Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203134363138.roa
File:                     322e35392e35372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          JS6+nOch3e/vLj//W1TtWQZy79seuymCRhe3Y5fott0=
Subject key identifier:   80:B8:E3:14:E1:FD:6C:FA:53:2D:30:73:27:A5:17:6E:97:07:D1:D9
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       533EB4923BF03B5A014ECEA02D23D0DA55910D29
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203134363138.roa
Signing time:             Thu 06 Feb 2025 10:53:53 +0000
ROA not before:           Thu 06 Feb 2025 10:48:53 +0000
ROA not after:            Thu 05 Feb 2026 10:53:53 +0000
asID:                     14618
IP address blocks:        2.59.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:3e:b4:92:3b:f0:3b:5a:01:4e:ce:a0:2d:23:d0:da:55:91:0d:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb  6 10:48:53 2025 GMT
            Not After : Feb  5 10:53:53 2026 GMT
        Subject: CN=80B8E314E1FD6CFA532D307327A5176E9707D1D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7b:fa:4a:24:a7:5e:b7:d8:f8:1d:c5:a7:ab:
                    94:8a:bd:89:d6:ba:6c:83:d7:af:f9:77:5c:45:9f:
                    da:05:d2:90:74:33:3d:c9:57:34:22:6a:c1:05:e2:
                    71:8b:30:bc:db:62:ab:5e:24:f5:96:ba:c6:e9:03:
                    2f:71:2f:bc:1c:d6:fe:7f:21:64:9a:f4:1a:5a:8b:
                    8b:f9:7f:3b:a4:bd:bb:11:91:a8:fd:06:96:7e:5c:
                    83:62:3d:b3:59:d9:98:4d:f1:9f:07:eb:74:01:ae:
                    39:81:92:02:6e:79:e9:6b:f9:a4:5b:bd:d8:e9:71:
                    db:eb:69:47:55:59:bc:c5:54:22:a7:b8:04:b0:c2:
                    06:53:4f:64:36:65:36:bd:57:b4:13:c3:06:2c:59:
                    fc:6c:fb:77:dd:7f:41:70:e8:66:ca:55:a1:8b:98:
                    cd:2b:66:89:9e:91:2b:b6:8c:57:39:43:20:bb:db:
                    3e:4f:17:51:50:4b:ad:cf:db:c3:a1:82:88:2d:1f:
                    30:fa:5a:32:b5:92:b1:74:36:c2:d7:95:07:5c:0c:
                    09:03:62:be:ee:f3:37:aa:5c:31:12:9e:fa:f4:6c:
                    27:85:52:df:17:f9:7f:0f:bb:07:ff:4e:4d:2f:ee:
                    74:c6:f7:b3:ce:95:b9:7e:0c:86:28:30:ec:c8:41:
                    a4:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:B8:E3:14:E1:FD:6C:FA:53:2D:30:73:27:A5:17:6E:97:07:D1:D9
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:05:d6:ec:df:72:a7:16:d1:ed:47:8f:49:af:80:33:49:ef:
         cc:22:db:6d:68:6d:24:a6:24:9e:33:8e:f8:7f:86:9f:84:9c:
         fb:f6:98:d1:aa:ab:69:10:a8:c7:0e:2a:26:97:70:f1:fb:95:
         0e:12:a0:f0:c9:cc:ee:f9:87:6f:ff:a9:7e:d5:79:6b:2a:3e:
         a4:ee:9d:16:74:ce:40:d2:c5:fa:cd:bd:c0:1e:1c:b1:68:7a:
         ea:21:a4:86:5e:c6:c4:c8:0a:9c:48:ed:56:be:81:c7:07:c0:
         19:ac:ae:20:85:70:6c:35:7e:d7:ba:eb:e1:4f:33:a8:10:11:
         c1:69:7b:88:8d:cb:69:c6:aa:d9:5f:0a:14:9f:5f:53:25:f5:
         a1:d6:98:2a:cd:27:c7:13:33:01:d7:a0:b9:ae:9e:19:c6:e6:
         9d:af:22:51:11:f1:b0:45:c9:63:8f:a7:dd:a4:bc:d9:12:cb:
         4e:6e:9d:38:0c:cf:69:10:ca:77:07:c6:4e:81:e4:32:2f:2e:
         72:e4:3d:b9:2d:10:fb:aa:d4:ec:20:af:6f:27:01:43:78:1b:
         70:46:e4:f9:d1:8a:f5:b1:53:a6:3f:7e:ec:1c:4e:b1:51:52:
         7c:21:eb:7c:a9:95:8e:88:3a:36:e7:0c:d2:10:04:95:55:65:
         85:fe:1a:1d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUUz60kjvwO1oBTs6gLSPQ2lWRDSkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTAyMDYxMDQ4NTNaFw0yNjAyMDUxMDUzNTNaMDMxMTAvBgNV
BAMTKDgwQjhFMzE0RTFGRDZDRkE1MzJEMzA3MzI3QTUxNzZFOTcwN0QxRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8e/pKJKdet9j4HcWnq5SKvYnW
umyD16/5d1xFn9oF0pB0Mz3JVzQiasEF4nGLMLzbYqteJPWWusbpAy9xL7wc1v5/
IWSa9Bpai4v5fzukvbsRkaj9BpZ+XINiPbNZ2ZhN8Z8H63QBrjmBkgJueelr+aRb
vdjpcdvraUdVWbzFVCKnuASwwgZTT2Q2ZTa9V7QTwwYsWfxs+3fdf0Fw6GbKVaGL
mM0rZomekSu2jFc5QyC72z5PF1FQS63P28OhgogtHzD6WjK1krF0NsLXlQdcDAkD
Yr7u8zeqXDESnvr0bCeFUt8X+X8Puwf/Tk0v7nTG97POlbl+DIYoMOzIQaQ7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUgLjjFOH9bPpTLTBzJ6UXbpcH0dkwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs5MA0G
CSqGSIb3DQEBCwUAA4IBAQDBBdbs33KnFtHtR49Jr4AzSe/MItttaG0kpiSeM474
f4afhJz79pjRqqtpEKjHDioml3Dx+5UOEqDwyczu+Ydv/6l+1XlrKj6k7p0WdM5A
0sX6zb3AHhyxaHrqIaSGXsbEyAqcSO1WvoHHB8AZrK4ghXBsNX7XuuvhTzOoEBHB
aXuIjctpxqrZXwoUn19TJfWh1pgqzSfHEzMB16C5rp4ZxuadryJREfGwRcljj6fd
pLzZEstObp04DM9pEMp3B8ZOgeQyLy5y5D25LRD7qtTsIK9vJwFDeBtwRuT50Yr1
sVOmP37sHE6xUVJ8Iet8qZWOiDo25wzSEASVVWWF/hod
-----END CERTIFICATE-----