Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35392e302f32342d3234203d3e20323132333834.roa
File:                     322e35392e35392e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier:          fuURrzqxY1u4t47Eg7nOyj530LSm0WlGvGadA4iNyvE=
Subject key identifier:   5A:3A:65:65:60:64:2C:1A:97:10:D7:02:1A:A4:9D:47:FA:2C:11:06
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       13B9B46A93B1F0876C1A65FABF32B131BE9F0DC0
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35392e302f32342d3234203d3e20323132333834.roa
Signing time:             Wed 11 Sep 2024 13:05:20 +0000
ROA not before:           Wed 11 Sep 2024 13:00:20 +0000
ROA not after:            Wed 10 Sep 2025 13:05:20 +0000
asID:                     212384
IP address blocks:        2.59.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:b9:b4:6a:93:b1:f0:87:6c:1a:65:fa:bf:32:b1:31:be:9f:0d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Sep 11 13:00:20 2024 GMT
            Not After : Sep 10 13:05:20 2025 GMT
        Subject: CN=5A3A656560642C1A9710D7021AA49D47FA2C1106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:23:5d:0b:ed:22:4a:ee:3b:f2:9d:4f:e2:ab:
                    11:03:23:7f:b5:03:56:43:f4:eb:9d:19:2d:8a:4e:
                    d4:88:bb:6e:10:9f:db:2a:ec:ab:b7:2a:60:39:04:
                    09:55:79:86:6d:ca:c6:ff:12:95:d0:e1:18:01:51:
                    de:97:d1:01:4b:61:62:5f:04:3b:55:69:39:5b:1e:
                    c2:8f:f3:b7:be:db:dc:c1:8c:a3:8d:e4:cc:06:9d:
                    d0:a7:cc:b5:c8:95:ea:83:82:08:3a:d7:e1:75:2e:
                    7d:20:23:eb:95:07:03:f8:db:f3:68:27:9c:ab:ed:
                    3c:f1:a3:6a:02:ee:ff:ba:57:f6:90:3a:98:90:eb:
                    32:6f:56:2c:2c:d6:e5:9a:a5:aa:8d:41:c5:d3:cc:
                    7e:fa:35:b2:65:a0:04:4f:7f:ae:6e:f6:4e:30:e9:
                    d6:7e:57:5d:46:3a:f0:b7:3d:06:77:d4:f0:cb:1f:
                    c0:e0:5a:13:5a:b7:5d:ac:4b:57:2e:0f:ad:b1:60:
                    01:e4:08:98:01:57:78:41:67:07:a7:e7:07:6b:9d:
                    49:ee:74:7c:79:8d:3d:35:de:b6:bf:a7:5a:3f:92:
                    b2:83:08:d7:81:c2:d8:32:7d:76:66:84:c3:17:cf:
                    8b:f5:a5:40:a4:45:d7:88:17:e1:84:3c:27:4d:37:
                    cd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:3A:65:65:60:64:2C:1A:97:10:D7:02:1A:A4:9D:47:FA:2C:11:06
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35392e35392e302f32342d3234203d3e20323132333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:49:60:0f:8b:9c:33:0c:ae:1b:01:e2:5e:ec:83:d3:59:91:
         9f:ce:31:6b:de:9f:3c:80:41:d8:4c:fd:96:03:0c:26:49:02:
         5c:a3:0b:e0:34:93:57:12:aa:3d:60:b9:2c:88:0b:b1:00:d9:
         b3:0b:28:5d:67:8a:11:83:1f:22:f8:8e:23:c0:af:b5:0d:b7:
         5d:7f:ee:a9:d2:60:ac:2a:89:27:37:91:87:89:74:28:df:2f:
         2a:e0:79:5f:36:db:d0:13:7a:97:43:9c:5b:f0:7b:03:c0:4b:
         3a:19:e7:b1:f8:93:d3:f5:11:9c:71:e5:6b:bc:5a:2e:8b:a9:
         5a:63:0d:e1:7d:da:3a:a9:1b:c1:38:ea:1f:e0:be:02:7b:27:
         f3:84:e5:e7:48:73:71:59:7b:d1:fc:f5:14:96:04:f6:d1:a6:
         51:36:d3:c5:64:52:8d:59:78:8a:9b:5f:b0:dd:2f:f1:cb:1e:
         12:38:00:c4:77:4e:ae:04:55:a7:4a:7f:6e:15:24:25:ad:6b:
         c0:8c:53:be:65:4d:07:71:38:bd:71:b1:a4:7d:50:00:62:9d:
         a7:34:ea:a2:a6:c1:71:a0:08:ca:58:6c:44:21:3f:31:bd:e1:
         2a:a2:8a:70:03:f2:56:21:30:91:f5:fb:36:4c:6a:1d:11:cb:
         85:bd:81:08
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUE7m0apOx8IdsGmX6vzKxMb6fDcAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA5MTExMzAwMjBaFw0yNTA5MTAxMzA1MjBaMDMxMTAvBgNV
BAMTKDVBM0E2NTY1NjA2NDJDMUE5NzEwRDcwMjFBQTQ5RDQ3RkEyQzExMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsI10L7SJK7jvynU/iqxEDI3+1
A1ZD9OudGS2KTtSIu24Qn9sq7Ku3KmA5BAlVeYZtysb/EpXQ4RgBUd6X0QFLYWJf
BDtVaTlbHsKP87e+29zBjKON5MwGndCnzLXIleqDggg61+F1Ln0gI+uVBwP42/No
J5yr7Tzxo2oC7v+6V/aQOpiQ6zJvViws1uWapaqNQcXTzH76NbJloARPf65u9k4w
6dZ+V11GOvC3PQZ31PDLH8DgWhNat12sS1cuD62xYAHkCJgBV3hBZwen5wdrnUnu
dHx5jT013ra/p1o/krKDCNeBwtgyfXZmhMMXz4v1pUCkRdeIF+GEPCdNN80XAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUWjplZWBkLBqXENcCGqSdR/osEQYwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzkyZTM1MzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMzM4MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOzsw
DQYJKoZIhvcNAQELBQADggEBAEZJYA+LnDMMrhsB4l7sg9NZkZ/OMWvenzyAQdhM
/ZYDDCZJAlyjC+A0k1cSqj1guSyIC7EA2bMLKF1nihGDHyL4jiPAr7UNt11/7qnS
YKwqiSc3kYeJdCjfLyrgeV8229ATepdDnFvwewPASzoZ57H4k9P1EZxx5Wu8Wi6L
qVpjDeF92jqpG8E46h/gvgJ7J/OE5edIc3FZe9H89RSWBPbRplE208VkUo1ZeIqb
X7DdL/HLHhI4AMR3Tq4EVadKf24VJCWta8CMU75lTQdxOL1xsaR9UABinac06qKm
wXGgCMpYbEQhPzG94SqiinAD8lYhMJH1+zZMah0Ry4W9gQg=
-----END CERTIFICATE-----