Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e203239383032.roa
File:                     322e35362e3235302e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          ObB6+AdtyFFbispaM2aMNIBVbil+nJssEoL2XDiV660=
Subject key identifier:   9A:68:EC:B4:93:56:13:BC:11:7D:FB:08:6C:C5:A6:74:63:E4:6A:32
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       6CAF23DA6483D2F2C3CA8D64BCD588AF99C16062
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e203239383032.roa
Signing time:             Thu 18 Jul 2024 12:51:59 +0000
ROA not before:           Thu 18 Jul 2024 12:46:59 +0000
ROA not after:            Thu 17 Jul 2025 12:51:59 +0000
asID:                     29802
IP address blocks:        2.56.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:af:23:da:64:83:d2:f2:c3:ca:8d:64:bc:d5:88:af:99:c1:60:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jul 18 12:46:59 2024 GMT
            Not After : Jul 17 12:51:59 2025 GMT
        Subject: CN=9A68ECB4935613BC117DFB086CC5A67463E46A32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:27:88:d1:af:60:b4:fc:a0:7d:35:3c:75:c3:
                    b2:27:ce:44:54:00:c6:59:ce:55:34:af:f8:ac:d8:
                    11:ce:c2:8d:50:29:31:79:1c:96:48:c6:a3:36:0c:
                    2a:10:42:1e:aa:ae:a9:58:e1:11:e8:81:93:31:d9:
                    c5:8a:69:72:41:c2:44:28:85:0d:2a:96:95:6f:cc:
                    93:25:02:21:5e:f2:b2:d0:24:7d:c7:16:61:82:e4:
                    2b:f3:b2:66:f5:39:a4:a5:90:0e:ad:f4:66:96:f3:
                    75:8f:52:5b:c7:ec:b3:33:22:ae:22:6e:4a:ad:5d:
                    d3:4f:dc:10:62:9d:c8:3e:fb:0b:b7:bb:21:13:3d:
                    2a:d0:4f:64:04:e0:15:c4:da:5d:45:aa:60:ad:96:
                    e8:40:58:7b:99:8c:00:a1:d1:fc:45:04:79:a0:aa:
                    27:eb:33:df:52:bd:8a:df:33:3c:94:5c:d6:ed:e1:
                    ce:a5:90:d6:e0:63:ac:10:da:62:1c:e8:89:05:a5:
                    b0:d2:9b:94:a9:40:e5:d5:6e:11:ec:57:f7:c9:2d:
                    cb:11:85:1c:4b:ef:3e:1a:7c:ba:50:73:ca:ab:91:
                    7b:ad:72:16:ef:2b:8b:e9:b0:04:0b:d1:ce:e7:81:
                    b0:a0:0d:b4:65:1a:82:ce:cc:10:15:df:04:c8:9c:
                    7e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:68:EC:B4:93:56:13:BC:11:7D:FB:08:6C:C5:A6:74:63:E4:6A:32
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:c5:e0:58:ac:c8:3f:56:a6:6e:d4:b1:8a:92:8e:5c:bb:fe:
         93:56:53:34:f1:c0:1d:49:1b:91:76:04:7a:9f:2f:27:b0:aa:
         4f:70:bd:30:b4:38:40:c6:90:ce:ac:47:87:a6:71:57:78:ae:
         c9:3b:00:46:c6:c9:8b:c4:d1:fd:b4:c0:f5:74:b4:40:1f:15:
         4f:ca:85:0e:ae:fa:2a:c8:97:7f:01:67:67:37:30:6b:8d:09:
         3a:a2:43:b6:36:76:c0:84:ba:8f:1e:05:17:3b:fd:8b:57:8a:
         d2:e9:b4:7b:82:15:c9:b4:c9:bc:1a:bf:47:07:7c:dd:5f:34:
         5f:14:50:77:36:13:6e:10:16:64:43:4e:8e:87:bc:32:81:1a:
         d5:64:bf:00:74:89:0d:a9:26:25:e8:0d:10:3a:23:aa:b8:18:
         71:c4:79:15:ee:3a:49:55:3d:1e:3b:3b:7f:90:d9:23:72:2a:
         25:66:b0:1a:96:a9:77:30:5a:0f:93:de:63:ea:29:a8:47:5a:
         61:38:81:49:bd:79:d3:3b:31:5e:b4:72:e0:24:53:98:d3:32:
         96:2a:e3:a7:ef:05:4a:c0:c6:84:5f:ad:9b:0d:73:8c:15:26:
         25:0a:b7:6f:4e:4b:45:d8:cb:90:7e:00:37:66:30:c4:5e:0c:
         a6:0c:16:b3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbK8j2mSD0vLDyo1kvNWIr5nBYGIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA3MTgxMjQ2NTlaFw0yNTA3MTcxMjUxNTlaMDMxMTAvBgNV
BAMTKDlBNjhFQ0I0OTM1NjEzQkMxMTdERkIwODZDQzVBNjc0NjNFNDZBMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJJ4jRr2C0/KB9NTx1w7InzkRU
AMZZzlU0r/is2BHOwo1QKTF5HJZIxqM2DCoQQh6qrqlY4RHogZMx2cWKaXJBwkQo
hQ0qlpVvzJMlAiFe8rLQJH3HFmGC5Cvzsmb1OaSlkA6t9GaW83WPUlvH7LMzIq4i
bkqtXdNP3BBincg++wu3uyETPSrQT2QE4BXE2l1FqmCtluhAWHuZjACh0fxFBHmg
qifrM99SvYrfMzyUXNbt4c6lkNbgY6wQ2mIc6IkFpbDSm5SpQOXVbhHsV/fJLcsR
hRxL7z4afLpQc8qrkXutchbvK4vpsAQL0c7ngbCgDbRlGoLOzBAV3wTInH7TAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmmjstJNWE7wRffsIbMWmdGPkajIwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzkzODMwMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOPow
DQYJKoZIhvcNAQELBQADggEBAHvF4FisyD9Wpm7UsYqSjly7/pNWUzTxwB1JG5F2
BHqfLyewqk9wvTC0OEDGkM6sR4emcVd4rsk7AEbGyYvE0f20wPV0tEAfFU/KhQ6u
+irIl38BZ2c3MGuNCTqiQ7Y2dsCEuo8eBRc7/YtXitLptHuCFcm0ybwav0cHfN1f
NF8UUHc2E24QFmRDTo6HvDKBGtVkvwB0iQ2pJiXoDRA6I6q4GHHEeRXuOklVPR47
O3+Q2SNyKiVmsBqWqXcwWg+T3mPqKahHWmE4gUm9edM7MV60cuAkU5jTMpYq46fv
BUrAxoRfrZsNc4wVJiUKt29OS0XYy5B+ADdmMMReDKYMFrM=
-----END CERTIFICATE-----