Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35362e302f32342d3234203d3e20343030303339.roa
File:                     322e35392e35362e302f32342d3234203d3e20343030303339.roa (raw, json)
Hash identifier:          OcvS5xhZJ5Lgh6JLHMLaaMZNrzDo4DvbttVgPwDFYTo=
Subject key identifier:   8F:07:45:C8:93:99:D2:1C:A7:07:E5:73:B9:A0:E0:0D:E0:08:14:7A
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       3F08926EBDF288343FFAB80F8D3EE3BA6AA14EE6
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35362e302f32342d3234203d3e20343030303339.roa
Signing time:             Wed 21 Feb 2024 19:05:12 +0000
ROA not before:           Wed 21 Feb 2024 19:00:12 +0000
ROA not after:            Wed 19 Feb 2025 19:05:12 +0000
asID:                     400039
IP address blocks:        2.59.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:08:92:6e:bd:f2:88:34:3f:fa:b8:0f:8d:3e:e3:ba:6a:a1:4e:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:12 2024 GMT
            Not After : Feb 19 19:05:12 2025 GMT
        Subject: CN=8F0745C89399D21CA707E573B9A0E00DE008147A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:67:01:0f:ae:f1:8d:cc:d2:cf:6f:ce:30:f9:
                    ce:35:0d:00:0e:48:e0:71:41:6f:07:02:85:74:f9:
                    5b:20:7c:ba:a2:38:1f:79:93:60:c8:2d:43:c5:cd:
                    73:3f:cc:e1:4e:5f:49:11:b8:3b:39:af:21:67:02:
                    71:81:c0:46:e7:17:dc:1f:8d:6c:f3:52:16:45:3f:
                    34:62:fd:c2:60:80:2d:5d:68:ea:91:4d:00:6d:4d:
                    0a:1a:17:7c:9f:ea:b4:98:da:46:0a:36:b8:c1:ce:
                    17:a7:81:23:aa:14:57:a2:40:b2:53:89:af:07:d0:
                    43:52:67:61:56:00:15:7f:44:33:5d:14:bb:17:0a:
                    57:6a:bd:d4:93:3f:14:de:76:27:9b:e7:0a:2e:48:
                    1f:89:f8:6d:3f:e7:6a:a4:3c:b0:41:e4:a7:39:23:
                    4a:89:37:a8:fa:b5:0f:43:61:d9:5f:33:ae:a5:68:
                    91:42:90:19:1f:1c:aa:f8:1c:0e:e1:47:61:4c:a1:
                    bb:3c:68:62:29:df:ca:9f:45:4f:34:3a:f0:45:b6:
                    13:ad:9b:41:a8:8b:d9:26:54:f6:f4:fa:97:c8:dd:
                    67:cb:06:8c:08:71:fc:58:28:db:e3:59:09:db:fc:
                    05:d5:a9:d6:00:d2:d1:d8:ef:3d:d8:9a:3f:0f:68:
                    61:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:07:45:C8:93:99:D2:1C:A7:07:E5:73:B9:A0:E0:0D:E0:08:14:7A
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35362e302f32342d3234203d3e20343030303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:44:35:4f:1b:2d:be:06:c4:8e:b1:30:3f:44:4d:ad:79:41:
         9c:a8:c2:1d:e9:9c:9b:dc:3b:7d:34:85:69:bc:74:01:77:8f:
         0d:ce:25:41:cd:d5:de:fb:cb:32:1d:fd:c2:8f:4e:c8:fa:5b:
         08:7c:df:11:21:2e:b3:89:8a:17:32:9c:16:d8:6c:7b:62:c1:
         2f:c4:f1:e5:d4:23:af:f2:c4:e1:28:95:5e:77:8f:1e:09:8b:
         84:28:c1:b3:d8:4d:d5:54:98:14:98:61:4d:9c:94:62:fd:e4:
         6c:43:af:60:a3:de:bc:06:20:a9:9a:9b:70:94:e8:b8:a5:95:
         0a:d2:f0:5d:61:1f:d8:af:c9:fe:96:1a:e3:d5:73:12:f4:52:
         0e:f6:d8:74:6f:40:b5:77:6e:3f:c6:94:03:01:e4:88:51:65:
         b4:81:bc:9e:a4:05:b8:d0:4b:e2:3b:ba:17:fc:fa:b3:68:3d:
         2e:de:16:a2:03:13:6d:ca:da:b3:0b:86:93:99:13:64:b8:17:
         e7:96:ab:38:6a:e1:d0:c4:c1:23:5b:10:d6:15:0a:4f:29:dd:
         d5:36:5c:bd:7d:38:52:78:3e:f9:9c:98:28:b9:6c:f9:76:b1:
         b8:c4:60:c8:62:40:af:6c:14:89:18:9f:b9:bd:db:e2:48:76:
         df:45:fe:c9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPwiSbr3yiDQ/+rgPjT7jumqhTuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTJaFw0yNTAyMTkxOTA1MTJaMDMxMTAvBgNV
BAMTKDhGMDc0NUM4OTM5OUQyMUNBNzA3RTU3M0I5QTBFMDBERTAwODE0N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyZwEPrvGNzNLPb84w+c41DQAO
SOBxQW8HAoV0+VsgfLqiOB95k2DILUPFzXM/zOFOX0kRuDs5ryFnAnGBwEbnF9wf
jWzzUhZFPzRi/cJggC1daOqRTQBtTQoaF3yf6rSY2kYKNrjBzhengSOqFFeiQLJT
ia8H0ENSZ2FWABV/RDNdFLsXCldqvdSTPxTedieb5wouSB+J+G0/52qkPLBB5Kc5
I0qJN6j6tQ9DYdlfM66laJFCkBkfHKr4HA7hR2FMobs8aGIp38qfRU80OvBFthOt
m0Goi9kmVPb0+pfI3WfLBowIcfxYKNvjWQnb/AXVqdYA0tHY7z3Ymj8PaGHRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjwdFyJOZ0hynB+VzuaDgDeAIFHowHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzAzMDMzMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzgw
DQYJKoZIhvcNAQELBQADggEBAG1ENU8bLb4GxI6xMD9ETa15QZyowh3pnJvcO300
hWm8dAF3jw3OJUHN1d77yzId/cKPTsj6Wwh83xEhLrOJihcynBbYbHtiwS/E8eXU
I6/yxOEolV53jx4Ji4QowbPYTdVUmBSYYU2clGL95GxDr2Cj3rwGIKmam3CU6Lil
lQrS8F1hH9ivyf6WGuPVcxL0Ug722HRvQLV3bj/GlAMB5IhRZbSBvJ6kBbjQS+I7
uhf8+rNoPS7eFqIDE23K2rMLhpOZE2S4F+eWqzhq4dDEwSNbENYVCk8p3dU2XL19
OFJ4PvmcmCi5bPl2sbjEYMhiQK9sFIkYn7m92+JIdt9F/sk=
-----END CERTIFICATE-----