Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa
File:                     322e35392e36312e302f32342d3234203d3e203438323636.roa (raw, json)
Hash identifier:          hiISyjsBYHV79q+Gx93bY181AuN3Ze4Sa40HFW4204A=
Subject key identifier:   06:B3:92:EE:77:7F:E1:B8:81:3D:A3:99:BB:82:B5:99:D8:77:E7:31
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       1B32C71149900391478D31A056A8580E25C30F3B
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa
Signing time:             Wed 10 Apr 2024 09:05:16 +0000
ROA not before:           Wed 10 Apr 2024 09:00:16 +0000
ROA not after:            Wed 09 Apr 2025 09:05:16 +0000
asID:                     48266
IP address blocks:        2.59.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:32:c7:11:49:90:03:91:47:8d:31:a0:56:a8:58:0e:25:c3:0f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Apr 10 09:00:16 2024 GMT
            Not After : Apr  9 09:05:16 2025 GMT
        Subject: CN=06B392EE777FE1B8813DA399BB82B599D877E731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:44:0e:61:90:ce:11:97:ee:fa:8e:d3:5a:7e:
                    a8:63:7e:68:22:04:3a:36:f6:6d:56:3a:27:27:16:
                    bd:89:94:02:71:82:e7:ca:90:e5:47:d7:12:1d:4d:
                    87:cb:8b:a6:2f:df:da:87:bd:e7:37:de:61:ba:29:
                    c9:5b:b4:3b:b9:f6:f1:09:16:38:b5:1a:ea:ac:d8:
                    c7:b0:29:e6:1f:c7:a8:5b:e2:80:04:11:2f:8c:0f:
                    b2:8c:32:d7:a3:cd:e5:e6:9e:a3:4d:ef:5a:91:ab:
                    45:1b:e3:e5:d4:eb:41:16:bb:86:97:07:6a:81:10:
                    79:af:5f:b6:32:5a:1c:d1:cb:eb:a1:f9:5c:30:cf:
                    ed:a7:fa:ba:e3:da:68:a4:f3:22:92:32:4a:07:5a:
                    e7:90:df:47:a3:90:d5:3b:0c:a0:03:cf:d7:6f:f9:
                    5d:e6:35:15:30:0d:6b:7a:42:82:0a:c3:ca:04:56:
                    3e:14:ac:81:d4:6e:e1:cf:f1:af:98:b7:06:4d:fe:
                    15:6e:88:f1:95:1b:4c:a3:74:69:79:12:03:70:43:
                    c5:c3:01:b2:0c:33:1b:b1:32:cd:04:99:dd:09:08:
                    58:38:04:c1:a2:05:1f:79:69:ac:fd:b4:84:b2:78:
                    31:36:01:58:01:1a:cf:e1:b9:7f:82:4f:87:c4:c9:
                    5e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B3:92:EE:77:7F:E1:B8:81:3D:A3:99:BB:82:B5:99:D8:77:E7:31
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36312e302f32342d3234203d3e203438323636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:fd:d8:91:5d:69:de:b7:22:63:c4:1d:e5:e9:b4:97:1e:0e:
         ed:c0:fe:6e:71:8c:02:9d:ea:c9:b2:08:f0:6a:fb:c4:65:c9:
         13:c6:04:c2:90:ae:3c:ea:36:b3:77:75:19:45:4f:6c:9c:51:
         ce:a5:d9:70:5c:6c:26:e4:75:c4:5c:a9:61:bd:af:82:dd:6d:
         52:3f:41:4b:1e:ee:87:7b:08:62:73:3d:c6:db:13:cf:77:17:
         b7:f6:1f:4d:ee:56:17:80:28:c0:59:84:f8:e4:8e:a2:89:09:
         38:2d:b3:8d:cd:e7:f1:e8:fc:c9:25:33:6d:2a:42:2f:e9:03:
         5d:44:9c:27:7b:a0:7f:b0:27:24:c5:d2:e8:07:f0:df:be:ee:
         78:39:8c:d1:13:5d:1b:00:1e:28:14:3f:0f:31:1f:80:13:43:
         04:53:8a:fa:81:e3:41:d4:e8:70:a3:de:34:35:87:0f:3b:14:
         2d:6b:47:b4:ee:94:0b:90:aa:52:f7:5f:6d:5a:02:25:98:65:
         62:77:8d:05:44:e2:fd:f7:d7:b9:b4:b3:9e:6b:f6:54:00:f7:
         c9:c0:db:23:6f:1f:60:dd:e4:98:df:84:76:58:31:99:ef:3e:
         c6:2f:0a:c6:60:73:b8:c3:57:99:5c:0c:76:35:43:a9:62:3d:
         3b:68:94:21
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUGzLHEUmQA5FHjTGgVqhYDiXDDzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDA0MTAwOTAwMTZaFw0yNTA0MDkwOTA1MTZaMDMxMTAvBgNV
BAMTKDA2QjM5MkVFNzc3RkUxQjg4MTNEQTM5OUJCODJCNTk5RDg3N0U3MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzRA5hkM4Rl+76jtNafqhjfmgi
BDo29m1WOicnFr2JlAJxgufKkOVH1xIdTYfLi6Yv39qHvec33mG6KclbtDu59vEJ
Fji1Guqs2MewKeYfx6hb4oAEES+MD7KMMtejzeXmnqNN71qRq0Ub4+XU60EWu4aX
B2qBEHmvX7YyWhzRy+uh+Vwwz+2n+rrj2mik8yKSMkoHWueQ30ejkNU7DKADz9dv
+V3mNRUwDWt6QoIKw8oEVj4UrIHUbuHP8a+YtwZN/hVuiPGVG0yjdGl5EgNwQ8XD
AbIMMxuxMs0Emd0JCFg4BMGiBR95aaz9tISyeDE2AVgBGs/huX+CT4fEyV4FAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUBrOS7nd/4biBPaOZu4K1mdh35zEwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzEyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM4MzIzNjM2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs9MA0G
CSqGSIb3DQEBCwUAA4IBAQDK/diRXWnetyJjxB3l6bSXHg7twP5ucYwCnerJsgjw
avvEZckTxgTCkK486jazd3UZRU9snFHOpdlwXGwm5HXEXKlhva+C3W1SP0FLHu6H
ewhicz3G2xPPdxe39h9N7lYXgCjAWYT45I6iiQk4LbONzefx6PzJJTNtKkIv6QNd
RJwne6B/sCckxdLoB/Dfvu54OYzRE10bAB4oFD8PMR+AE0MEU4r6geNB1Ohwo940
NYcPOxQta0e07pQLkKpS919tWgIlmGVid40FROL999e5tLOea/ZUAPfJwNsjbx9g
3eSY34R2WDGZ7z7GLwrGYHO4w1eZXAx2NUOpYj07aJQh
-----END CERTIFICATE-----