Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e20323036363936.roa
File:                     322e35392e35382e302f32342d3234203d3e20323036363936.roa (raw, json)
Hash identifier:          NBLYY07ax4v3YD+4WGX1xnOyHGrNglTzViGlm3Ymvgo=
Subject key identifier:   63:49:6D:B8:8C:44:6E:13:62:7C:53:D5:28:6E:B5:16:4E:84:5B:4B
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       5B33530ABCA16E5988D58DCDBE57D4907DDE1804
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e20323036363936.roa
Signing time:             Tue 15 Jul 2025 07:53:20 +0000
ROA not before:           Tue 15 Jul 2025 07:48:20 +0000
ROA not after:            Tue 14 Jul 2026 07:53:20 +0000
asID:                     206696
IP address blocks:        2.59.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 21:26:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:33:53:0a:bc:a1:6e:59:88:d5:8d:cd:be:57:d4:90:7d:de:18:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jul 15 07:48:20 2025 GMT
            Not After : Jul 14 07:53:20 2026 GMT
        Subject: CN=63496DB88C446E13627C53D5286EB5164E845B4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:48:8b:da:50:94:4d:5f:f2:9b:6b:b5:b7:5d:
                    a8:76:5a:24:80:59:a7:b0:f4:08:cc:01:b1:56:71:
                    58:92:50:4a:8a:45:a7:f2:c3:52:42:ca:0b:0a:9e:
                    88:5c:3e:02:ac:39:ac:9e:8f:9f:bd:24:d8:3f:80:
                    13:e6:d5:37:b5:0b:31:55:cf:7a:e2:65:95:18:21:
                    62:fe:41:10:46:a4:84:e3:3f:42:de:5d:1b:63:dd:
                    6f:93:e9:56:3b:4a:93:e3:ab:06:41:b5:21:6d:34:
                    f7:6c:aa:4d:81:3b:a5:77:01:c4:86:37:ed:8d:df:
                    15:4d:39:7e:15:a8:a8:dd:74:6b:c4:8c:ce:b8:19:
                    d4:5b:14:51:27:15:83:b2:60:b0:5a:69:51:47:25:
                    95:b7:90:2d:6f:8a:dd:17:ed:3a:ab:ec:b7:13:eb:
                    40:6d:9a:fb:a2:ae:3e:aa:63:22:7a:39:ee:c6:d1:
                    d7:e8:ca:2a:a2:3b:06:b5:fa:3c:31:4b:92:b9:2d:
                    d3:a9:ba:e7:91:ce:76:7c:30:e4:92:a0:41:30:b2:
                    aa:d0:27:5a:91:ca:e0:3f:b7:c8:0c:99:59:30:81:
                    59:f2:33:c1:2f:f1:38:cd:68:00:53:ce:0b:42:09:
                    e0:6d:dc:e5:49:45:0c:4b:64:ff:0f:d3:ce:a7:ce:
                    20:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:49:6D:B8:8C:44:6E:13:62:7C:53:D5:28:6E:B5:16:4E:84:5B:4B
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e20323036363936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:cb:ad:aa:e7:82:94:b8:1d:b3:f8:65:e9:16:f2:73:ff:93:
         95:8c:22:66:18:9d:00:2e:48:20:de:cb:80:bb:62:76:6e:ce:
         7a:5d:f0:39:39:c1:4e:4a:0f:c8:b9:83:22:26:d6:4c:28:39:
         5b:ad:31:c6:55:03:9f:ea:ae:28:d0:86:4b:e7:aa:67:27:b3:
         bc:e8:01:17:50:d3:5d:23:65:2a:88:a0:5d:97:76:62:40:97:
         85:d3:d5:1d:06:6f:e8:10:0c:6d:c8:23:07:a5:41:90:74:75:
         da:c7:f2:50:61:1d:fb:3c:db:c0:fa:91:d7:e8:50:bb:40:8d:
         c5:f4:76:12:25:f9:b6:75:10:db:63:4a:32:7a:dd:3a:8d:42:
         16:d2:e8:02:70:5e:4d:54:cc:71:1b:5b:ad:d7:95:1d:52:c8:
         c5:80:a8:f8:20:82:da:4f:a9:de:2a:d5:26:4e:c1:bc:50:e4:
         c3:1a:db:bb:69:18:ee:7f:48:2c:92:aa:9d:7a:1d:e8:01:ed:
         47:15:e1:4a:92:cd:e2:f8:17:fd:d5:dd:14:f1:14:84:a1:4f:
         f6:33:46:2a:f6:fa:1d:15:f0:a9:12:9e:78:65:44:75:30:b3:
         56:66:72:c8:f9:72:21:f5:03:db:0e:27:d1:2b:a3:5d:95:01:
         78:60:0f:1c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWzNTCryhblmI1Y3NvlfUkH3eGAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA3MTUwNzQ4MjBaFw0yNjA3MTQwNzUzMjBaMDMxMTAvBgNV
BAMTKDYzNDk2REI4OEM0NDZFMTM2MjdDNTNENTI4NkVCNTE2NEU4NDVCNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvSIvaUJRNX/Kba7W3Xah2WiSA
Waew9AjMAbFWcViSUEqKRafyw1JCygsKnohcPgKsOayej5+9JNg/gBPm1Te1CzFV
z3riZZUYIWL+QRBGpITjP0LeXRtj3W+T6VY7SpPjqwZBtSFtNPdsqk2BO6V3AcSG
N+2N3xVNOX4VqKjddGvEjM64GdRbFFEnFYOyYLBaaVFHJZW3kC1vit0X7Tqr7LcT
60Btmvuirj6qYyJ6Oe7G0dfoyiqiOwa1+jwxS5K5LdOpuueRznZ8MOSSoEEwsqrQ
J1qRyuA/t8gMmVkwgVnyM8Ev8TjNaABTzgtCCeBt3OVJRQxLZP8P086nziDDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUY0ltuIxEbhNifFPVKG61Fk6EW0swHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzYzNjM5MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzow
DQYJKoZIhvcNAQELBQADggEBAHzLrarngpS4HbP4ZekW8nP/k5WMImYYnQAuSCDe
y4C7YnZuznpd8Dk5wU5KD8i5gyIm1kwoOVutMcZVA5/qrijQhkvnqmcns7zoARdQ
010jZSqIoF2XdmJAl4XT1R0Gb+gQDG3IIwelQZB0ddrH8lBhHfs828D6kdfoULtA
jcX0dhIl+bZ1ENtjSjJ63TqNQhbS6AJwXk1UzHEbW63XlR1SyMWAqPgggtpPqd4q
1SZOwbxQ5MMa27tpGO5/SCySqp16HegB7UcV4UqSzeL4F/3V3RTxFIShT/YzRir2
+h0V8KkSnnhlRHUws1Zmcsj5ciH1A9sOJ9Ero12VAXhgDxw=
-----END CERTIFICATE-----