Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203134363138.roa
File:                     322e35392e35372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          L6Ihsb9J5sJMb6+IDBxQrTbZmEgjzS3p0nDCNIzNPEk=
Subject key identifier:   41:8A:56:EB:99:07:97:AD:D8:EA:DA:C7:C4:BA:CA:48:D1:DC:B9:73
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       46228B7B883351882B7493E673987D19BEA75678
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203134363138.roa
Signing time:             Thu 07 Mar 2024 10:05:14 +0000
ROA not before:           Thu 07 Mar 2024 10:00:14 +0000
ROA not after:            Thu 06 Mar 2025 10:05:14 +0000
asID:                     14618
IP address blocks:        2.59.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:22:8b:7b:88:33:51:88:2b:74:93:e6:73:98:7d:19:be:a7:56:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar  7 10:00:14 2024 GMT
            Not After : Mar  6 10:05:14 2025 GMT
        Subject: CN=418A56EB990797ADD8EADAC7C4BACA48D1DCB973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:47:5d:b3:72:fc:b9:4c:0b:05:db:aa:0a:4b:
                    42:84:86:8a:9d:25:96:b7:3d:61:89:22:b7:dc:0e:
                    86:e5:42:32:4d:6b:cc:34:77:a3:0a:42:9d:22:69:
                    0b:c6:f8:8d:26:16:54:c1:52:52:42:ad:c5:79:f5:
                    29:82:7c:c5:c9:36:55:5a:07:d3:8a:bb:34:11:b7:
                    66:bb:fb:2f:4c:f9:e1:b3:ab:f1:f9:5b:de:c7:68:
                    f9:42:52:83:b0:98:63:91:59:86:44:77:71:d4:e7:
                    b0:8c:9b:3e:cc:c7:aa:d2:5c:a0:45:0d:27:6f:cd:
                    38:e1:04:fa:5e:60:b2:61:7a:9e:18:2d:24:37:46:
                    c0:61:56:7d:7b:89:bb:ee:56:e6:94:65:80:47:5c:
                    c8:36:77:2c:88:41:46:42:14:17:52:d1:4c:19:5a:
                    d9:c9:3b:a0:c5:eb:e3:21:88:3d:05:65:22:5b:82:
                    f7:44:e3:f7:04:4d:50:7c:f0:99:9f:ff:c0:ea:52:
                    d2:0d:cd:17:f2:07:6c:e1:e4:96:66:2d:64:37:72:
                    61:8f:ad:94:e1:b5:3d:70:2b:ce:a7:42:43:0e:4c:
                    3a:4b:f1:84:1f:3c:b8:ac:d5:e7:69:b4:fd:fa:cd:
                    8b:e4:4d:0a:1b:f1:b4:c5:fc:46:66:1b:d4:50:81:
                    4d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:8A:56:EB:99:07:97:AD:D8:EA:DA:C7:C4:BA:CA:48:D1:DC:B9:73
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:3a:05:91:c1:cb:45:18:41:9a:99:88:c7:56:2f:01:60:97:
         2f:cd:a9:7e:ff:6f:ad:51:2e:6e:d8:80:69:8d:6f:62:8b:95:
         98:ad:44:52:46:2a:23:f8:8f:52:5f:fa:36:bb:2a:0e:c6:72:
         e6:39:01:25:f2:24:d0:93:ab:dd:2a:4c:28:09:dd:1d:df:2f:
         cc:e0:1b:a7:df:22:c8:67:f8:b1:cf:29:e8:69:00:2a:44:e6:
         2e:9e:f4:86:ad:1a:5b:57:e4:64:f5:29:04:34:8c:7b:fc:c0:
         ac:6f:01:94:ac:54:4d:20:fc:07:75:fb:83:5a:25:cd:ff:a4:
         dc:ff:b4:a5:07:2e:e9:0b:da:9f:b1:2d:0d:17:47:c2:9d:92:
         f2:ba:e8:3a:75:a6:fe:31:d4:e8:3d:54:33:2d:26:f4:a1:23:
         c5:ca:93:81:35:a9:f9:3d:14:83:65:b7:8d:a1:80:56:50:cf:
         f8:16:fd:9b:e8:28:b5:43:3a:f3:d2:da:74:17:84:45:5e:96:
         69:95:9a:15:16:a5:d8:97:af:78:4b:9c:77:fa:c9:4b:ab:7f:
         d2:59:47:9d:24:90:e0:3f:61:3c:7d:a7:0c:58:19:85:16:ee:
         6c:29:bd:fd:72:4e:2a:b9:2d:c2:5b:51:8b:bf:56:ec:ec:af:
         8f:e2:51:77
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURiKLe4gzUYgrdJPmc5h9Gb6nVngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAzMDcxMDAwMTRaFw0yNTAzMDYxMDA1MTRaMDMxMTAvBgNV
BAMTKDQxOEE1NkVCOTkwNzk3QUREOEVBREFDN0M0QkFDQTQ4RDFEQ0I5NzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfR12zcvy5TAsF26oKS0KEhoqd
JZa3PWGJIrfcDoblQjJNa8w0d6MKQp0iaQvG+I0mFlTBUlJCrcV59SmCfMXJNlVa
B9OKuzQRt2a7+y9M+eGzq/H5W97HaPlCUoOwmGORWYZEd3HU57CMmz7Mx6rSXKBF
DSdvzTjhBPpeYLJhep4YLSQ3RsBhVn17ibvuVuaUZYBHXMg2dyyIQUZCFBdS0UwZ
WtnJO6DF6+MhiD0FZSJbgvdE4/cETVB88Jmf/8DqUtINzRfyB2zh5JZmLWQ3cmGP
rZThtT1wK86nQkMOTDpL8YQfPLis1edptP36zYvkTQob8bTF/EZmG9RQgU1zAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUQYpW65kHl63Y6trHxLrKSNHcuXMwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs5MA0G
CSqGSIb3DQEBCwUAA4IBAQCKOgWRwctFGEGamYjHVi8BYJcvzal+/2+tUS5u2IBp
jW9ii5WYrURSRioj+I9SX/o2uyoOxnLmOQEl8iTQk6vdKkwoCd0d3y/M4Bun3yLI
Z/ixzynoaQAqROYunvSGrRpbV+Rk9SkENIx7/MCsbwGUrFRNIPwHdfuDWiXN/6Tc
/7SlBy7pC9qfsS0NF0fCnZLyuug6dab+MdToPVQzLSb0oSPFypOBNan5PRSDZbeN
oYBWUM/4Fv2b6Ci1Qzrz0tp0F4RFXpZplZoVFqXYl694S5x3+slLq3/SWUedJJDg
P2E8facMWBmFFu5sKb39ck4quS3CW1GLv1bs7K+P4lF3
-----END CERTIFICATE-----