Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234382e302f32342d3234203d3e203434363230.roa
File:                     322e35362e3234382e302f32342d3234203d3e203434363230.roa (raw, json)
Hash identifier:          t0CAmleKmtOSnos8pvUoPtiOdnJeFmXpZTFvg3c+nII=
Subject key identifier:   C0:39:80:0C:0B:67:EF:C7:94:E0:93:E0:6F:78:AE:41:63:13:0B:DD
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       3498314096265CE652AF0BDE23BCD71CC3D9D89B
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234382e302f32342d3234203d3e203434363230.roa
Signing time:             Thu 25 Jan 2024 23:00:33 +0000
ROA not before:           Thu 25 Jan 2024 22:55:33 +0000
ROA not after:            Thu 23 Jan 2025 23:00:33 +0000
asID:                     44620
IP address blocks:        2.56.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:98:31:40:96:26:5c:e6:52:af:0b:de:23:bc:d7:1c:c3:d9:d8:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jan 25 22:55:33 2024 GMT
            Not After : Jan 23 23:00:33 2025 GMT
        Subject: CN=C039800C0B67EFC794E093E06F78AE4163130BDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:4f:2b:20:0d:9c:f5:84:3e:2b:17:ae:71:f0:
                    29:2b:26:29:3d:b6:89:4e:db:d8:f2:14:04:19:dc:
                    c3:3c:41:bc:09:b5:2e:a8:6e:44:cf:75:4d:a2:08:
                    36:6d:2e:95:08:2c:f5:7d:0a:d6:62:ff:85:f0:3c:
                    46:97:2c:46:b9:fb:d4:e8:bf:25:c9:6d:46:fa:d7:
                    b6:e3:6e:eb:90:d8:5e:a1:c1:eb:04:49:cb:39:8a:
                    e0:ec:cb:0f:38:f4:63:b5:00:e2:85:06:4b:c8:ca:
                    bc:2b:95:2e:47:34:27:e2:50:1c:a5:de:7b:24:4f:
                    dc:9a:ed:57:c5:7d:77:70:ac:e0:83:32:14:2a:4b:
                    7a:c9:65:a8:1a:09:c0:04:07:8c:61:2d:db:ad:2c:
                    84:d5:27:80:82:d5:f5:d3:63:74:62:f6:9f:16:ab:
                    80:91:7f:0d:16:1c:00:2b:dd:64:9e:76:a2:aa:18:
                    02:b2:bf:f3:65:96:b8:50:7f:de:7d:d6:84:49:39:
                    ac:af:a8:bc:2f:de:2c:be:81:fa:3e:e2:62:1f:02:
                    c2:63:bc:7f:5c:b2:89:59:bc:af:49:7b:c0:81:2e:
                    ca:83:77:a1:c0:ed:7e:b9:de:ce:ef:c0:92:66:4c:
                    4f:48:d2:a6:1d:f2:36:47:6e:c6:2c:ac:c6:78:7d:
                    e8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:39:80:0C:0B:67:EF:C7:94:E0:93:E0:6F:78:AE:41:63:13:0B:DD
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234382e302f32342d3234203d3e203434363230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:18:cb:f3:ac:69:bd:b2:34:64:16:c4:57:67:e1:d9:20:9c:
         cd:b8:47:a7:84:66:dc:1a:f7:d5:8c:b4:8b:7e:e5:b1:0e:12:
         e5:06:31:8d:2f:1d:82:a7:09:75:46:50:05:4e:7a:a8:10:9f:
         ab:93:5a:24:ac:f6:17:0a:a0:a1:51:bd:4b:a1:b6:b3:ba:f8:
         fd:88:e4:06:b6:9e:0a:c7:da:53:a7:55:5f:0c:d5:d5:9c:fa:
         b8:be:76:f9:69:8e:6c:53:a2:1e:d1:4c:e6:86:f1:ab:7b:d3:
         92:fc:9e:b4:f5:3d:9e:ef:a6:8b:58:14:d8:b8:79:4b:0d:23:
         14:ff:af:b8:5d:67:45:65:f9:f0:c4:5d:89:d1:60:e9:bf:02:
         bc:00:b4:e9:40:a4:7e:09:1f:59:bb:98:ac:05:dd:90:4e:80:
         c4:32:1c:65:bc:a4:84:61:34:bf:e2:4a:9d:f7:ff:aa:1a:7a:
         8c:c6:c7:b2:70:af:3b:1d:0f:7e:e4:a0:73:5d:6d:88:8c:7b:
         de:ed:2f:0f:34:5a:77:bf:e8:5a:b7:45:fb:05:15:10:67:7d:
         13:ea:55:60:84:ed:d2:60:73:8e:0b:90:02:8a:05:2c:f4:b2:
         a1:fd:e2:f4:7c:ec:d4:e8:e1:a1:f2:d0:9d:84:25:6e:ea:30:
         aa:ae:6d:5d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNJgxQJYmXOZSrwveI7zXHMPZ2JswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAxMjUyMjU1MzNaFw0yNTAxMjMyMzAwMzNaMDMxMTAvBgNV
BAMTKEMwMzk4MDBDMEI2N0VGQzc5NEUwOTNFMDZGNzhBRTQxNjMxMzBCREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpTysgDZz1hD4rF65x8CkrJik9
tolO29jyFAQZ3MM8QbwJtS6obkTPdU2iCDZtLpUILPV9CtZi/4XwPEaXLEa5+9To
vyXJbUb617bjbuuQ2F6hwesEScs5iuDsyw849GO1AOKFBkvIyrwrlS5HNCfiUByl
3nskT9ya7VfFfXdwrOCDMhQqS3rJZagaCcAEB4xhLdutLITVJ4CC1fXTY3Ri9p8W
q4CRfw0WHAAr3WSedqKqGAKyv/NllrhQf9591oRJOayvqLwv3iy+gfo+4mIfAsJj
vH9csolZvK9Je8CBLsqDd6HA7X653s7vwJJmTE9I0qYd8jZHbsYsrMZ4fehPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUwDmADAtn78eU4JPgb3iuQWMTC90wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzQzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzQzNjMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOPgw
DQYJKoZIhvcNAQELBQADggEBAMgYy/Osab2yNGQWxFdn4dkgnM24R6eEZtwa99WM
tIt+5bEOEuUGMY0vHYKnCXVGUAVOeqgQn6uTWiSs9hcKoKFRvUuhtrO6+P2I5Aa2
ngrH2lOnVV8M1dWc+ri+dvlpjmxToh7RTOaG8at705L8nrT1PZ7vpotYFNi4eUsN
IxT/r7hdZ0Vl+fDEXYnRYOm/ArwAtOlApH4JH1m7mKwF3ZBOgMQyHGW8pIRhNL/i
Sp33/6oaeozGx7JwrzsdD37koHNdbYiMe97tLw80Wne/6Fq3RfsFFRBnfRPqVWCE
7dJgc44LkAKKBSz0sqH94vR87NTo4aHy0J2EJW7qMKqubV0=
-----END CERTIFICATE-----