Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135372e302f32342d3234203d3e20313431303339.roa
File:                     322e35392e3135372e302f32342d3234203d3e20313431303339.roa (raw, json)
Hash identifier:          mm/iMK+Jq7Ul6GU4Lzl4LnGz75ZI7oDUXSl9INnkHA4=
Subject key identifier:   B7:78:F7:E3:50:0E:0D:DE:88:1B:BF:C5:2C:B0:6E:84:D5:F1:A1:C8
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3E6D50585EACE4EC2AE32549BB6B216053D7F531
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135372e302f32342d3234203d3e20313431303339.roa
Signing time:             Wed 27 Sep 2023 13:40:10 +0000
ROA not before:           Wed 27 Sep 2023 13:35:10 +0000
ROA not after:            Wed 25 Sep 2024 13:40:10 +0000
asID:                     141039
IP address blocks:        2.59.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:6d:50:58:5e:ac:e4:ec:2a:e3:25:49:bb:6b:21:60:53:d7:f5:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 13:35:10 2023 GMT
            Not After : Sep 25 13:40:10 2024 GMT
        Subject: CN=B778F7E3500E0DDE881BBFC52CB06E84D5F1A1C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:77:a0:98:12:2d:29:0e:f7:5f:b7:ae:b1:c9:
                    f8:18:04:6d:18:ab:f8:ea:8c:07:8c:ef:c8:f4:a3:
                    8e:86:62:fa:34:a7:71:d0:97:ce:d6:0a:80:a7:c5:
                    92:3f:6c:b7:ff:98:7a:48:93:26:21:a5:3b:b2:f1:
                    e9:c9:1e:a4:fb:2c:40:3e:20:99:e8:68:24:5a:7d:
                    3d:8f:cb:24:19:41:ed:51:b3:18:f2:5b:06:4b:d3:
                    c3:2b:b5:4d:ec:b8:f7:2e:59:fe:34:73:4e:64:23:
                    5e:73:ea:05:29:70:70:00:75:bd:b6:ef:c2:e1:48:
                    b7:34:a0:78:37:5c:f4:75:41:d7:40:84:26:5a:b1:
                    59:e9:cd:67:01:11:01:45:bd:11:f4:73:98:48:4f:
                    97:13:89:72:85:02:33:08:26:05:85:7d:1f:3c:4c:
                    9a:4d:35:9b:e7:1f:1b:ca:3f:60:a1:a2:06:a2:5c:
                    da:68:ff:f5:c2:a4:1a:a6:7d:15:fc:bc:4c:42:92:
                    bf:8a:5c:f4:8b:4a:a2:5b:da:f7:1c:bb:61:fc:4f:
                    2f:a9:70:d8:b9:59:64:14:df:6d:f4:30:fe:8c:9e:
                    e8:79:16:36:89:ef:8c:85:1c:cf:f1:b0:ba:d1:00:
                    0d:86:b6:50:d1:c3:20:8e:28:30:80:94:6c:26:39:
                    0b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:78:F7:E3:50:0E:0D:DE:88:1B:BF:C5:2C:B0:6E:84:D5:F1:A1:C8
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135372e302f32342d3234203d3e20313431303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:fd:a7:ca:e2:b2:de:13:11:95:02:6b:7e:1c:4a:e5:8f:44:
         0d:9c:4b:07:a7:8c:0e:e5:e4:b8:ac:28:1d:e0:27:af:60:c3:
         26:65:85:c7:ad:5d:9b:06:46:7e:af:8a:26:2f:0f:07:c9:41:
         62:78:82:35:f3:e6:b8:6b:94:af:03:c9:79:56:b4:7b:d2:79:
         6d:8d:82:2a:d6:0d:3f:a4:98:5a:c4:7a:42:5b:04:d7:3c:58:
         1f:cf:d9:cf:4e:23:d7:d3:56:50:3f:85:bb:b8:f6:8c:49:f7:
         d1:ee:e1:8b:06:da:01:c9:06:35:36:8a:ea:d0:12:e4:80:58:
         2d:62:89:d6:a2:aa:5f:6f:15:07:84:9d:b2:15:4a:a4:89:fa:
         eb:89:1e:27:46:17:d9:4e:87:e1:e7:32:4d:f1:d5:cd:db:bc:
         65:b5:45:65:70:cf:3d:3a:c2:e2:e6:ee:df:b2:98:c4:c2:11:
         72:a5:83:36:99:e3:51:88:51:a9:de:5a:ca:6a:23:9e:43:0a:
         80:e8:79:f6:90:02:ed:e0:b9:60:81:ff:a1:7d:d5:12:a0:c8:
         99:53:a7:8e:ec:52:11:26:74:f6:4d:0d:3d:cc:e6:0e:b6:46:
         1a:e0:34:a4:f6:86:f6:d3:e7:f7:99:f8:96:b4:57:65:b3:e9:
         4e:ea:74:f7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPm1QWF6s5Owq4yVJu2shYFPX9TEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxMzM1MTBaFw0yNDA5MjUxMzQwMTBaMDMxMTAvBgNV
BAMTKEI3NzhGN0UzNTAwRTBEREU4ODFCQkZDNTJDQjA2RTg0RDVGMUExQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSd6CYEi0pDvdft66xyfgYBG0Y
q/jqjAeM78j0o46GYvo0p3HQl87WCoCnxZI/bLf/mHpIkyYhpTuy8enJHqT7LEA+
IJnoaCRafT2PyyQZQe1RsxjyWwZL08MrtU3suPcuWf40c05kI15z6gUpcHAAdb22
78LhSLc0oHg3XPR1QddAhCZasVnpzWcBEQFFvRH0c5hIT5cTiXKFAjMIJgWFfR88
TJpNNZvnHxvKP2ChogaiXNpo//XCpBqmfRX8vExCkr+KXPSLSqJb2vccu2H8Ty+p
cNi5WWQU3230MP6Mnuh5FjaJ74yFHM/xsLrRAA2GtlDRwyCOKDCAlGwmOQubAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUt3j341AODd6IG7/FLLBuhNXxocgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIyZTM1MzkyZTMxMzUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzMTMwMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI7
nTANBgkqhkiG9w0BAQsFAAOCAQEADv2nyuKy3hMRlQJrfhxK5Y9EDZxLB6eMDuXk
uKwoHeAnr2DDJmWFx61dmwZGfq+KJi8PB8lBYniCNfPmuGuUrwPJeVa0e9J5bY2C
KtYNP6SYWsR6QlsE1zxYH8/Zz04j19NWUD+Fu7j2jEn30e7hiwbaAckGNTaK6tAS
5IBYLWKJ1qKqX28VB4SdshVKpIn664keJ0YX2U6H4ecyTfHVzdu8ZbVFZXDPPTrC
4ubu37KYxMIRcqWDNpnjUYhRqd5aymojnkMKgOh59pAC7eC5YIH/oX3VEqDImVOn
juxSESZ09k0NPczmDrZGGuA0pPaG9tPn95n4lrRXZbPpTup09w==
-----END CERTIFICATE-----