Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20323130353432.roa
File:                     322e35362e3235302e302f32342d3234203d3e20323130353432.roa (raw, json)
Hash identifier:          6vtzRFbRAYD1jv/bRggNsSD/L00SSDZZrO/mldQlAo0=
Subject key identifier:   B8:36:24:ED:C0:2D:A9:90:03:5E:25:2A:BD:89:A8:04:DD:B8:C8:0C
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7676B3645FBB79A2A5BDDB418CB012F4866DFB0A
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20323130353432.roa
Signing time:             Wed 14 Feb 2024 10:16:37 +0000
ROA not before:           Wed 14 Feb 2024 10:11:37 +0000
ROA not after:            Wed 12 Feb 2025 10:16:37 +0000
asID:                     210542
IP address blocks:        2.56.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 14:08:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:76:b3:64:5f:bb:79:a2:a5:bd:db:41:8c:b0:12:f4:86:6d:fb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 14 10:11:37 2024 GMT
            Not After : Feb 12 10:16:37 2025 GMT
        Subject: CN=B83624EDC02DA990035E252ABD89A804DDB8C80C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:98:c5:1e:cb:7b:ea:03:73:8d:5a:10:19:59:
                    fa:03:17:4f:23:a9:b5:f8:86:b3:60:f9:77:0b:46:
                    24:43:d6:01:08:67:5a:ae:30:da:86:02:14:8f:ad:
                    dc:1a:4b:c8:2b:b4:a1:65:87:91:2c:7b:26:e6:4c:
                    13:4a:61:2d:f9:2b:3c:06:3d:fa:71:dd:3d:23:14:
                    9f:7f:4c:c1:66:f4:54:77:18:4e:77:66:10:71:1c:
                    3b:b7:ce:51:ed:63:4d:e5:a4:54:3d:a8:d7:b8:54:
                    78:ce:6a:53:6c:72:02:c5:5c:59:ea:dd:52:ab:f9:
                    a1:a3:b7:07:cb:ba:f9:45:54:b7:31:79:0c:97:8f:
                    06:90:ea:8d:61:1b:49:68:23:34:80:16:da:5e:c5:
                    06:c5:1d:68:a3:33:d5:18:5e:46:17:49:ff:25:9d:
                    25:34:3b:5b:19:1e:33:ff:1a:65:42:16:72:f9:e5:
                    82:34:65:4a:1e:3a:13:dc:5c:96:5e:31:c6:94:90:
                    ed:58:d0:a9:df:ae:84:26:14:d5:17:43:7e:d7:6d:
                    b2:7c:62:21:01:a4:2d:0b:f8:ea:74:e7:9e:c4:13:
                    59:8e:1e:53:d2:2c:ca:17:ec:e9:21:df:b7:2f:22:
                    f9:5e:f2:21:0a:95:49:38:96:4d:4a:ad:4e:9c:ca:
                    b6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:36:24:ED:C0:2D:A9:90:03:5E:25:2A:BD:89:A8:04:DD:B8:C8:0C
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20323130353432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:64:11:87:ba:cc:1e:b8:72:9a:cb:d3:e7:fe:da:e9:c2:d3:
         e2:15:41:63:12:0f:35:b1:bc:6c:8b:69:ec:2a:b7:9f:33:09:
         16:91:a7:6f:2a:da:b7:80:eb:58:92:ee:d3:1c:e6:62:9d:90:
         dd:ad:06:33:68:69:79:0a:43:2a:4c:22:b4:3b:e5:52:19:5c:
         c3:5a:27:a0:57:f4:5d:25:99:75:67:77:6b:2b:4b:49:13:c7:
         66:5b:2a:dd:17:d7:8b:ff:e7:1d:45:20:2f:06:38:72:38:0e:
         16:a1:ce:d1:8f:63:08:0b:6e:ea:2b:12:ff:01:98:bd:09:2a:
         c8:08:89:5b:f5:db:66:48:fa:8b:03:ce:44:c8:df:68:e4:2b:
         59:11:40:78:bf:2b:dd:d9:fb:57:cb:e3:5c:b9:ad:37:ba:10:
         17:8e:22:cd:d4:a4:9e:3c:47:a5:c0:97:98:8f:ff:54:ae:3d:
         00:69:d1:37:00:e9:34:a6:18:97:1b:8d:8d:56:93:e6:f1:01:
         a7:f6:14:43:c1:1d:fb:e7:b7:b3:76:18:24:d8:27:5a:7b:2a:
         8a:01:7d:73:b8:ae:e5:be:be:9c:6e:74:07:7a:e3:84:35:c8:
         54:22:16:f6:ef:82:e6:ed:11:f3:a7:6c:37:a9:7d:85:7a:2f:
         a5:d9:c2:e2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdnazZF+7eaKlvdtBjLAS9IZt+wowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMTQxMDExMzdaFw0yNTAyMTIxMDE2MzdaMDMxMTAvBgNV
BAMTKEI4MzYyNEVEQzAyREE5OTAwMzVFMjUyQUJEODlBODA0RERCOEM4MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvmMUey3vqA3ONWhAZWfoDF08j
qbX4hrNg+XcLRiRD1gEIZ1quMNqGAhSPrdwaS8grtKFlh5EseybmTBNKYS35KzwG
Pfpx3T0jFJ9/TMFm9FR3GE53ZhBxHDu3zlHtY03lpFQ9qNe4VHjOalNscgLFXFnq
3VKr+aGjtwfLuvlFVLcxeQyXjwaQ6o1hG0loIzSAFtpexQbFHWijM9UYXkYXSf8l
nSU0O1sZHjP/GmVCFnL55YI0ZUoeOhPcXJZeMcaUkO1Y0KnfroQmFNUXQ37XbbJ8
YiEBpC0L+Op0557EE1mOHlPSLMoX7Okh37cvIvle8iEKlUk4lk1KrU6cyrYLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuDYk7cAtqZADXiUqvYmoBN24yAwwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMDM1MzQzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
+jANBgkqhkiG9w0BAQsFAAOCAQEAGWQRh7rMHrhymsvT5/7a6cLT4hVBYxIPNbG8
bItp7Cq3nzMJFpGnbyrat4DrWJLu0xzmYp2Q3a0GM2hpeQpDKkwitDvlUhlcw1on
oFf0XSWZdWd3aytLSRPHZlsq3RfXi//nHUUgLwY4cjgOFqHO0Y9jCAtu6isS/wGY
vQkqyAiJW/XbZkj6iwPORMjfaOQrWRFAeL8r3dn7V8vjXLmtN7oQF44izdSknjxH
pcCXmI//VK49AGnRNwDpNKYYlxuNjVaT5vEBp/YUQ8Ed++e3s3YYJNgnWnsqigF9
c7iu5b6+nG50B3rjhDXIVCIW9u+C5u0R86dsN6l9hXovpdnC4g==
-----END CERTIFICATE-----