Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e20323632323837.roa
File:                     322e35362e3234392e302f32342d3234203d3e20323632323837.roa (raw, json)
Hash identifier:          nSxKJW8Na6Zi3eBUWLgxXktcIVdJAPJmU4nNmPXzTu8=
Subject key identifier:   69:46:AE:61:A9:4A:FE:8D:63:10:93:19:A7:CB:CB:05:C2:7F:9D:BB
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       037B64F91A9CC98BA3CE0778AAB795305CDEACA4
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e20323632323837.roa
Signing time:             Fri 16 May 2025 10:33:13 +0000
ROA not before:           Fri 16 May 2025 10:28:13 +0000
ROA not after:            Fri 15 May 2026 10:33:13 +0000
asID:                     262287
IP address blocks:        2.56.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:7b:64:f9:1a:9c:c9:8b:a3:ce:07:78:aa:b7:95:30:5c:de:ac:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: May 16 10:28:13 2025 GMT
            Not After : May 15 10:33:13 2026 GMT
        Subject: CN=6946AE61A94AFE8D63109319A7CBCB05C27F9DBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7e:51:62:3e:46:29:55:51:89:a2:47:4b:1c:
                    0a:4f:ba:05:92:6e:55:66:e1:da:6b:77:33:49:b3:
                    3c:30:15:08:2a:b6:f4:5e:6e:3f:51:f1:0d:5f:5b:
                    18:3a:08:69:ad:db:e2:cb:51:27:70:b0:1a:c4:e6:
                    b3:72:d6:11:73:5c:98:55:46:68:9e:bc:bd:73:78:
                    61:9c:8d:04:c2:4c:3a:1c:00:bd:31:25:67:4b:3e:
                    20:c4:e1:d3:fb:7e:30:c8:d3:fd:fb:25:e5:0d:5b:
                    5d:5e:06:67:44:db:88:ef:41:5f:2b:9e:a4:85:45:
                    de:79:b0:db:b1:00:f5:f1:e0:5e:f1:f8:7d:5d:bb:
                    29:14:09:53:5b:f3:29:5e:0c:2d:6a:40:1a:08:c6:
                    aa:3a:57:97:fc:55:ed:86:ee:0d:83:19:97:48:38:
                    2f:8d:98:d4:32:4a:3e:61:40:62:43:43:c6:0d:1a:
                    93:4f:c1:ea:f0:23:8c:3d:92:40:cb:64:8c:a0:d5:
                    32:6f:b3:a2:7f:dd:55:63:c5:ba:0f:1b:cb:97:e6:
                    50:8f:4f:7c:a6:bd:3b:33:68:97:91:56:5c:cf:a9:
                    4b:2c:61:dd:43:c2:20:0b:db:d2:8b:e9:c3:cd:ac:
                    04:ff:66:6f:89:a8:29:86:28:7c:a4:80:0a:b6:d0:
                    20:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:46:AE:61:A9:4A:FE:8D:63:10:93:19:A7:CB:CB:05:C2:7F:9D:BB
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e20323632323837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:c1:70:0a:bb:47:3e:57:1f:26:34:3e:16:e1:84:76:00:d7:
         22:bc:70:12:3c:85:2f:6b:5b:48:18:22:db:1a:17:3a:9b:9a:
         d7:f7:fc:2a:cb:5e:11:35:bf:e1:ce:73:74:64:21:ea:a4:b9:
         0d:5d:7f:60:79:e8:c2:aa:67:af:d6:12:dc:a9:b3:8d:de:9d:
         6e:ba:10:6b:ec:d1:aa:8c:ba:89:a0:91:49:da:c7:79:fa:0a:
         2c:89:35:45:55:9b:fd:9e:38:f9:6c:a4:81:10:4e:a5:7e:bc:
         dc:c2:ec:1d:6f:86:0b:60:f7:09:eb:18:c4:70:08:7c:02:e9:
         6d:13:4f:62:86:52:68:95:79:7d:76:35:8c:b2:c1:a2:05:05:
         6b:6f:21:83:58:07:82:8b:be:e8:ff:06:bc:e5:87:8c:c3:2c:
         ca:c3:a6:62:4f:74:8e:1a:5d:7d:f6:0b:ef:65:48:51:cc:c3:
         12:35:1e:cc:db:28:ad:7e:04:c4:e3:2e:e5:40:dd:e6:f1:4d:
         71:4f:2c:60:bc:d6:c0:3c:3c:b6:c6:d6:98:d9:56:05:d7:26:
         9f:fe:87:7f:ab:0f:d7:db:ad:09:57:9e:3b:49:05:0a:4c:c7:
         4c:7c:e6:c5:10:2b:4d:18:f1:90:80:3b:ac:fe:43:42:4f:5a:
         ab:8c:fd:16
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUA3tk+RqcyYujzgd4qreVMFzerKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA1MTYxMDI4MTNaFw0yNjA1MTUxMDMzMTNaMDMxMTAvBgNV
BAMTKDY5NDZBRTYxQTk0QUZFOEQ2MzEwOTMxOUE3Q0JDQjA1QzI3RjlEQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfflFiPkYpVVGJokdLHApPugWS
blVm4dprdzNJszwwFQgqtvRebj9R8Q1fWxg6CGmt2+LLUSdwsBrE5rNy1hFzXJhV
RmievL1zeGGcjQTCTDocAL0xJWdLPiDE4dP7fjDI0/37JeUNW11eBmdE24jvQV8r
nqSFRd55sNuxAPXx4F7x+H1duykUCVNb8yleDC1qQBoIxqo6V5f8Ve2G7g2DGZdI
OC+NmNQySj5hQGJDQ8YNGpNPwerwI4w9kkDLZIyg1TJvs6J/3VVjxboPG8uX5lCP
T3ymvTszaJeRVlzPqUssYd1DwiAL29KL6cPNrAT/Zm+JqCmGKHykgAq20CB3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaUauYalK/o1jEJMZp8vLBcJ/nbswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzQzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzYzMjMyMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
+TANBgkqhkiG9w0BAQsFAAOCAQEAisFwCrtHPlcfJjQ+FuGEdgDXIrxwEjyFL2tb
SBgi2xoXOpua1/f8KsteETW/4c5zdGQh6qS5DV1/YHnowqpnr9YS3Kmzjd6dbroQ
a+zRqoy6iaCRSdrHefoKLIk1RVWb/Z44+WykgRBOpX683MLsHW+GC2D3CesYxHAI
fALpbRNPYoZSaJV5fXY1jLLBogUFa28hg1gHgou+6P8GvOWHjMMsysOmYk90jhpd
ffYL72VIUczDEjUezNsorX4ExOMu5UDd5vFNcU8sYLzWwDw8tsbWmNlWBdcmn/6H
f6sP19utCVeeO0kFCkzHTHzmxRArTRjxkIA7rP5DQk9aq4z9Fg==
-----END CERTIFICATE-----