Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203136353039.roa
File:                     322e35392e35372e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          9nVF3EV0kkJHcS+XQUAPxHsga7ELJLiW3z5t6zRzzEg=
Subject key identifier:   58:2C:4B:DC:63:32:3C:64:50:60:AF:BD:1A:CB:33:C9:46:5F:6D:07
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       245C2737AEAC0FF9BEC53A28FC2CF983C333F9F0
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203136353039.roa
Signing time:             Thu 07 Mar 2024 10:05:14 +0000
ROA not before:           Thu 07 Mar 2024 10:00:14 +0000
ROA not after:            Thu 06 Mar 2025 10:05:14 +0000
asID:                     16509
IP address blocks:        2.59.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:5c:27:37:ae:ac:0f:f9:be:c5:3a:28:fc:2c:f9:83:c3:33:f9:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar  7 10:00:14 2024 GMT
            Not After : Mar  6 10:05:14 2025 GMT
        Subject: CN=582C4BDC63323C645060AFBD1ACB33C9465F6D07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:28:0c:78:9e:51:b2:47:b4:c8:76:40:df:77:
                    c0:3e:d7:ba:8c:2a:80:9d:55:23:a8:90:b3:48:38:
                    f2:49:94:39:c1:20:a3:0e:d5:6b:b7:11:d4:dd:98:
                    83:29:83:af:53:60:51:b8:f7:07:e4:c1:79:13:7a:
                    5e:ae:55:bc:97:ca:12:da:6c:9a:43:12:eb:41:7e:
                    f8:80:1a:5b:51:ab:d9:14:e1:4c:b7:ec:1c:7c:75:
                    76:ab:b9:94:5c:28:9e:08:4d:db:bc:5b:09:00:26:
                    5c:12:89:e9:fb:e9:1a:da:df:7c:16:f4:e5:36:fa:
                    97:8f:2b:07:c2:0a:6a:c8:47:2c:96:59:e0:18:72:
                    88:46:33:74:d8:17:a7:cf:be:2e:19:91:6e:da:d4:
                    c0:6b:3e:dc:bc:fe:76:25:44:d0:dc:2e:de:df:96:
                    d2:46:69:28:a4:b6:c8:d2:89:cf:73:98:63:60:f0:
                    af:8f:29:4a:c6:e0:f4:7a:d6:b7:f8:91:65:69:dc:
                    b4:40:3d:f0:a9:a5:19:f3:a4:01:92:ea:b6:3a:fb:
                    ca:04:4d:40:ca:38:3e:f7:04:70:9d:26:3a:c8:ec:
                    de:bb:4e:cc:53:2c:7a:b2:25:d9:c8:8f:9b:c7:6e:
                    a4:79:b3:5d:65:aa:d7:18:ff:3d:d2:46:b8:d2:9d:
                    05:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:2C:4B:DC:63:32:3C:64:50:60:AF:BD:1A:CB:33:C9:46:5F:6D:07
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35372e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:77:17:24:ed:c9:ce:eb:47:65:62:c7:66:38:32:d0:29:f3:
         e8:f4:5a:89:00:59:bc:80:d4:24:3b:54:da:db:28:91:47:a8:
         01:31:5a:c8:99:e2:05:5c:d6:51:5c:29:eb:c7:5a:03:6c:00:
         0b:47:bc:49:0d:0b:de:55:b4:f2:d5:bc:dd:f8:bc:e3:56:77:
         35:9e:54:58:bb:f5:30:62:ae:4d:e3:65:59:bf:95:42:b0:b1:
         38:ac:16:91:67:55:85:de:69:4a:6a:d9:6b:90:71:e4:ec:c7:
         91:f7:85:a5:ef:de:fe:58:a0:50:48:ad:a5:53:61:39:42:57:
         15:5d:ef:79:92:c0:f5:d9:9d:2c:2b:fc:1e:df:1a:08:c5:31:
         63:98:50:f2:9d:bb:1f:3f:98:04:47:29:c4:a0:30:4e:17:e9:
         4e:8e:7a:75:2e:e8:d9:a2:fa:f6:db:81:9a:97:8a:93:1c:16:
         74:a0:bb:e4:ce:16:d6:bb:b8:bc:81:00:78:78:ec:da:79:c2:
         9f:31:44:3d:a5:f6:34:60:bf:59:1b:87:a6:56:05:27:66:67:
         2e:c6:19:b7:a9:6f:9c:ea:ce:97:fe:e9:40:61:ca:9b:b0:df:
         cf:60:49:ba:72:e6:e0:e4:51:2e:14:c0:cd:17:e1:64:88:56:
         f4:34:64:be
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUJFwnN66sD/m+xToo/Cz5g8Mz+fAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAzMDcxMDAwMTRaFw0yNTAzMDYxMDA1MTRaMDMxMTAvBgNV
BAMTKDU4MkM0QkRDNjMzMjNDNjQ1MDYwQUZCRDFBQ0IzM0M5NDY1RjZEMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCKAx4nlGyR7TIdkDfd8A+17qM
KoCdVSOokLNIOPJJlDnBIKMO1Wu3EdTdmIMpg69TYFG49wfkwXkTel6uVbyXyhLa
bJpDEutBfviAGltRq9kU4Uy37Bx8dXaruZRcKJ4ITdu8WwkAJlwSien76Rra33wW
9OU2+pePKwfCCmrIRyyWWeAYcohGM3TYF6fPvi4ZkW7a1MBrPty8/nYlRNDcLt7f
ltJGaSiktsjSic9zmGNg8K+PKUrG4PR61rf4kWVp3LRAPfCppRnzpAGS6rY6+8oE
TUDKOD73BHCdJjrI7N67TsxTLHqyJdnIj5vHbqR5s11lqtcY/z3SRrjSnQW1AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUWCxL3GMyPGRQYK+9GsszyUZfbQcwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs5MA0G
CSqGSIb3DQEBCwUAA4IBAQA3dxck7cnO60dlYsdmODLQKfPo9FqJAFm8gNQkO1Ta
2yiRR6gBMVrImeIFXNZRXCnrx1oDbAALR7xJDQveVbTy1bzd+LzjVnc1nlRYu/Uw
Yq5N42VZv5VCsLE4rBaRZ1WF3mlKatlrkHHk7MeR94Wl797+WKBQSK2lU2E5QlcV
Xe95ksD12Z0sK/we3xoIxTFjmFDynbsfP5gERynEoDBOF+lOjnp1LujZovr224Ga
l4qTHBZ0oLvkzhbWu7i8gQB4eOzaecKfMUQ9pfY0YL9ZG4emVgUnZmcuxhm3qW+c
6s6X/ulAYcqbsN/PYEm6cubg5FEuFMDNF+FkiFb0NGS+
-----END CERTIFICATE-----