Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e203631333137.roa
File:                     322e35362e3234392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          7pY86/YJZ1gt5Nif49aedCWn0/F5KPdjqtjonFxZII8=
Subject key identifier:   6E:E0:53:24:EB:B6:D3:83:6D:D2:77:0B:CC:3F:6F:1D:1A:28:4C:15
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       21231EB13AA4D6DC63B112F8C2D359F84F291552
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 11 Sep 2024 13:05:20 +0000
ROA not before:           Wed 11 Sep 2024 13:00:20 +0000
ROA not after:            Wed 10 Sep 2025 13:05:20 +0000
asID:                     61317
IP address blocks:        2.56.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:23:1e:b1:3a:a4:d6:dc:63:b1:12:f8:c2:d3:59:f8:4f:29:15:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Sep 11 13:00:20 2024 GMT
            Not After : Sep 10 13:05:20 2025 GMT
        Subject: CN=6EE05324EBB6D3836DD2770BCC3F6F1D1A284C15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fb:1b:1c:17:aa:5f:d6:3e:04:d8:27:ae:d7:
                    61:1d:2c:2c:35:41:c3:e3:32:34:e0:77:5b:4f:c5:
                    ef:0f:23:7b:b9:f0:1e:68:60:b0:ab:f7:91:0b:c0:
                    8a:21:c2:bf:7c:66:7d:ca:a3:c8:e1:4e:fd:af:5c:
                    f0:49:3c:46:bd:67:21:ad:16:61:3d:ae:da:99:d1:
                    a5:d9:dc:e5:93:c9:2f:3c:c0:b5:26:99:5b:dd:aa:
                    e7:cd:46:69:d1:ac:ec:59:bf:86:e5:eb:f1:b9:45:
                    d4:df:6a:f1:04:1d:9e:89:89:91:12:55:6a:45:fd:
                    06:36:d7:4b:4d:08:b3:62:d6:ed:d2:e6:03:af:d7:
                    60:de:9b:4a:2d:d1:f1:66:fb:a5:c7:da:22:f7:63:
                    fa:62:64:12:b9:8b:9a:00:24:db:cb:4c:5b:ea:3f:
                    d0:4f:e1:36:6d:e2:50:e9:18:07:2e:fc:9b:04:91:
                    1b:6b:c2:f8:7c:cf:0b:b8:34:95:bd:7c:73:19:4d:
                    d7:b9:f7:1e:f3:44:3d:9d:af:af:ac:fc:ea:83:7d:
                    22:98:9f:03:1d:1b:f7:f0:bc:12:f7:b1:98:2d:73:
                    5c:71:8a:df:a6:86:4e:35:2f:ed:a8:bd:a6:e8:7c:
                    bd:7f:7f:2b:8f:7c:45:f4:fe:2d:90:f8:90:85:07:
                    8b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E0:53:24:EB:B6:D3:83:6D:D2:77:0B:CC:3F:6F:1D:1A:28:4C:15
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3234392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:d8:78:2a:96:e3:73:da:3f:a9:fc:5c:10:8a:ee:ea:1f:d9:
         c1:49:61:a2:61:f4:43:c9:ad:95:fb:cc:6a:d4:f7:fa:95:71:
         51:69:8f:eb:60:02:03:d6:17:52:b5:ec:60:43:7c:4f:a8:70:
         b8:f6:8b:14:f2:51:e7:21:3f:c7:7c:10:5d:63:72:45:03:a9:
         ef:1f:26:60:a8:7f:0e:e1:61:2d:41:ba:04:29:ca:4f:75:10:
         95:18:8a:86:7e:04:1b:dc:93:3b:26:31:25:23:8e:f0:ec:5e:
         51:b0:5e:5c:f9:2f:7f:7f:ca:11:c4:73:9d:5d:8a:2e:8c:62:
         e3:ee:50:be:bd:fd:92:52:2c:0b:32:4e:3f:45:01:fa:4d:cb:
         02:61:67:d9:4c:d5:81:09:7d:81:a7:f1:2c:ac:14:22:9f:4c:
         c0:7c:5d:fb:af:0b:5b:eb:cb:dc:70:a6:72:66:d5:d8:9b:d3:
         6a:e7:6f:65:6e:31:e0:08:7f:e7:39:16:67:ef:38:eb:20:0c:
         3f:8d:40:b3:f0:eb:aa:20:d0:ac:d3:6d:68:50:18:a0:c9:cd:
         1e:d4:87:69:57:c3:98:fb:46:a1:81:d4:ce:0a:52:c8:96:64:
         c7:b6:bc:a0:3d:43:b4:c0:48:99:93:e9:6e:df:cb:43:4c:fa:
         a2:6c:5b:cc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUISMesTqk1txjsRL4wtNZ+E8pFVIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA5MTExMzAwMjBaFw0yNTA5MTAxMzA1MjBaMDMxMTAvBgNV
BAMTKDZFRTA1MzI0RUJCNkQzODM2REQyNzcwQkNDM0Y2RjFEMUEyODRDMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz+xscF6pf1j4E2Ceu12EdLCw1
QcPjMjTgd1tPxe8PI3u58B5oYLCr95ELwIohwr98Zn3Ko8jhTv2vXPBJPEa9ZyGt
FmE9rtqZ0aXZ3OWTyS88wLUmmVvdqufNRmnRrOxZv4bl6/G5RdTfavEEHZ6JiZES
VWpF/QY210tNCLNi1u3S5gOv12Dem0ot0fFm+6XH2iL3Y/piZBK5i5oAJNvLTFvq
P9BP4TZt4lDpGAcu/JsEkRtrwvh8zwu4NJW9fHMZTde59x7zRD2dr6+s/OqDfSKY
nwMdG/fwvBL3sZgtc1xxit+mhk41L+2ovabofL1/fyuPfEX0/i2Q+JCFB4vBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbuBTJOu204Nt0ncLzD9vHRooTBUwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzQzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOPkw
DQYJKoZIhvcNAQELBQADggEBAMLYeCqW43PaP6n8XBCK7uof2cFJYaJh9EPJrZX7
zGrU9/qVcVFpj+tgAgPWF1K17GBDfE+ocLj2ixTyUechP8d8EF1jckUDqe8fJmCo
fw7hYS1BugQpyk91EJUYioZ+BBvckzsmMSUjjvDsXlGwXlz5L39/yhHEc51dii6M
YuPuUL69/ZJSLAsyTj9FAfpNywJhZ9lM1YEJfYGn8SysFCKfTMB8XfuvC1vry9xw
pnJm1dib02rnb2VuMeAIf+c5FmfvOOsgDD+NQLPw66og0KzTbWhQGKDJzR7Uh2lX
w5j7RqGB1M4KUsiWZMe2vKA9Q7TASJmT6W7fy0NM+qJsW8w=
-----END CERTIFICATE-----