Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e20333935333734.roa
File:                     322e35392e35382e302f32342d3234203d3e20333935333734.roa (raw, json)
Hash identifier:          2uNRS9AwO5XRULmsaVaVsXK0tzbzCjatUg8HuFupW8Y=
Subject key identifier:   D9:94:16:CE:AE:D7:A1:26:DB:31:08:07:75:C3:49:49:A5:CB:3A:7E
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       04845D808AB2A67F7EBD909D6FBDB0A5F8C7CF97
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e20333935333734.roa
Signing time:             Fri 11 Apr 2025 10:13:46 +0000
ROA not before:           Fri 11 Apr 2025 10:08:46 +0000
ROA not after:            Fri 10 Apr 2026 10:13:46 +0000
asID:                     395374
IP address blocks:        2.59.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 12:48:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:84:5d:80:8a:b2:a6:7f:7e:bd:90:9d:6f:bd:b0:a5:f8:c7:cf:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Apr 11 10:08:46 2025 GMT
            Not After : Apr 10 10:13:46 2026 GMT
        Subject: CN=D99416CEAED7A126DB31080775C34949A5CB3A7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c5:6c:40:11:52:17:62:29:5e:9c:8b:02:8d:
                    9e:ad:61:2e:cf:43:61:24:5f:b4:67:bb:e7:40:bd:
                    65:20:74:86:f7:9c:06:77:d4:a9:c4:fd:a7:e6:3b:
                    db:4f:5b:28:64:54:a3:3d:2a:37:be:67:6c:52:6b:
                    f4:e2:c3:48:ff:88:ae:9e:99:11:a4:02:98:ee:21:
                    87:9b:a8:28:50:c3:db:45:d5:0a:0f:fb:ee:91:9c:
                    18:94:b9:f7:ab:a3:35:ac:0a:2f:c0:65:84:70:4b:
                    7c:ac:8b:3d:a5:c7:27:22:83:0f:f5:8b:25:dc:c5:
                    52:8e:bf:05:37:1c:b2:fa:a3:2f:8f:f9:cd:c0:e0:
                    79:7a:cc:70:36:78:80:8f:50:8c:bf:1d:7b:e0:aa:
                    2c:a3:9d:e7:4a:e8:04:cc:45:2b:18:6f:fe:f1:73:
                    00:04:05:79:d3:25:7c:f4:d1:ef:d9:f6:3f:a0:b2:
                    16:dd:ed:cc:ec:9f:eb:b9:1b:08:8e:3d:ed:09:0a:
                    bb:17:c8:37:8f:a7:b4:be:14:e8:48:2a:98:28:4a:
                    00:52:0d:e7:7f:79:92:25:86:b7:3e:88:73:a7:cd:
                    7e:85:28:ab:0c:e5:b7:7c:c2:47:22:8f:7c:bb:9c:
                    fd:f4:8f:8f:8a:b7:78:24:c0:ee:41:1b:12:c5:0f:
                    45:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:94:16:CE:AE:D7:A1:26:DB:31:08:07:75:C3:49:49:A5:CB:3A:7E
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e20333935333734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:62:6d:38:fb:2f:be:a1:6c:23:42:65:51:6e:ec:bc:8f:7d:
         2b:5b:e7:a3:ac:54:98:d2:e1:a0:45:0e:bf:e1:4f:2c:fd:81:
         97:38:ac:19:10:31:a6:41:a3:13:42:e7:86:08:86:a1:c3:fc:
         f5:dc:c5:12:73:ca:0e:27:74:79:df:38:14:c0:6f:96:97:38:
         8d:65:6a:04:43:d4:4b:00:3c:c5:de:c0:5d:39:03:1f:e9:c7:
         10:9d:21:e4:78:50:bf:62:26:e4:50:c8:ed:7d:e8:65:d7:58:
         47:fd:cd:11:e8:af:5a:8b:5a:49:28:d5:f7:90:6d:14:cc:9f:
         36:be:43:35:9b:93:e0:b1:e5:88:e5:09:a2:f0:2c:29:89:02:
         70:50:23:84:8a:37:91:56:75:ac:f5:07:e8:11:32:64:7d:60:
         a0:af:4d:cf:05:5e:cf:e1:e6:0b:c9:6a:e9:6b:04:8b:8f:a6:
         d1:f0:56:39:b4:ce:4d:b2:e4:35:ac:e5:88:e8:4e:01:7c:f2:
         d7:44:2d:e9:78:a6:e2:7e:0d:c7:4d:8a:eb:0c:33:9c:05:30:
         65:b5:f7:74:1c:04:a6:62:77:a6:90:e4:67:69:92:5e:88:63:
         01:76:f8:f4:25:60:d1:ff:0b:2e:93:de:ac:e7:c9:00:82:6c:
         82:41:9b:a4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBIRdgIqypn9+vZCdb72wpfjHz5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA0MTExMDA4NDZaFw0yNjA0MTAxMDEzNDZaMDMxMTAvBgNV
BAMTKEQ5OTQxNkNFQUVEN0ExMjZEQjMxMDgwNzc1QzM0OTQ5QTVDQjNBN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYxWxAEVIXYilenIsCjZ6tYS7P
Q2EkX7Rnu+dAvWUgdIb3nAZ31KnE/afmO9tPWyhkVKM9Kje+Z2xSa/Tiw0j/iK6e
mRGkApjuIYebqChQw9tF1QoP++6RnBiUuferozWsCi/AZYRwS3ysiz2lxycigw/1
iyXcxVKOvwU3HLL6oy+P+c3A4Hl6zHA2eICPUIy/HXvgqiyjnedK6ATMRSsYb/7x
cwAEBXnTJXz00e/Z9j+gshbd7czsn+u5GwiOPe0JCrsXyDePp7S+FOhIKpgoSgBS
Ded/eZIlhrc+iHOnzX6FKKsM5bd8wkcij3y7nP30j4+Kt3gkwO5BGxLFD0XTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU2ZQWzq7XoSbbMQgHdcNJSaXLOn4wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzUzMzM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzow
DQYJKoZIhvcNAQELBQADggEBAJ5ibTj7L76hbCNCZVFu7LyPfStb56OsVJjS4aBF
Dr/hTyz9gZc4rBkQMaZBoxNC54YIhqHD/PXcxRJzyg4ndHnfOBTAb5aXOI1lagRD
1EsAPMXewF05Ax/pxxCdIeR4UL9iJuRQyO196GXXWEf9zRHor1qLWkko1feQbRTM
nza+QzWbk+Cx5YjlCaLwLCmJAnBQI4SKN5FWdaz1B+gRMmR9YKCvTc8FXs/h5gvJ
aulrBIuPptHwVjm0zk2y5DWs5YjoTgF88tdELel4puJ+DcdNiusMM5wFMGW193Qc
BKZid6aQ5Gdpkl6IYwF2+PQlYNH/Cy6T3qznyQCCbIJBm6Q=
-----END CERTIFICATE-----