Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35392e302f32342d3234203d3e20323132333335.roa
File:                     322e35392e35392e302f32342d3234203d3e20323132333335.roa (raw, json)
Hash identifier:          a9UpIhaASJqGlnIFEMOvca6GoRYpPDCkKAqi3NLno5I=
Subject key identifier:   30:1F:73:E6:36:48:CF:6C:6C:06:5F:17:0E:59:0A:8E:52:26:4F:BA
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       2E64A8C4EFB0193CBC4F8886702A0C3031830232
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35392e302f32342d3234203d3e20323132333335.roa
Signing time:             Wed 21 Feb 2024 19:05:12 +0000
ROA not before:           Wed 21 Feb 2024 19:00:12 +0000
ROA not after:            Wed 19 Feb 2025 19:05:12 +0000
asID:                     212335
IP address blocks:        2.59.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:64:a8:c4:ef:b0:19:3c:bc:4f:88:86:70:2a:0c:30:31:83:02:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:12 2024 GMT
            Not After : Feb 19 19:05:12 2025 GMT
        Subject: CN=301F73E63648CF6C6C065F170E590A8E52264FBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:16:dc:d1:05:d3:8d:98:3c:7d:2e:6d:b4:09:
                    3f:dc:2c:23:b3:01:9b:cc:40:74:20:d1:b8:d9:be:
                    56:80:e1:56:69:4f:a1:e2:b3:9d:0a:16:97:23:f3:
                    42:de:c6:0e:83:80:7f:df:82:dd:9b:ec:b1:f6:fb:
                    52:7e:27:8a:b1:c6:e5:05:7c:64:e0:dc:c2:6e:37:
                    3c:e3:9e:c0:25:41:e6:d8:4f:d1:c1:e2:4e:91:d3:
                    aa:16:38:9a:3c:b7:01:cc:ce:03:e9:b8:64:0c:6f:
                    d7:3e:7b:84:71:4f:1c:89:a0:61:97:38:30:f2:b4:
                    8b:91:e4:72:6f:04:ca:1b:c7:57:fd:89:fa:d6:04:
                    da:86:ff:62:4d:d9:35:19:08:bd:4b:f9:d4:e7:39:
                    d8:b2:97:35:21:37:35:db:6f:72:fe:e3:d7:5d:91:
                    99:b9:a9:33:a3:98:73:aa:12:14:25:2e:45:70:c0:
                    d9:ab:52:80:53:ac:6f:c0:df:ce:50:1f:24:46:20:
                    d3:02:4d:88:8b:f5:94:71:98:27:81:78:23:b5:db:
                    74:59:ff:07:f2:7b:a4:72:2b:32:4a:8f:f2:1e:ca:
                    14:64:71:23:d7:f9:02:52:b3:e5:59:60:4f:99:18:
                    b4:3e:fe:ba:19:6b:e5:91:8e:8f:aa:88:78:5d:81:
                    6d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1F:73:E6:36:48:CF:6C:6C:06:5F:17:0E:59:0A:8E:52:26:4F:BA
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35392e302f32342d3234203d3e20323132333335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:8f:c8:80:b5:fe:8d:0e:e2:73:c9:ff:ef:a4:48:92:c9:fc:
         78:69:e2:f8:a3:1a:4c:c4:dc:2d:6d:e7:42:80:5f:7f:8a:af:
         61:6a:85:30:88:7d:9e:f7:07:92:11:b7:e4:8e:61:43:6a:bc:
         43:45:dd:76:a4:f5:79:d7:da:b6:35:a1:67:fd:44:d5:47:af:
         34:d1:87:03:7f:13:34:d3:61:f3:bd:4a:54:b8:78:54:f5:22:
         53:33:69:f1:6a:a7:b3:db:17:6d:8c:8e:55:ec:42:fa:f0:e8:
         74:3c:0c:e9:fc:99:e4:7a:16:d9:02:da:79:29:00:bd:20:3a:
         05:36:3b:a6:be:f1:7b:5a:4c:4e:41:86:82:6e:73:36:ca:01:
         18:0f:58:b8:c3:d1:25:40:e0:39:ed:bf:05:15:a3:85:69:18:
         54:43:b9:f3:a7:2b:0e:23:6e:99:f8:0e:e7:72:c5:3a:84:3c:
         46:fe:95:65:5f:e7:cd:08:06:25:fc:a6:92:5d:24:b3:ad:81:
         54:40:f3:d3:0a:18:36:2e:42:d1:3f:aa:e1:2f:85:56:93:25:
         14:c5:9c:15:62:d2:98:ea:22:4c:48:2e:5e:fd:46:d0:c9:0c:
         c6:bc:24:7c:45:34:3f:7e:2f:17:37:8b:ce:be:26:14:77:27:
         9c:4b:2c:cb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIULmSoxO+wGTy8T4iGcCoMMDGDAjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTJaFw0yNTAyMTkxOTA1MTJaMDMxMTAvBgNV
BAMTKDMwMUY3M0U2MzY0OENGNkM2QzA2NUYxNzBFNTkwQThFNTIyNjRGQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXFtzRBdONmDx9Lm20CT/cLCOz
AZvMQHQg0bjZvlaA4VZpT6His50KFpcj80Lexg6DgH/fgt2b7LH2+1J+J4qxxuUF
fGTg3MJuNzzjnsAlQebYT9HB4k6R06oWOJo8twHMzgPpuGQMb9c+e4RxTxyJoGGX
ODDytIuR5HJvBMobx1f9ifrWBNqG/2JN2TUZCL1L+dTnOdiylzUhNzXbb3L+49dd
kZm5qTOjmHOqEhQlLkVwwNmrUoBTrG/A385QHyRGINMCTYiL9ZRxmCeBeCO123RZ
/wfye6RyKzJKj/IeyhRkcSPX+QJSs+VZYE+ZGLQ+/roZa+WRjo+qiHhdgW2pAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMB9z5jZIz2xsBl8XDlkKjlImT7owHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMzMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzsw
DQYJKoZIhvcNAQELBQADggEBAMOPyIC1/o0O4nPJ/++kSJLJ/Hhp4vijGkzE3C1t
50KAX3+Kr2FqhTCIfZ73B5IRt+SOYUNqvENF3Xak9XnX2rY1oWf9RNVHrzTRhwN/
EzTTYfO9SlS4eFT1IlMzafFqp7PbF22MjlXsQvrw6HQ8DOn8meR6FtkC2nkpAL0g
OgU2O6a+8XtaTE5BhoJuczbKARgPWLjD0SVA4DntvwUVo4VpGFRDufOnKw4jbpn4
DudyxTqEPEb+lWVf580IBiX8ppJdJLOtgVRA89MKGDYuQtE/quEvhVaTJRTFnBVi
0pjqIkxILl79RtDJDMa8JHxFND9+Lxc3i86+JhR3J5xLLMs=
-----END CERTIFICATE-----