Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20323131393735.roa
File:                     322e35362e3235302e302f32342d3234203d3e20323131393735.roa (raw, json)
Hash identifier:          HCAU3ZbMyDX/iF8U9OYPL5MzGXCsc9/yl5n0fLRE7BM=
Subject key identifier:   FE:0F:64:7B:4E:B9:63:09:64:B8:55:11:EE:14:99:F5:FF:9C:EA:D4
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7B9D4A80C43592D886442FFF8EA4332D7B9A24DA
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20323131393735.roa
Signing time:             Sat 15 Jun 2024 10:20:56 +0000
ROA not before:           Sat 15 Jun 2024 10:15:56 +0000
ROA not after:            Sat 14 Jun 2025 10:20:56 +0000
asID:                     211975
IP address blocks:        2.56.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 15:27:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:9d:4a:80:c4:35:92:d8:86:44:2f:ff:8e:a4:33:2d:7b:9a:24:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 15 10:15:56 2024 GMT
            Not After : Jun 14 10:20:56 2025 GMT
        Subject: CN=FE0F647B4EB9630964B85511EE1499F5FF9CEAD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:32:14:01:d7:6d:a4:fc:0a:02:a2:f6:03:9d:
                    dc:ee:2a:b0:b0:e7:4d:45:45:88:5d:c3:95:f0:8c:
                    54:e7:5b:5d:91:4d:03:cb:84:84:34:70:f9:1e:8b:
                    d3:cf:f3:7c:25:b3:08:49:b7:bd:63:56:e5:63:fc:
                    db:40:bb:48:e2:ed:34:29:8d:31:cf:9a:9e:77:e3:
                    70:36:29:1f:5e:b6:85:e7:30:96:3f:fe:7c:fb:ed:
                    26:5a:ca:bf:a3:90:eb:65:af:21:27:f9:3e:1b:c8:
                    8c:72:a6:35:7b:ae:f0:e7:21:27:60:5d:56:1c:a5:
                    cd:a2:e2:c7:6d:d0:33:ce:40:f3:85:ec:ed:ae:de:
                    8d:e5:6e:fd:09:c6:3f:67:a8:ca:15:e9:67:76:28:
                    e6:b9:b6:51:c0:4e:90:20:67:a2:9c:93:f8:f3:5a:
                    a5:65:4b:58:eb:e2:11:b4:1c:c0:fc:ad:bb:97:78:
                    3b:c2:8c:d4:95:45:f5:12:0f:95:0b:82:ff:82:a4:
                    36:69:e5:49:59:44:f4:e2:65:f6:4e:92:88:08:f8:
                    ae:3d:b6:ec:01:5c:b0:a1:f2:98:3f:c4:9f:df:dd:
                    72:7f:44:66:27:6d:89:cd:3e:e8:8a:ad:c6:15:ba:
                    72:fa:f0:95:02:a4:d9:41:17:c8:3d:b9:68:28:a3:
                    59:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:0F:64:7B:4E:B9:63:09:64:B8:55:11:EE:14:99:F5:FF:9C:EA:D4
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20323131393735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:6a:8a:4c:b4:ae:62:ea:07:30:22:15:e3:6a:e8:9d:ea:fb:
         bb:04:d5:ef:b2:4c:24:64:9d:06:a5:b4:6c:e7:7e:04:fc:b2:
         a5:7b:be:37:72:5e:75:0d:1f:e8:e3:81:3c:10:bb:a0:4e:a2:
         8a:e0:50:c4:16:50:e2:9b:0b:d3:72:6b:12:53:0f:82:49:b4:
         a2:93:1c:b1:5c:ae:32:f9:2b:3b:01:20:90:fc:48:8a:88:b4:
         b5:a9:64:a1:76:44:46:c2:1c:23:74:ec:db:8c:a2:25:c6:ef:
         c9:3c:09:8e:76:00:f4:1d:80:21:d0:d5:ed:0d:d2:a6:f5:95:
         2e:ee:2e:b4:99:b3:07:30:5c:37:ac:4a:a0:f7:97:cc:3e:ee:
         14:9d:ad:de:be:a9:90:9e:f0:08:81:f4:02:d4:ae:e3:c6:8b:
         c2:22:34:d0:bc:86:64:17:f2:1d:d1:24:11:01:cc:a1:c0:2b:
         18:2a:1f:91:a6:78:32:62:57:c9:94:b4:ca:be:2a:6b:0d:be:
         b8:f7:db:d0:c9:e8:35:fd:b7:97:0b:23:63:84:ae:70:cf:9e:
         fc:e9:ec:25:bd:f6:91:6f:7d:69:1f:90:ed:00:ad:25:68:ca:
         f0:46:96:bf:31:0f:e1:4e:cc:92:10:ab:a7:17:e3:ac:c4:9c:
         88:be:17:46
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUe51KgMQ1ktiGRC//jqQzLXuaJNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA2MTUxMDE1NTZaFw0yNTA2MTQxMDIwNTZaMDMxMTAvBgNV
BAMTKEZFMEY2NDdCNEVCOTYzMDk2NEI4NTUxMUVFMTQ5OUY1RkY5Q0VBRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKMhQB122k/AoCovYDndzuKrCw
501FRYhdw5XwjFTnW12RTQPLhIQ0cPkei9PP83wlswhJt71jVuVj/NtAu0ji7TQp
jTHPmp5343A2KR9etoXnMJY//nz77SZayr+jkOtlryEn+T4byIxypjV7rvDnISdg
XVYcpc2i4sdt0DPOQPOF7O2u3o3lbv0Jxj9nqMoV6Wd2KOa5tlHATpAgZ6Kck/jz
WqVlS1jr4hG0HMD8rbuXeDvCjNSVRfUSD5ULgv+CpDZp5UlZRPTiZfZOkogI+K49
tuwBXLCh8pg/xJ/f3XJ/RGYnbYnNPuiKrcYVunL68JUCpNlBF8g9uWgoo1m7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/g9ke065YwlkuFUR7hSZ9f+c6tQwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTM5MzczNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
+jANBgkqhkiG9w0BAQsFAAOCAQEApWqKTLSuYuoHMCIV42roner7uwTV77JMJGSd
BqW0bOd+BPyypXu+N3JedQ0f6OOBPBC7oE6iiuBQxBZQ4psL03JrElMPgkm0opMc
sVyuMvkrOwEgkPxIioi0talkoXZERsIcI3Ts24yiJcbvyTwJjnYA9B2AIdDV7Q3S
pvWVLu4utJmzBzBcN6xKoPeXzD7uFJ2t3r6pkJ7wCIH0AtSu48aLwiI00LyGZBfy
HdEkEQHMocArGCofkaZ4MmJXyZS0yr4qaw2+uPfb0MnoNf23lwsjY4SucM+e/Ons
Jb32kW99aR+Q7QCtJWjK8EaWvzEP4U7MkhCrpxfjrMSciL4XRg==
-----END CERTIFICATE-----