Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235312e302f32342d3234203d3e20323032373034.roa
File:                     322e35362e3235312e302f32342d3234203d3e20323032373034.roa (raw, json)
Hash identifier:          j6h5u2G18frpIFY/CeY3X5LrFS/ca4Vg7g3NvYmRFkc=
Subject key identifier:   93:DE:E2:0F:DD:51:39:F8:2A:CE:9B:0A:D5:50:68:24:EE:37:C7:9F
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       41D709ED2E53214D84F2122B5ED08A9D89B65B81
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235312e302f32342d3234203d3e20323032373034.roa
Signing time:             Wed 22 Jan 2025 19:53:52 +0000
ROA not before:           Wed 22 Jan 2025 19:48:52 +0000
ROA not after:            Wed 21 Jan 2026 19:53:52 +0000
asID:                     202704
IP address blocks:        2.56.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:19:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d7:09:ed:2e:53:21:4d:84:f2:12:2b:5e:d0:8a:9d:89:b6:5b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jan 22 19:48:52 2025 GMT
            Not After : Jan 21 19:53:52 2026 GMT
        Subject: CN=93DEE20FDD5139F82ACE9B0AD5506824EE37C79F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:86:67:69:92:f9:d6:97:2e:ed:22:c6:56:58:
                    84:dc:12:56:ed:8c:f1:2a:38:b7:a2:fd:3f:69:ad:
                    00:b1:94:3f:2d:8a:cf:c9:ce:21:dc:5d:b6:14:4a:
                    84:c2:cf:d3:91:37:e1:1a:09:77:04:cc:f0:89:43:
                    eb:b4:44:83:6c:46:e5:e5:14:e1:ec:14:55:7b:b3:
                    41:1c:44:ad:f1:d2:af:55:1b:ee:85:5a:6e:71:fd:
                    d8:17:1c:79:83:20:b4:af:99:28:12:ff:3c:48:24:
                    64:fa:80:89:eb:02:06:44:13:0d:63:17:c5:06:ea:
                    97:aa:fd:9b:c2:ee:ec:71:68:b9:ef:33:ff:57:23:
                    05:77:5e:f2:9c:0d:b5:a4:18:ad:d7:f4:ef:9b:23:
                    ae:43:99:39:60:19:42:74:ae:f6:6c:b3:b3:8c:36:
                    4b:e9:0e:02:81:68:94:f6:38:ca:a3:aa:c0:9b:44:
                    fc:ed:3c:94:8f:fc:1b:57:4d:08:fa:f8:5a:be:2f:
                    6d:38:89:b5:17:a0:13:ca:96:92:c4:12:45:5a:68:
                    6a:3e:6b:f7:54:66:26:c5:c8:82:23:dc:db:90:ea:
                    a1:e8:ae:a5:47:f5:06:92:f8:98:fc:ca:7a:91:bd:
                    45:64:21:4a:46:9b:18:1d:e6:2f:7a:98:f9:72:82:
                    e4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:DE:E2:0F:DD:51:39:F8:2A:CE:9B:0A:D5:50:68:24:EE:37:C7:9F
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235312e302f32342d3234203d3e20323032373034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:f2:57:6a:d4:38:16:70:57:5e:86:de:7b:53:da:bd:bb:34:
         c0:39:7e:59:b5:30:43:f4:68:47:9c:64:4f:cb:b6:cf:31:5c:
         83:c0:a6:c7:13:33:fb:ee:1b:8e:9b:34:47:25:e9:9b:58:b3:
         72:07:76:42:65:b4:e2:66:97:ed:55:28:61:81:fe:d5:55:c6:
         5f:a4:cb:42:36:91:73:2b:39:42:68:c9:0c:68:ec:c7:7a:62:
         88:40:25:20:38:69:f6:39:ad:dd:8a:5a:99:2e:31:3d:d0:4e:
         96:df:db:77:d9:f0:65:69:55:46:a4:13:6a:1e:cd:c7:be:bf:
         05:20:20:b8:b2:1d:7d:bb:34:16:bd:0c:2d:64:7f:eb:b1:55:
         d8:81:7b:30:f7:a0:7b:98:47:19:9d:cf:de:94:26:8c:a0:95:
         4b:0b:61:c2:71:27:b8:cc:75:6d:15:67:03:14:4c:98:1a:2e:
         ed:59:81:b0:0a:a1:f1:32:8d:ab:c2:08:88:80:51:b1:74:b5:
         17:47:e5:8f:a5:cd:f6:26:81:45:4c:2b:73:8c:03:db:81:43:
         12:e7:39:3e:57:76:a3:00:9e:3d:57:4c:78:c0:59:a3:3b:ba:
         28:66:6f:af:b1:0f:bc:e0:94:8b:5c:83:87:0a:14:5f:ee:87:
         58:a9:94:bb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQdcJ7S5TIU2E8hIrXtCKnYm2W4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTAxMjIxOTQ4NTJaFw0yNjAxMjExOTUzNTJaMDMxMTAvBgNV
BAMTKDkzREVFMjBGREQ1MTM5RjgyQUNFOUIwQUQ1NTA2ODI0RUUzN0M3OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDhmdpkvnWly7tIsZWWITcElbt
jPEqOLei/T9prQCxlD8tis/JziHcXbYUSoTCz9ORN+EaCXcEzPCJQ+u0RINsRuXl
FOHsFFV7s0EcRK3x0q9VG+6FWm5x/dgXHHmDILSvmSgS/zxIJGT6gInrAgZEEw1j
F8UG6peq/ZvC7uxxaLnvM/9XIwV3XvKcDbWkGK3X9O+bI65DmTlgGUJ0rvZss7OM
NkvpDgKBaJT2OMqjqsCbRPztPJSP/BtXTQj6+Fq+L204ibUXoBPKlpLEEkVaaGo+
a/dUZibFyIIj3NuQ6qHorqVH9QaS+Jj8ynqRvUVkIUpGmxgd5i96mPlyguTrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUk97iD91ROfgqzpsK1VBoJO43x58wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMjM3MzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
+zANBgkqhkiG9w0BAQsFAAOCAQEAofJXatQ4FnBXXobee1Pavbs0wDl+WbUwQ/Ro
R5xkT8u2zzFcg8CmxxMz++4bjps0RyXpm1izcgd2QmW04maX7VUoYYH+1VXGX6TL
QjaRcys5QmjJDGjsx3piiEAlIDhp9jmt3YpamS4xPdBOlt/bd9nwZWlVRqQTah7N
x76/BSAguLIdfbs0Fr0MLWR/67FV2IF7MPege5hHGZ3P3pQmjKCVSwthwnEnuMx1
bRVnAxRMmBou7VmBsAqh8TKNq8IIiIBRsXS1F0flj6XN9iaBRUwrc4wD24FDEuc5
Pld2owCePVdMeMBZozu6KGZvr7EPvOCUi1yDhwoUX+6HWKmUuw==
-----END CERTIFICATE-----