Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa
File:                     322e35392e36302e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          CcTcBdbonCUzXWQkXfUzd9CNDkT7d6acKjiVXDKXCdc=
Subject key identifier:   79:8F:0E:F9:DF:8A:D1:53:C9:E2:78:06:C0:30:E2:E3:DA:C9:37:47
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       2617B4401A3727ED02F0B059B9EC0125151AB95C
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa
Signing time:             Mon 17 Jun 2024 12:05:18 +0000
ROA not before:           Mon 17 Jun 2024 12:00:18 +0000
ROA not after:            Mon 16 Jun 2025 12:05:18 +0000
asID:                     212238
IP address blocks:        2.59.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:17:b4:40:1a:37:27:ed:02:f0:b0:59:b9:ec:01:25:15:1a:b9:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun 17 12:00:18 2024 GMT
            Not After : Jun 16 12:05:18 2025 GMT
        Subject: CN=798F0EF9DF8AD153C9E27806C030E2E3DAC93747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7f:b9:49:eb:d3:a4:ee:d1:31:29:57:0f:f2:
                    20:aa:2d:4f:14:cb:98:50:01:81:f5:f4:ff:69:01:
                    d6:46:5b:3a:04:82:c5:15:a4:96:44:1c:24:dd:74:
                    b0:37:3e:ea:45:87:fd:aa:84:b3:93:49:9a:6c:a9:
                    69:02:05:ae:33:28:27:8b:2b:13:dc:69:3a:6f:73:
                    be:c2:eb:2a:80:8e:a0:ca:cf:95:e8:05:0b:84:e9:
                    0d:b7:e2:d4:b0:72:22:db:a2:e2:c2:05:7c:76:59:
                    fd:92:a6:c0:10:db:ba:15:91:99:05:95:c4:24:42:
                    cd:dd:a9:31:90:66:f5:b0:fa:60:25:64:4e:8b:14:
                    60:20:e8:e1:5f:83:48:5c:73:7b:76:83:7d:c0:92:
                    d4:50:61:8f:ec:c1:eb:28:7e:bc:3f:3d:e8:03:e5:
                    8c:ae:19:1e:50:cd:02:73:08:f8:17:92:d9:ab:c8:
                    6e:fd:ed:75:9d:31:04:26:fd:24:23:b0:a0:0c:ea:
                    a2:9b:c4:f5:7b:98:99:45:7a:67:0b:1d:87:74:6a:
                    64:a9:c6:4d:eb:eb:9b:4c:d8:f3:46:13:62:d8:39:
                    64:82:cb:1d:87:7d:19:38:18:75:d8:f7:fa:6a:e0:
                    72:e4:d8:e1:46:f4:03:da:8b:1e:e6:dd:44:34:95:
                    17:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:8F:0E:F9:DF:8A:D1:53:C9:E2:78:06:C0:30:E2:E3:DA:C9:37:47
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:2c:3b:4b:40:9f:31:85:9d:ec:68:df:80:b1:4a:2e:02:1d:
         3d:b1:db:09:9d:4f:26:77:39:74:95:90:b0:09:4a:98:e6:65:
         32:a1:1a:ca:1b:c0:a1:df:3f:4f:57:c0:53:62:16:c3:83:4a:
         10:c2:70:fa:57:a8:bb:fa:a5:71:aa:9d:1c:4a:78:32:52:ba:
         86:05:07:6d:c3:52:d8:b6:14:1a:bc:66:35:56:de:7d:d4:4d:
         57:fb:16:f5:44:b3:f6:4a:4a:e2:aa:16:69:da:3c:61:38:ef:
         85:6b:51:97:40:d3:24:ea:25:12:ef:23:37:9a:f1:d0:99:fa:
         64:b3:e4:21:33:74:fe:7a:e3:50:1f:93:66:e1:f7:c8:51:17:
         c7:82:62:75:fd:1a:81:6a:a1:09:28:af:32:4a:90:19:c8:a5:
         59:62:29:9c:1e:76:0c:d0:e2:86:6a:59:34:6c:2e:d1:0c:05:
         7c:5d:45:f2:15:3f:a3:20:d9:f6:fe:f0:e2:f0:62:e0:0c:c8:
         3d:39:d2:6f:7a:6c:1e:24:c0:b2:3a:21:14:05:ba:40:23:f4:
         b7:34:48:0e:e1:11:4c:2c:03:a7:a6:68:8b:8a:e2:0e:55:41:
         89:0c:f3:88:62:6b:96:f8:06:39:21:9e:b9:ad:27:ad:ef:92:
         80:0f:d2:10
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJhe0QBo3J+0C8LBZuewBJRUauVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDA2MTcxMjAwMThaFw0yNTA2MTYxMjA1MThaMDMxMTAvBgNV
BAMTKDc5OEYwRUY5REY4QUQxNTNDOUUyNzgwNkMwMzBFMkUzREFDOTM3NDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2f7lJ69Ok7tExKVcP8iCqLU8U
y5hQAYH19P9pAdZGWzoEgsUVpJZEHCTddLA3PupFh/2qhLOTSZpsqWkCBa4zKCeL
KxPcaTpvc77C6yqAjqDKz5XoBQuE6Q234tSwciLbouLCBXx2Wf2SpsAQ27oVkZkF
lcQkQs3dqTGQZvWw+mAlZE6LFGAg6OFfg0hcc3t2g33AktRQYY/swesofrw/PegD
5YyuGR5QzQJzCPgXktmryG797XWdMQQm/SQjsKAM6qKbxPV7mJlFemcLHYd0amSp
xk3r65tM2PNGE2LYOWSCyx2HfRk4GHXY9/pq4HLk2OFG9APaix7m3UQ0lRc7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUeY8O+d+K0VPJ4ngGwDDi49rJN0cwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzww
DQYJKoZIhvcNAQELBQADggEBAHksO0tAnzGFnexo34CxSi4CHT2x2wmdTyZ3OXSV
kLAJSpjmZTKhGsobwKHfP09XwFNiFsODShDCcPpXqLv6pXGqnRxKeDJSuoYFB23D
Uti2FBq8ZjVW3n3UTVf7FvVEs/ZKSuKqFmnaPGE474VrUZdA0yTqJRLvIzea8dCZ
+mSz5CEzdP5641Afk2bh98hRF8eCYnX9GoFqoQkorzJKkBnIpVliKZwedgzQ4oZq
WTRsLtEMBXxdRfIVP6Mg2fb+8OLwYuAMyD050m96bB4kwLI6IRQFukAj9Lc0SA7h
EUwsA6emaIuK4g5VQYkM84hia5b4BjkhnrmtJ63vkoAP0hA=
-----END CERTIFICATE-----