Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e203538303631.roa
File:                     322e35392e35382e302f32342d3234203d3e203538303631.roa (raw, json)
Hash identifier:          HbUdruWvQyFxvF5xRhNCH1UD93ASCtc1PsvMQTu9lak=
Subject key identifier:   A9:DD:30:F8:0C:B0:C6:39:21:D4:63:89:02:C1:B8:47:9A:90:A1:71
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       0DE319F8763AEDF8680D06CF22E66516C17F0979
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e203538303631.roa
Signing time:             Sat 11 Jan 2025 12:53:51 +0000
ROA not before:           Sat 11 Jan 2025 12:48:51 +0000
ROA not after:            Sat 10 Jan 2026 12:53:51 +0000
asID:                     58061
IP address blocks:        2.59.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:19:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:e3:19:f8:76:3a:ed:f8:68:0d:06:cf:22:e6:65:16:c1:7f:09:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jan 11 12:48:51 2025 GMT
            Not After : Jan 10 12:53:51 2026 GMT
        Subject: CN=A9DD30F80CB0C63921D4638902C1B8479A90A171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8e:cf:f1:0c:d7:0c:70:ca:68:da:5e:00:5c:
                    6b:9e:fa:91:6a:e9:ed:82:4a:97:c1:ac:31:d4:7a:
                    cd:3f:6e:ba:13:0a:61:ac:1c:b1:7a:49:dd:39:de:
                    f7:60:94:63:6a:0e:5d:2f:c1:08:40:66:32:08:8f:
                    c4:0a:cf:bb:18:a4:9f:26:8c:f3:c1:5b:77:8c:0c:
                    d6:9e:3f:e0:63:c7:ef:06:51:91:a0:4d:e0:a7:80:
                    ce:24:80:56:19:cd:05:d7:4d:44:da:43:cb:09:60:
                    df:11:09:10:e4:be:d7:a1:ed:18:cf:2a:06:a8:69:
                    14:c7:1d:09:68:3c:13:c6:8f:5c:f9:5a:6b:48:a5:
                    d9:af:c0:a2:0a:6e:9c:f8:97:8d:7d:e7:62:d8:09:
                    e1:16:07:d0:a1:a8:de:05:8e:bd:78:c1:09:82:e0:
                    a0:19:be:11:25:60:29:de:7c:da:d7:d4:58:1b:8f:
                    b5:39:ca:fa:c8:ca:75:2a:82:5c:e9:4d:bf:8a:ac:
                    9f:d4:e4:b3:80:34:4d:f2:d8:17:6e:aa:60:6d:0e:
                    ea:86:48:77:f4:b7:0d:cb:fb:cf:0e:32:90:d3:97:
                    dd:cb:09:5a:b8:9b:30:09:9a:bf:47:d7:94:36:5e:
                    c1:8f:f5:20:9c:3f:57:c8:36:28:38:ec:83:40:75:
                    dc:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:DD:30:F8:0C:B0:C6:39:21:D4:63:89:02:C1:B8:47:9A:90:A1:71
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35382e302f32342d3234203d3e203538303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:02:65:27:31:82:66:7b:4f:cd:fd:62:10:a8:49:5b:a1:a6:
         60:19:b6:4b:91:d8:3d:1d:98:44:23:f0:3a:cb:e8:ea:45:b9:
         47:9d:ee:3f:60:bb:fa:06:43:59:55:31:0b:c5:50:f3:39:a4:
         1d:69:86:82:cf:c2:95:8e:3b:b0:95:3f:90:62:a2:e8:71:04:
         a9:61:7d:8c:00:4d:aa:18:82:bf:68:0f:e5:68:fd:d6:68:2b:
         60:62:61:08:db:bb:98:72:a7:96:95:df:6c:83:93:39:d8:14:
         09:b4:1b:94:4e:d9:3e:1e:57:d7:17:c5:f0:57:1d:26:1b:31:
         bb:e3:7a:95:2a:a1:ce:a0:b3:5a:c1:9c:cb:44:bd:38:94:51:
         88:33:06:58:65:f8:3e:6b:bc:b2:87:ee:b3:c9:46:49:68:e8:
         b2:3c:f8:01:bb:eb:d2:9e:20:ee:32:04:ae:f0:31:29:4e:bc:
         ad:88:fb:23:da:07:4d:eb:87:5b:b3:a1:2e:75:e9:a2:08:cf:
         5b:8a:86:d6:c2:92:1c:d6:d6:22:e5:7f:b5:df:dd:76:32:68:
         29:00:bf:4f:d5:83:d3:27:1e:4f:e6:52:79:4d:31:c1:67:86:
         7d:1a:08:03:05:ea:7c:4e:d5:dc:d9:8f:f5:a9:8b:94:1c:64:
         bd:cb:3b:9f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDeMZ+HY67fhoDQbPIuZlFsF/CXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTAxMTExMjQ4NTFaFw0yNjAxMTAxMjUzNTFaMDMxMTAvBgNV
BAMTKEE5REQzMEY4MENCMEM2MzkyMUQ0NjM4OTAyQzFCODQ3OUE5MEExNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnjs/xDNcMcMpo2l4AXGue+pFq
6e2CSpfBrDHUes0/broTCmGsHLF6Sd053vdglGNqDl0vwQhAZjIIj8QKz7sYpJ8m
jPPBW3eMDNaeP+Bjx+8GUZGgTeCngM4kgFYZzQXXTUTaQ8sJYN8RCRDkvteh7RjP
KgaoaRTHHQloPBPGj1z5WmtIpdmvwKIKbpz4l41952LYCeEWB9ChqN4Fjr14wQmC
4KAZvhElYCnefNrX1Fgbj7U5yvrIynUqglzpTb+KrJ/U5LOANE3y2BduqmBtDuqG
SHf0tw3L+88OMpDTl93LCVq4mzAJmr9H15Q2XsGP9SCcP1fINig47INAddyzAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUqd0w+Aywxjkh1GOJAsG4R5qQoXEwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM4MzAzNjMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs6MA0G
CSqGSIb3DQEBCwUAA4IBAQA4AmUnMYJme0/N/WIQqElboaZgGbZLkdg9HZhEI/A6
y+jqRblHne4/YLv6BkNZVTELxVDzOaQdaYaCz8KVjjuwlT+QYqLocQSpYX2MAE2q
GIK/aA/laP3WaCtgYmEI27uYcqeWld9sg5M52BQJtBuUTtk+HlfXF8XwVx0mGzG7
43qVKqHOoLNawZzLRL04lFGIMwZYZfg+a7yyh+6zyUZJaOiyPPgBu+vSniDuMgSu
8DEpTrytiPsj2gdN64dbs6EudemiCM9biobWwpIc1tYi5X+13912MmgpAL9P1YPT
Jx5P5lJ5TTHBZ4Z9GggDBep8TtXc2Y/1qYuUHGS9yzuf
-----END CERTIFICATE-----