Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235312e302f32342d3234203d3e20323032373034.roa
File:                     322e35362e3235312e302f32342d3234203d3e20323032373034.roa (raw, json)
Hash identifier:          FErrxfQvvZm80IxK2ryANml2uGzHzywcxmPhPJVYwgE=
Subject key identifier:   54:3B:0B:D7:20:72:30:B7:F1:E6:CA:1B:75:0F:AC:0B:A1:F7:1A:7B
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7CF31E667877B13425214079953EA8C212757CCC
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235312e302f32342d3234203d3e20323032373034.roa
Signing time:             Wed 21 Feb 2024 19:05:13 +0000
ROA not before:           Wed 21 Feb 2024 19:00:13 +0000
ROA not after:            Wed 19 Feb 2025 19:05:13 +0000
asID:                     202704
IP address blocks:        2.56.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f3:1e:66:78:77:b1:34:25:21:40:79:95:3e:a8:c2:12:75:7c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:13 2024 GMT
            Not After : Feb 19 19:05:13 2025 GMT
        Subject: CN=543B0BD7207230B7F1E6CA1B750FAC0BA1F71A7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:12:31:cf:de:1d:f8:3e:0b:a1:34:a3:a6:6e:
                    84:cb:a2:bc:4f:fe:76:f8:c0:74:71:d7:72:d4:2c:
                    cc:55:98:ca:6f:2c:cb:ea:41:f3:6c:e9:a0:70:20:
                    f4:7a:36:53:d3:2c:6f:cf:49:f6:27:c8:25:29:fd:
                    52:20:21:c7:af:36:dc:dd:42:1c:25:5e:d0:46:e7:
                    54:b1:bf:8c:5e:0b:db:ae:f2:90:0d:73:9f:8f:23:
                    66:73:12:2f:f0:d0:7e:33:19:0b:f8:a1:78:15:77:
                    47:20:29:dd:cf:0e:98:8d:a2:42:4c:b3:5c:0e:26:
                    3a:e5:f7:71:65:8c:55:b3:ab:05:cc:f4:d6:65:47:
                    2b:c0:07:97:1a:ac:50:ec:a1:a3:81:ea:b9:f2:f3:
                    bd:e2:a7:8d:e9:de:b8:3f:90:1b:8b:f5:45:f9:e5:
                    69:11:97:77:5b:34:e4:dc:54:ae:21:5d:61:77:19:
                    aa:8f:aa:0f:e4:13:49:40:4e:4c:f0:c5:dc:8a:21:
                    9a:3b:bf:aa:1a:19:43:13:e3:d3:fa:54:75:19:e0:
                    8e:7b:b7:d1:03:07:54:44:0d:01:20:fd:98:60:93:
                    4f:d9:46:18:3b:07:72:f8:25:19:54:80:7e:0e:f0:
                    fc:5b:b6:cd:34:bd:bf:39:2f:72:e9:84:3e:5c:b3:
                    96:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:3B:0B:D7:20:72:30:B7:F1:E6:CA:1B:75:0F:AC:0B:A1:F7:1A:7B
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235312e302f32342d3234203d3e20323032373034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:0b:02:97:ba:b3:c4:4d:6d:9c:f3:b0:c3:d1:4e:78:2d:2b:
         a9:8c:38:5d:96:63:a9:fd:d1:7b:5e:07:93:80:bd:4c:5c:87:
         f5:a7:18:63:cc:50:00:1b:7f:b6:50:3c:12:93:41:63:73:91:
         38:98:df:a2:9a:e9:49:28:81:c2:ef:1c:74:54:9f:c8:0a:b5:
         2a:bb:d9:22:31:1f:7a:4b:51:f8:98:5d:d6:5d:a8:e5:e0:1e:
         50:04:35:1a:95:54:12:7f:d6:91:3b:92:c7:74:70:53:58:6b:
         22:63:44:b7:6b:0d:5e:59:23:eb:5e:32:44:fc:f5:18:ef:fe:
         0b:7a:19:ef:a5:8d:9a:03:6e:25:b6:4f:80:a2:da:1f:fd:32:
         7b:c8:67:6d:ed:27:4e:1a:c6:db:d3:0b:a2:35:81:bc:44:93:
         c6:69:68:cf:30:d8:f4:bc:94:7a:b6:83:b4:20:fd:f1:56:20:
         33:e6:b3:d0:64:5b:f6:a7:5e:b6:10:e1:90:55:28:bf:61:fd:
         78:b7:18:0b:b8:01:e0:38:89:18:8d:b3:cd:77:4a:22:98:55:
         f1:4a:59:c0:2f:d5:61:35:87:b9:29:67:4d:08:4a:fa:e1:70:
         00:4b:64:f0:36:41:3a:23:b3:b4:ff:7c:36:24:07:4b:59:56:
         8a:7e:9a:5b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfPMeZnh3sTQlIUB5lT6owhJ1fMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTNaFw0yNTAyMTkxOTA1MTNaMDMxMTAvBgNV
BAMTKDU0M0IwQkQ3MjA3MjMwQjdGMUU2Q0ExQjc1MEZBQzBCQTFGNzFBN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaEjHP3h34PguhNKOmboTLorxP
/nb4wHRx13LULMxVmMpvLMvqQfNs6aBwIPR6NlPTLG/PSfYnyCUp/VIgIcevNtzd
QhwlXtBG51Sxv4xeC9uu8pANc5+PI2ZzEi/w0H4zGQv4oXgVd0cgKd3PDpiNokJM
s1wOJjrl93FljFWzqwXM9NZlRyvAB5carFDsoaOB6rny873ip43p3rg/kBuL9UX5
5WkRl3dbNOTcVK4hXWF3GaqPqg/kE0lATkzwxdyKIZo7v6oaGUMT49P6VHUZ4I57
t9EDB1REDQEg/Zhgk0/ZRhg7B3L4JRlUgH4O8Pxbts00vb85L3LphD5cs5arAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVDsL1yByMLfx5sobdQ+sC6H3GnswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMjM3MzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
+zANBgkqhkiG9w0BAQsFAAOCAQEApQsCl7qzxE1tnPOww9FOeC0rqYw4XZZjqf3R
e14Hk4C9TFyH9acYY8xQABt/tlA8EpNBY3OROJjfoprpSSiBwu8cdFSfyAq1KrvZ
IjEfektR+Jhd1l2o5eAeUAQ1GpVUEn/WkTuSx3RwU1hrImNEt2sNXlkj614yRPz1
GO/+C3oZ76WNmgNuJbZPgKLaH/0ye8hnbe0nThrG29MLojWBvESTxmlozzDY9LyU
eraDtCD98VYgM+az0GRb9qdethDhkFUov2H9eLcYC7gB4DiJGI2zzXdKIphV8UpZ
wC/VYTWHuSlnTQhK+uFwAEtk8DZBOiOztP98NiQHS1lWin6aWw==
-----END CERTIFICATE-----