Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e203233343730.roa
File:                     322e35392e36332e302f32342d3234203d3e203233343730.roa (raw, json)
Hash identifier:          G6gKncDCpNkvFgQ8RSQLCn4wf5vI3f7tNvQGtPzAqls=
Subject key identifier:   9C:E8:F5:DE:D5:5D:C1:54:9A:89:AB:09:84:5C:2F:15:43:5C:68:28
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       39DD9FF8D14D19F3B91D2D8B0282E6434E483768
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e203233343730.roa
Signing time:             Fri 22 Dec 2023 08:05:08 +0000
ROA not before:           Fri 22 Dec 2023 08:00:08 +0000
ROA not after:            Fri 20 Dec 2024 08:05:08 +0000
asID:                     23470
IP address blocks:        2.59.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:dd:9f:f8:d1:4d:19:f3:b9:1d:2d:8b:02:82:e6:43:4e:48:37:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Dec 22 08:00:08 2023 GMT
            Not After : Dec 20 08:05:08 2024 GMT
        Subject: CN=9CE8F5DED55DC1549A89AB09845C2F15435C6828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:30:91:63:0e:81:a6:93:b7:7a:c1:f6:98:8c:
                    0e:2b:88:16:4d:8a:3e:d9:d3:ba:f5:a5:55:36:5b:
                    63:c2:db:c2:5f:50:e7:33:15:c7:c1:70:9d:f5:9e:
                    80:68:51:30:fd:d6:1b:d1:18:63:d3:d1:96:40:d5:
                    75:80:d3:9d:df:69:32:e7:c5:d4:eb:9b:56:55:35:
                    84:98:29:07:f2:dd:55:9b:45:69:00:b4:0a:46:b9:
                    d8:2e:23:98:91:e1:e7:d5:89:6d:79:b0:e5:0b:fd:
                    14:ff:e0:3c:11:3b:75:92:0e:c4:40:6c:be:32:ab:
                    34:cb:96:83:d7:3d:88:93:06:45:7e:76:4c:9b:b2:
                    d6:71:0e:bc:b5:42:e5:d7:ca:5f:f9:90:07:04:1c:
                    93:19:82:47:43:a5:06:ac:b8:44:1d:f0:23:4e:d2:
                    ba:65:e8:66:87:1e:03:ee:ae:e9:9a:03:d9:54:5e:
                    41:6c:d2:50:c6:26:52:d3:ac:c9:cb:96:0b:bb:94:
                    97:15:f6:68:1e:3c:6f:3c:20:90:86:0a:f2:67:88:
                    55:c5:3f:a7:8f:32:2c:1b:e0:65:db:3e:78:5a:74:
                    d6:e9:f8:80:13:aa:e1:ce:d7:95:03:86:b1:a9:db:
                    52:3f:a2:75:25:34:5b:ba:1d:cd:84:44:5c:4a:c0:
                    47:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E8:F5:DE:D5:5D:C1:54:9A:89:AB:09:84:5C:2F:15:43:5C:68:28
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36332e302f32342d3234203d3e203233343730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:10:1c:ce:38:cf:9b:b4:36:d8:5f:be:e4:a4:a6:28:3f:b2:
         9d:b2:fa:3f:b7:44:67:a6:f7:db:54:c9:87:bc:36:a8:cb:73:
         c0:4d:70:b1:b3:73:ed:fa:3e:07:19:18:06:e8:c9:40:52:c7:
         3c:b3:7a:66:d5:f7:ca:c0:56:d8:e0:44:49:c1:b0:57:ff:81:
         37:08:fc:df:dd:17:89:ab:cc:ca:6b:34:d9:cb:7f:1f:d0:f7:
         10:e9:33:ef:02:85:6d:56:2f:e8:78:06:57:7d:3b:d5:79:d4:
         46:69:8c:aa:be:99:11:e5:bb:a5:88:f0:ac:c4:34:a8:9c:df:
         8a:37:a5:e9:71:9b:44:89:0b:e4:96:3f:d5:12:bb:b0:a0:c3:
         1d:d9:dd:f7:27:e9:f1:da:6f:80:36:31:20:de:43:7b:87:21:
         a2:73:22:f6:bf:f0:84:b4:f0:0b:5c:b7:a6:4a:be:07:b5:c6:
         91:51:a3:e8:53:3a:bb:1b:b7:80:01:aa:5b:9f:cc:70:46:5e:
         93:35:d4:ba:f9:ca:37:db:09:97:77:77:c6:05:70:0f:55:7a:
         43:a9:19:b7:6d:f4:96:48:72:2c:6c:66:8b:16:21:02:06:74:
         ce:cd:f9:d5:f7:6c:4c:73:a7:da:3e:ce:31:35:5e:80:df:d0:
         5a:b1:f5:6c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUOd2f+NFNGfO5HS2LAoLmQ05IN2gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yMzEyMjIwODAwMDhaFw0yNDEyMjAwODA1MDhaMDMxMTAvBgNV
BAMTKDlDRThGNURFRDU1REMxNTQ5QTg5QUIwOTg0NUMyRjE1NDM1QzY4MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHMJFjDoGmk7d6wfaYjA4riBZN
ij7Z07r1pVU2W2PC28JfUOczFcfBcJ31noBoUTD91hvRGGPT0ZZA1XWA053faTLn
xdTrm1ZVNYSYKQfy3VWbRWkAtApGudguI5iR4efViW15sOUL/RT/4DwRO3WSDsRA
bL4yqzTLloPXPYiTBkV+dkybstZxDry1QuXXyl/5kAcEHJMZgkdDpQasuEQd8CNO
0rpl6GaHHgPurumaA9lUXkFs0lDGJlLTrMnLlgu7lJcV9mgePG88IJCGCvJniFXF
P6ePMiwb4GXbPnhadNbp+IATquHO15UDhrGp21I/onUlNFu6Hc2ERFxKwEdJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUnOj13tVdwVSaiasJhFwvFUNcaCgwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMzMzQzNzMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs/MA0G
CSqGSIb3DQEBCwUAA4IBAQAcEBzOOM+btDbYX77kpKYoP7Kdsvo/t0RnpvfbVMmH
vDaoy3PATXCxs3Pt+j4HGRgG6MlAUsc8s3pm1ffKwFbY4ERJwbBX/4E3CPzf3ReJ
q8zKazTZy38f0PcQ6TPvAoVtVi/oeAZXfTvVedRGaYyqvpkR5buliPCsxDSonN+K
N6XpcZtEiQvklj/VEruwoMMd2d33J+nx2m+ANjEg3kN7hyGicyL2v/CEtPALXLem
Sr4HtcaRUaPoUzq7G7eAAapbn8xwRl6TNdS6+co32wmXd3fGBXAPVXpDqRm3bfSW
SHIsbGaLFiECBnTOzfnV92xMc6faPs4xNV6A39BasfVs
-----END CERTIFICATE-----