be:49:6d:0d:98:a9:73:85:df:
         7d:b7:26:cc:06:ad:4b:47:ee:4b:69:dc:9c:b0:b2:68:10:c8:
         03:6b:a7:bd:da:fe:c3:c3:0e:71:f9:df:04:bc:d4:48:1f:39:
         90:d7:46:2a:54:99:b8:39:a5:bd:ce:84:05:ec:31:55:39:d4:
         3c:3c:00:0b:81:e8:cc:da:dd:ab:77:50:44:60:a5:48:a0:40:
         ac:d8:94:36:ec:c1:81:5e:83:a9:0f:bb:a4:91:2b:8a:31:c4:
         ee:d5:98:70:8a:8e:6e:ab:36:0b:9c:8c:14:d0:e3:e1:1b:6c:
         69:0d:4c:30:c4:20:f6:81:20:1b:c8:c1:9a:c5:f2:a6:24:40:
         ec:4f:cf:e4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGqvrpxH6mORHXdXWxbPw3AjwugMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMDIxNDQyNDdaFw0yNjEwMDExNDQ3NDdaMDMxMTAvBgNV
BAMTKDYyODQxRUVDNjdGMTg0OTdEN0M2Mzc5QkU0Rjk4QTQwMTgyRjA3MDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcFVT7yFLB9FaBXcZ9hUG6fCYK
8eLygQ/6enGBzQ3fGIqLVQ2n+jxCfX8N+qdKYBhR5mUHKkMu3U2uph6lW3HOK3vh
Ko0p28ve6nrS6FJT1M8G1cOx/CQs+37hzJ8xp/AxhRfehPCsgcKwbF7Mg+PLGPrC
tgAq0DocMN0OuthFFjr8X2Qh9E6VratgYsCJcZchWjWLZQcG6fc0NpEpEBz8qfpi
nQwq4QepeFd6G9wDPmaZErBTf4LGQ0TYYeTEAcz3T/OWfoUkpoxVSb6D1XKVEGqp
/m1kOgTkoWbblHDuAgzDTu+k13gin618PfsFH/byduP4seC8t19GcVCQ0OD5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYoQe7GfxhJfXxjeb5PmKQBgvBwAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIyZTM1MzYyZTMyMzUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
/DANBgkqhkiG9w0BAQsFAAOCAQEAfutwkPw4R2SJFz5xVWwNTgRZL/2MKLoZGpwg
zNqANnpMEn5qxbWvPHipiDGOZJuHPaPEhVghp7wTXek4dAkIdwOYiA2ctDjtpeTl
DpWkXyzLoRSLVJh6gvTujotuLB1NaZWE5bBHl1IkjiEcqrytswXikqakvkltDZip
c4XffbcmzAatS0fuS2ncnLCyaBDIA2unvdr+w8MOcfnfBLzUSB85kNdGKlSZuDml
vc6EBewxVTnUPDwAC4HozNrdq3dQRGClSKBArNiUNuzBgV6DqQ+7pJErijHE7tWY
cIqObqs2C5yMFNDj4RtsaQ1MMMQg9oEgG8jBmsXypiRA7E/P5A==
-----END CERTIFICATE-----