Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa
File:                     322e35392e36302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          C0QiVNrEdPvrip0sFVCndLc4CvyYWAX8K5A7Lj0dtAc=
Subject key identifier:   89:2B:94:8A:DE:CE:02:BD:66:CB:E4:18:EF:10:5A:E8:33:DA:7E:97
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       1C25C0A88410D0012DF87A3F2D010882B142CAF2
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa
Signing time:             Fri 22 Dec 2023 08:05:08 +0000
ROA not before:           Fri 22 Dec 2023 08:00:08 +0000
ROA not after:            Fri 20 Dec 2024 08:05:08 +0000
asID:                     61317
IP address blocks:        2.59.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Apr 2024 20:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:25:c0:a8:84:10:d0:01:2d:f8:7a:3f:2d:01:08:82:b1:42:ca:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Dec 22 08:00:08 2023 GMT
            Not After : Dec 20 08:05:08 2024 GMT
        Subject: CN=892B948ADECE02BD66CBE418EF105AE833DA7E97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:c1:0d:2c:45:3d:fa:8e:26:61:86:17:eb:
                    ee:6a:ca:9a:e6:e6:86:60:15:02:61:2f:f9:4f:06:
                    68:c1:e0:51:e7:ac:af:26:be:41:ea:b0:27:79:a5:
                    7e:0e:d2:ce:f5:6a:2f:4c:3b:3f:41:b6:47:5c:d5:
                    87:b8:64:89:21:cd:81:e2:04:b0:7d:26:92:94:83:
                    54:34:3d:92:42:35:c6:b9:5f:7d:d8:16:72:80:33:
                    1c:c1:66:71:15:e3:5a:3d:fb:ba:21:00:7d:21:7c:
                    ab:ef:28:2f:af:d1:81:a9:3c:b7:ee:3d:f8:01:b8:
                    34:77:88:35:65:fa:89:bc:de:02:bc:51:b2:aa:ee:
                    63:02:6b:c2:88:84:0f:d7:3d:2b:34:05:04:d2:ee:
                    24:8a:b7:8d:14:95:49:ab:53:c7:92:63:1b:81:1f:
                    c9:e9:78:a6:4c:ae:8f:a1:82:da:3e:e6:1d:57:bb:
                    12:4c:41:35:2b:b7:5a:4b:9b:ec:b1:80:d2:16:c1:
                    87:07:be:a3:d0:ed:76:42:d3:ab:04:e9:f2:5a:47:
                    b5:6c:ed:ae:f4:5b:88:24:db:90:67:97:a0:29:a8:
                    9e:a3:92:de:fa:ce:a8:bb:77:a9:40:20:fc:54:41:
                    e5:20:50:89:16:11:62:d3:76:d9:7d:cb:e6:3d:d5:
                    e2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2B:94:8A:DE:CE:02:BD:66:CB:E4:18:EF:10:5A:E8:33:DA:7E:97
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:e0:7e:53:5f:86:15:bd:cc:ce:41:d6:67:85:77:dc:d6:ee:
         99:8f:fe:19:40:71:5d:79:bf:8f:42:05:4d:e5:4e:37:10:30:
         73:47:0d:71:03:b1:d6:d5:a9:c8:c4:5a:0c:31:55:21:0c:a9:
         0e:0a:89:aa:41:7f:62:e4:67:a0:87:bb:15:0d:d9:a3:27:0c:
         ec:5c:de:b7:28:55:64:e6:33:e7:01:86:a7:5a:c3:b6:11:05:
         f4:b1:5d:a9:06:2a:ea:20:db:c3:ec:79:cb:da:c9:90:12:35:
         de:7c:fa:4e:6e:fe:06:02:e3:b9:cd:d8:9d:82:35:71:04:69:
         0b:39:eb:ea:61:56:97:2a:21:bf:ba:e4:ad:2f:79:ca:78:35:
         61:c4:09:10:18:58:15:40:4d:81:a5:8d:54:73:b2:6a:dd:00:
         ac:96:43:9f:d5:e6:75:6a:4d:d0:0d:16:f4:4b:58:a8:7c:bf:
         55:44:69:89:1a:a9:fe:0a:06:df:4e:a1:a6:49:8a:98:0f:51:
         5e:4f:2d:0c:f6:36:9e:26:7c:a3:64:55:f0:cc:23:01:6c:69:
         46:ce:9a:cd:90:3a:78:85:18:8b:65:f0:79:e7:18:dd:0c:a0:
         42:54:97:cf:58:ab:e9:3c:9b:07:3f:b9:57:fa:9f:92:56:25:
         ec:7a:bd:f7
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUHCXAqIQQ0AEt+Ho/LQEIgrFCyvIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yMzEyMjIwODAwMDhaFw0yNDEyMjAwODA1MDhaMDMxMTAvBgNV
BAMTKDg5MkI5NDhBREVDRTAyQkQ2NkNCRTQxOEVGMTA1QUU4MzNEQTdFOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz/8ENLEU9+o4mYYYX6+5qyprm
5oZgFQJhL/lPBmjB4FHnrK8mvkHqsCd5pX4O0s71ai9MOz9Btkdc1Ye4ZIkhzYHi
BLB9JpKUg1Q0PZJCNca5X33YFnKAMxzBZnEV41o9+7ohAH0hfKvvKC+v0YGpPLfu
PfgBuDR3iDVl+om83gK8UbKq7mMCa8KIhA/XPSs0BQTS7iSKt40UlUmrU8eSYxuB
H8npeKZMro+hgto+5h1XuxJMQTUrt1pLm+yxgNIWwYcHvqPQ7XZC06sE6fJaR7Vs
7a70W4gk25Bnl6ApqJ6jkt76zqi7d6lAIPxUQeUgUIkWEWLTdtl9y+Y91eKhAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiSuUit7OAr1my+QY7xBa6DPafpcwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzAyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs8MA0G
CSqGSIb3DQEBCwUAA4IBAQC44H5TX4YVvczOQdZnhXfc1u6Zj/4ZQHFdeb+PQgVN
5U43EDBzRw1xA7HW1anIxFoMMVUhDKkOComqQX9i5Gegh7sVDdmjJwzsXN63KFVk
5jPnAYanWsO2EQX0sV2pBirqINvD7HnL2smQEjXefPpObv4GAuO5zdidgjVxBGkL
OevqYVaXKiG/uuStL3nKeDVhxAkQGFgVQE2BpY1Uc7Jq3QCslkOf1eZ1ak3QDRb0
S1iofL9VRGmJGqn+CgbfTqGmSYqYD1FeTy0M9jaeJnyjZFXwzCMBbGlGzprNkDp4
hRiLZfB55xjdDKBCVJfPWKvpPJsHP7lX+p+SViXser33
-----END CERTIFICATE-----