Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa
File:                     322e35392e36302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          q2CusaPkf+9tq5tpeWHdsbDXlriozRiwrVa0ak4+VcM=
Subject key identifier:   FD:C7:B9:AA:0A:19:DF:59:E4:D3:A9:F2:B0:49:E2:80:88:A8:05:5D
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       8BAC5CE4B7BC021151120B4FA1DD8378C4BD67
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa
Signing time:             Fri 22 Nov 2024 08:43:28 +0000
ROA not before:           Fri 22 Nov 2024 08:38:28 +0000
ROA not after:            Fri 21 Nov 2025 08:43:28 +0000
asID:                     61317
IP address blocks:        2.59.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 06:06:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            8b:ac:5c:e4:b7:bc:02:11:51:12:0b:4f:a1:dd:83:78:c4:bd:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Nov 22 08:38:28 2024 GMT
            Not After : Nov 21 08:43:28 2025 GMT
        Subject: CN=FDC7B9AA0A19DF59E4D3A9F2B049E28088A8055D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0d:c2:4e:e3:e8:b4:97:32:98:64:11:c3:20:
                    71:6c:9e:4c:92:6b:ee:3a:c3:4a:d2:99:68:ee:a9:
                    ad:fc:30:35:4b:85:61:b0:ca:c5:70:53:b4:91:d9:
                    00:8b:84:be:95:f9:42:02:d3:53:77:9d:1d:88:3d:
                    dc:48:68:85:a4:e0:a6:93:81:ac:5e:e2:4a:24:5a:
                    fa:f3:96:75:0a:b9:10:3f:31:bb:18:8d:83:d6:f3:
                    d6:26:83:69:e7:d1:59:b0:e7:d1:2e:83:fd:ed:33:
                    f8:50:4b:a6:2a:0e:93:dd:01:31:53:f7:a5:be:3b:
                    a4:9e:e0:67:ce:e3:d8:61:d9:ad:c8:da:f0:fc:98:
                    dc:2e:cc:7f:12:e9:c7:80:18:7d:05:4d:ca:7e:3f:
                    5f:fd:8f:00:c3:df:cf:21:17:7c:aa:33:21:d6:d9:
                    fe:84:4a:0d:73:81:f1:78:b4:12:6b:f7:80:3d:f1:
                    b7:bb:6e:e1:77:f1:e9:93:46:dd:ed:30:79:94:13:
                    b5:48:c9:63:df:18:86:19:42:8e:85:2c:17:51:59:
                    1e:6e:a5:74:4d:e3:d6:55:76:86:29:61:85:d6:46:
                    bd:59:65:d8:a9:50:d2:84:fc:96:9a:ae:22:35:d1:
                    74:87:e1:42:9e:00:71:04:84:79:2a:e8:17:47:f7:
                    8d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C7:B9:AA:0A:19:DF:59:E4:D3:A9:F2:B0:49:E2:80:88:A8:05:5D
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a6:1d:bd:9b:4b:84:c5:b0:f6:9b:dd:d2:d5:c3:48:90:93:
         05:e6:22:4e:ce:a9:22:2d:07:e0:fa:32:15:c9:14:66:ef:cb:
         0d:b0:9b:2a:d7:98:e9:97:e0:0e:d9:aa:e1:a3:06:cd:e1:df:
         df:39:20:fa:fb:c6:3a:a1:cf:15:69:fd:c6:6d:ac:0a:55:80:
         5f:91:f3:1c:29:d0:21:b4:1a:19:a5:c4:9e:91:ad:31:4c:60:
         f9:21:ba:2f:17:2a:41:e6:84:40:fe:29:4e:9f:95:c0:1c:c6:
         d4:37:21:06:08:01:61:98:5e:b6:01:29:82:3d:55:d4:84:76:
         0d:c7:fe:97:41:65:d8:77:47:06:67:23:ab:2e:b9:3b:2c:8b:
         eb:37:05:93:80:76:51:10:bc:d6:26:61:77:b4:42:a0:25:cd:
         0b:78:c6:9e:46:bb:1d:44:c2:ad:53:3d:8f:1b:f7:f7:96:fb:
         32:fa:85:92:a3:26:bb:69:81:29:ab:ce:8d:7d:64:5d:d4:e3:
         5c:a3:ba:3a:70:16:ec:81:28:73:25:48:b0:28:91:7e:b8:36:
         2c:b2:ca:87:83:1e:a7:fc:28:03:b7:97:f6:9f:75:11:7c:a9:
         0f:f7:ce:f8:84:98:94:58:63:08:a7:03:93:0d:28:a2:6c:8a:
         36:0a:89:08
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAIusXOS3vAIRURILT6Hdg3jEvWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDExMjIwODM4MjhaFw0yNTExMjEwODQzMjhaMDMxMTAvBgNV
BAMTKEZEQzdCOUFBMEExOURGNTlFNEQzQTlGMkIwNDlFMjgwODhBODA1NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiDcJO4+i0lzKYZBHDIHFsnkyS
a+46w0rSmWjuqa38MDVLhWGwysVwU7SR2QCLhL6V+UIC01N3nR2IPdxIaIWk4KaT
gaxe4kokWvrzlnUKuRA/MbsYjYPW89Ymg2nn0Vmw59Eug/3tM/hQS6YqDpPdATFT
96W+O6Se4GfO49hh2a3I2vD8mNwuzH8S6ceAGH0FTcp+P1/9jwDD388hF3yqMyHW
2f6ESg1zgfF4tBJr94A98be7buF38emTRt3tMHmUE7VIyWPfGIYZQo6FLBdRWR5u
pXRN49ZVdoYpYYXWRr1ZZdipUNKE/JaariI10XSH4UKeAHEEhHkq6BdH942pAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU/ce5qgoZ31nk06nysEnigIioBV0wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs8MA0G
CSqGSIb3DQEBCwUAA4IBAQCaph29m0uExbD2m93S1cNIkJMF5iJOzqkiLQfg+jIV
yRRm78sNsJsq15jpl+AO2arhowbN4d/fOSD6+8Y6oc8Vaf3GbawKVYBfkfMcKdAh
tBoZpcSeka0xTGD5IbovFypB5oRA/ilOn5XAHMbUNyEGCAFhmF62ASmCPVXUhHYN
x/6XQWXYd0cGZyOrLrk7LIvrNwWTgHZRELzWJmF3tEKgJc0LeMaeRrsdRMKtUz2P
G/f3lvsy+oWSoya7aYEpq86NfWRd1ONco7o6cBbsgShzJUiwKJF+uDYsssqHgx6n
/CgDt5f2n3URfKkP9874hJiUWGMIpwOTDSiibIo2CokI
-----END CERTIFICATE-----