Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa
File:                     322e35392e36302e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          7AFzMaJ/xym426d6tzy2b5O0GXlUskYwDMg4X3MPWTM=
Subject key identifier:   FA:DE:CA:16:AA:86:34:A7:1D:97:48:ED:5C:7B:24:53:26:78:83:32
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       5BD11F57BDB9AC7BADEF9D7DAB333C2B812B9041
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa
Signing time:             Mon 17 Jul 2023 11:14:08 +0000
ROA not before:           Mon 17 Jul 2023 11:09:08 +0000
ROA not after:            Mon 15 Jul 2024 11:14:08 +0000
asID:                     212238
IP address blocks:        2.59.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:d1:1f:57:bd:b9:ac:7b:ad:ef:9d:7d:ab:33:3c:2b:81:2b:90:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jul 17 11:09:08 2023 GMT
            Not After : Jul 15 11:14:08 2024 GMT
        Subject: CN=FADECA16AA8634A71D9748ED5C7B245326788332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:fc:94:a4:11:6d:96:21:46:11:3c:b6:9a:b8:
                    46:00:7f:ba:5e:f2:9c:d5:1a:3a:b8:48:8d:6a:b7:
                    6b:3f:78:8e:36:dd:82:e3:9d:47:26:75:9b:74:52:
                    88:b0:df:1b:35:2e:58:47:11:0a:be:02:ab:2e:e9:
                    7a:fb:84:81:71:5b:3f:ca:b7:d5:b6:1e:49:7e:7f:
                    16:56:2c:73:08:f8:43:39:0a:86:c8:6a:13:c9:3d:
                    de:51:33:6a:fd:8c:a1:8c:f2:70:9f:21:dd:97:31:
                    a7:93:94:d4:c3:89:3a:f6:82:08:d1:b0:f3:fd:34:
                    ee:10:1b:11:af:c9:39:ec:99:98:2f:8f:93:11:56:
                    ae:bb:32:4d:cc:86:ab:b7:63:86:c8:34:40:b8:8d:
                    aa:8a:8c:9d:9d:01:ec:9b:92:5e:0f:77:e0:db:70:
                    2c:f2:05:53:84:de:18:d6:80:1b:2c:ce:55:b3:80:
                    c0:7e:a4:8f:bb:79:48:94:17:d6:ab:8d:2e:3e:4d:
                    02:05:9d:85:dd:2a:3b:85:19:bc:36:4a:de:d6:bb:
                    f5:fa:d2:71:55:9f:00:71:01:e2:f5:94:14:b5:7a:
                    35:92:87:a4:ce:9d:27:1c:ec:90:60:63:aa:66:2e:
                    22:8c:6a:6f:d0:3d:a1:53:be:c9:56:e7:ac:39:d4:
                    06:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:DE:CA:16:AA:86:34:A7:1D:97:48:ED:5C:7B:24:53:26:78:83:32
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:bc:15:51:37:f9:60:fe:c2:b7:c0:67:08:49:65:39:45:d7:
         5b:fb:0c:1e:71:50:72:67:f6:fc:62:fa:12:f2:6a:39:3e:f0:
         b4:4f:d4:3d:59:f3:8f:8f:79:6b:17:cc:9c:52:bd:cb:e4:01:
         33:ca:d8:b8:85:10:35:f6:93:00:cb:5d:87:91:59:6f:c4:8a:
         39:8b:1e:2b:bf:46:88:34:8e:a2:ee:24:58:db:bb:fd:e7:eb:
         66:76:83:c4:cd:f9:4c:81:e8:ac:50:e5:0c:9a:08:89:93:0d:
         46:07:22:b6:64:cb:64:18:be:b5:da:0b:a7:a4:23:9a:aa:b5:
         93:0d:69:1b:16:8b:49:a6:38:0f:94:2d:36:ce:34:98:56:f2:
         f4:36:06:7e:0f:3f:77:97:11:45:9d:5f:42:4f:b7:eb:d5:13:
         ef:ac:7d:39:e0:83:5c:fd:2d:e4:aa:a0:cd:07:f1:65:7d:a9:
         2c:13:59:8f:b0:98:6a:71:bf:93:d2:25:31:52:5e:c2:3b:ae:
         e2:ef:d0:73:ff:9e:be:0d:fe:75:00:f3:5d:2a:ec:54:81:74:
         b9:70:ce:5d:27:51:e1:7c:e5:3e:13:73:cc:a7:d0:4f:10:0d:
         b7:fc:00:a4:88:ff:54:64:cf:6d:2a:03:42:cc:54:2c:cc:45:
         15:28:ff:55
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUW9EfV725rHut7519qzM8K4ErkEEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yMzA3MTcxMTA5MDhaFw0yNDA3MTUxMTE0MDhaMDMxMTAvBgNV
BAMTKEZBREVDQTE2QUE4NjM0QTcxRDk3NDhFRDVDN0IyNDUzMjY3ODgzMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa/JSkEW2WIUYRPLaauEYAf7pe
8pzVGjq4SI1qt2s/eI423YLjnUcmdZt0Uoiw3xs1LlhHEQq+Aqsu6Xr7hIFxWz/K
t9W2Hkl+fxZWLHMI+EM5CobIahPJPd5RM2r9jKGM8nCfId2XMaeTlNTDiTr2ggjR
sPP9NO4QGxGvyTnsmZgvj5MRVq67Mk3Mhqu3Y4bINEC4jaqKjJ2dAeybkl4Pd+Db
cCzyBVOE3hjWgBsszlWzgMB+pI+7eUiUF9arjS4+TQIFnYXdKjuFGbw2St7Wu/X6
0nFVnwBxAeL1lBS1ejWSh6TOnScc7JBgY6pmLiKMam/QPaFTvslW56w51AZhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU+t7KFqqGNKcdl0jtXHskUyZ4gzIwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzww
DQYJKoZIhvcNAQELBQADggEBACS8FVE3+WD+wrfAZwhJZTlF11v7DB5xUHJn9vxi
+hLyajk+8LRP1D1Z84+PeWsXzJxSvcvkATPK2LiFEDX2kwDLXYeRWW/EijmLHiu/
Rog0jqLuJFjbu/3n62Z2g8TN+UyB6KxQ5QyaCImTDUYHIrZky2QYvrXaC6ekI5qq
tZMNaRsWi0mmOA+ULTbONJhW8vQ2Bn4PP3eXEUWdX0JPt+vVE++sfTngg1z9LeSq
oM0H8WV9qSwTWY+wmGpxv5PSJTFSXsI7ruLv0HP/nr4N/nUA810q7FSBdLlwzl0n
UeF85T4Tc8yn0E8QDbf8AKSI/1Rkz20qA0LMVCzMRRUo/1U=
-----END CERTIFICATE-----