Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e203631333137.roa
File:                     322e35362e3234392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          2kdUMTkQAHBqHXXxTVz09YF0/R9m4xhjJJEmY6Yl9f4=
Subject key identifier:   30:CD:63:3C:F2:1A:8C:32:6C:C5:D4:86:06:02:92:F0:71:CD:57:0A
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       4BC3AA063D4BAEC4D6500C672DCCDECEA7CCFE1A
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 11 Oct 2023 12:45:25 +0000
ROA not before:           Wed 11 Oct 2023 12:40:25 +0000
ROA not after:            Wed 09 Oct 2024 12:45:25 +0000
asID:                     61317
IP address blocks:        2.56.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:c3:aa:06:3d:4b:ae:c4:d6:50:0c:67:2d:cc:de:ce:a7:cc:fe:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Oct 11 12:40:25 2023 GMT
            Not After : Oct  9 12:45:25 2024 GMT
        Subject: CN=30CD633CF21A8C326CC5D486060292F071CD570A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e2:87:18:51:d2:b5:5c:40:44:cd:f7:63:af:
                    b0:4b:c3:a7:96:4c:98:76:42:57:1a:5f:7e:2a:83:
                    6a:b1:4c:6e:b1:8c:f3:04:fe:48:80:18:11:15:fd:
                    b7:a8:a2:19:83:a5:0f:d1:0e:64:93:b5:61:65:b3:
                    cd:cc:75:ce:50:37:13:7b:39:17:12:17:31:94:97:
                    ea:35:6b:25:ce:b0:dc:78:fe:4f:7b:fa:ba:5b:f1:
                    e7:4c:04:76:fe:c0:10:a6:4c:39:8a:70:91:6d:ba:
                    4a:05:a4:c1:85:dc:b5:20:6d:62:74:25:78:2d:be:
                    36:e0:97:20:63:a5:14:66:05:eb:f4:68:f6:2e:47:
                    68:7d:d8:d6:b6:31:ff:c5:41:f2:e4:d8:93:e2:bb:
                    74:fb:c2:0b:27:2b:34:70:57:2d:26:b1:bd:2f:ba:
                    18:60:11:56:12:bd:a7:d0:c0:26:9f:1e:ca:c9:d5:
                    39:17:e2:12:54:0b:16:2e:72:92:9b:44:8a:6e:dd:
                    e9:ac:97:e5:68:35:bd:b1:de:2b:98:6f:5a:bc:51:
                    52:48:2f:61:5c:b6:08:e4:0b:43:39:57:ec:7c:4b:
                    61:af:2b:3c:2c:5c:c9:b1:89:d0:ce:82:58:a5:a5:
                    33:c3:8e:ce:b9:1f:3c:84:c8:62:09:7b:4e:4d:aa:
                    c1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:CD:63:3C:F2:1A:8C:32:6C:C5:D4:86:06:02:92:F0:71:CD:57:0A
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:4a:56:08:8e:10:54:7c:88:1a:7e:7a:f9:17:77:d3:74:35:
         60:f5:db:7f:9c:28:b5:83:8a:fb:88:2a:77:4b:96:03:dd:0a:
         78:0b:00:af:27:6b:b0:fa:cf:7b:08:85:6f:82:ef:4b:89:b4:
         f5:4e:2c:8f:6b:a5:53:a5:7e:a7:62:94:bc:77:e1:21:94:43:
         f4:70:f3:6c:0a:f2:54:08:32:db:77:58:27:b3:6b:ab:e3:6b:
         d5:81:a0:14:db:55:0d:61:f8:23:3a:70:8c:88:7a:5e:6f:73:
         af:5a:4e:a7:87:8f:33:0b:00:de:86:b5:cb:a1:da:60:28:f8:
         5b:0b:a7:57:45:ca:2a:2b:e3:ca:ad:22:04:ea:c0:cd:7b:bd:
         c0:9a:77:1c:25:d2:af:52:1d:22:19:bc:e4:26:a5:49:c9:30:
         2c:62:ff:b6:fd:68:63:c3:0b:0b:65:cd:28:2b:9d:90:49:d9:
         30:d5:c2:13:aa:55:b9:62:dd:72:61:9a:ff:2b:1d:96:22:58:
         03:64:2d:e8:fc:1e:6b:8c:c2:18:42:8f:70:37:3b:fa:15:b2:
         00:fc:42:a4:3d:63:78:16:9e:cc:70:ae:b3:41:17:2e:f9:72:
         ad:70:e2:50:bc:4a:8c:f0:8e:9b:ab:ff:82:10:23:44:18:e7:
         b9:6b:35:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUS8OqBj1LrsTWUAxnLczezqfM/howDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzEwMTExMjQwMjVaFw0yNDEwMDkxMjQ1MjVaMDMxMTAvBgNV
BAMTKDMwQ0Q2MzNDRjIxQThDMzI2Q0M1RDQ4NjA2MDI5MkYwNzFDRDU3MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd4ocYUdK1XEBEzfdjr7BLw6eW
TJh2QlcaX34qg2qxTG6xjPME/kiAGBEV/beoohmDpQ/RDmSTtWFls83Mdc5QNxN7
ORcSFzGUl+o1ayXOsNx4/k97+rpb8edMBHb+wBCmTDmKcJFtukoFpMGF3LUgbWJ0
JXgtvjbglyBjpRRmBev0aPYuR2h92Na2Mf/FQfLk2JPiu3T7wgsnKzRwVy0msb0v
uhhgEVYSvafQwCafHsrJ1TkX4hJUCxYucpKbRIpu3emsl+VoNb2x3iuYb1q8UVJI
L2FctgjkC0M5V+x8S2GvKzwsXMmxidDOglilpTPDjs65HzyEyGIJe05NqsGdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMM1jPPIajDJsxdSGBgKS8HHNVwowHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzQzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOPkw
DQYJKoZIhvcNAQELBQADggEBAH5KVgiOEFR8iBp+evkXd9N0NWD123+cKLWDivuI
KndLlgPdCngLAK8na7D6z3sIhW+C70uJtPVOLI9rpVOlfqdilLx34SGUQ/Rw82wK
8lQIMtt3WCeza6vja9WBoBTbVQ1h+CM6cIyIel5vc69aTqeHjzMLAN6Gtcuh2mAo
+FsLp1dFyior48qtIgTqwM17vcCadxwl0q9SHSIZvOQmpUnJMCxi/7b9aGPDCwtl
zSgrnZBJ2TDVwhOqVbli3XJhmv8rHZYiWANkLej8HmuMwhhCj3A3O/oVsgD8QqQ9
Y3gWnsxwrrNBFy75cq1w4lC8Sozwjpur/4IQI0QY57lrNb8=
-----END CERTIFICATE-----