Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35362e3235332e302f32342d3234203d3e20313336373837.roa
File:                     322e35362e3235332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          h/5IZwXWRNDnapnq6FFnU4nvOTB/9wusn3/YD/DlpdQ=
Subject key identifier:   F4:7A:41:0E:C6:2D:92:97:34:74:CA:BD:A7:EA:C1:9B:F4:5C:CC:17
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5AA067AFFC4BF74DEDD5D221E8C8DF7231506787
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35362e3235332e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 26 Jan 2024 19:02:54 +0000
ROA not before:           Fri 26 Jan 2024 18:57:54 +0000
ROA not after:            Fri 24 Jan 2025 19:02:54 +0000
asID:                     136787
IP address blocks:        2.56.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:a0:67:af:fc:4b:f7:4d:ed:d5:d2:21:e8:c8:df:72:31:50:67:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 18:57:54 2024 GMT
            Not After : Jan 24 19:02:54 2025 GMT
        Subject: CN=F47A410EC62D92973474CABDA7EAC19BF45CCC17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:aa:09:ba:a0:16:b1:79:8b:8a:6b:34:0a:d6:
                    ff:16:b4:26:5d:82:95:ce:a8:b6:89:b3:ed:2f:f5:
                    90:45:e1:b2:1e:e8:d0:df:92:56:b9:d3:46:45:42:
                    5b:af:02:07:ad:8b:d9:d2:c8:57:7b:96:f5:29:f5:
                    a3:f9:9c:aa:6c:ee:ec:21:b0:92:31:3d:ff:29:6c:
                    3b:30:16:11:6d:49:31:03:e5:6f:4b:e0:cc:29:37:
                    e3:8f:69:5b:a6:8a:57:ed:28:2e:88:e8:97:5b:92:
                    04:ee:df:1c:67:b3:a4:13:e8:24:03:c3:d6:68:29:
                    9e:f8:83:45:fe:3b:c7:f3:ea:4b:df:e5:86:3c:9b:
                    2e:df:cf:39:c3:f5:49:4c:ea:62:2a:01:a0:19:07:
                    a8:05:28:8f:81:eb:60:f9:2a:5e:fd:a4:d7:94:c7:
                    4f:af:f9:99:99:6a:1d:26:95:c9:cf:83:65:f7:1f:
                    86:da:b3:f1:78:08:c1:a5:05:ba:cf:00:17:df:a2:
                    79:50:25:0e:8c:fb:87:b2:a7:c5:ff:dd:02:84:6a:
                    7a:e8:4f:08:d1:b8:95:48:ac:df:c0:cd:e0:b1:0d:
                    46:94:51:cd:1d:2e:f2:7d:92:09:83:8b:28:2c:c7:
                    ad:28:25:25:b1:63:87:c3:e3:38:8a:2c:5c:94:fd:
                    55:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:7A:41:0E:C6:2D:92:97:34:74:CA:BD:A7:EA:C1:9B:F4:5C:CC:17
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35362e3235332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:c4:21:bf:43:01:f5:a6:1b:fb:19:2e:dc:2e:9e:56:ea:fb:
         be:a2:c6:4e:79:5b:b5:a7:5c:c2:79:0e:15:57:dc:28:0f:aa:
         b0:d0:4e:3f:72:b6:81:53:a3:77:d9:46:3b:b3:43:6d:73:c1:
         48:08:7f:40:f8:40:08:87:60:54:8d:05:4b:a4:d3:ed:1c:f6:
         f1:54:c0:c2:00:8e:ed:36:5d:a3:22:41:fa:a9:e1:0c:74:ed:
         42:70:e7:6a:b5:3e:dc:43:67:f9:d4:af:9c:68:23:34:64:d4:
         9c:44:28:e3:2c:83:71:4e:88:33:90:54:cd:43:11:fa:e4:f3:
         ae:5e:f1:cd:a8:7b:db:2d:a4:e0:7c:17:5f:83:00:11:1c:cd:
         25:3d:a6:11:f1:24:fb:fb:08:22:1e:dc:e5:2d:72:ab:20:b7:
         31:55:08:e2:f9:4d:57:6b:2e:e5:dd:53:c1:7e:aa:9f:6b:de:
         82:6f:82:6a:be:ff:a5:25:b3:32:08:3e:f4:66:b3:a0:6c:08:
         f6:69:2c:2e:c3:7a:5a:5a:fd:a9:79:fc:b0:0d:9c:26:80:66:
         c6:6a:be:0c:c9:ac:14:43:0c:96:43:ea:4f:82:97:70:ae:6d:
         ee:05:00:a8:3a:2b:ea:6c:1b:d3:2a:fd:cb:eb:10:6c:7d:2a:
         39:a3:fb:4e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWqBnr/xL903t1dIh6MjfcjFQZ4cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjYxODU3NTRaFw0yNTAxMjQxOTAyNTRaMDMxMTAvBgNV
BAMTKEY0N0E0MTBFQzYyRDkyOTczNDc0Q0FCREE3RUFDMTlCRjQ1Q0NDMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiqgm6oBaxeYuKazQK1v8WtCZd
gpXOqLaJs+0v9ZBF4bIe6NDfkla500ZFQluvAgeti9nSyFd7lvUp9aP5nKps7uwh
sJIxPf8pbDswFhFtSTED5W9L4MwpN+OPaVumilftKC6I6JdbkgTu3xxns6QT6CQD
w9ZoKZ74g0X+O8fz6kvf5YY8my7fzznD9UlM6mIqAaAZB6gFKI+B62D5Kl79pNeU
x0+v+ZmZah0mlcnPg2X3H4bas/F4CMGlBbrPABffonlQJQ6M+4eyp8X/3QKEanro
TwjRuJVIrN/AzeCxDUaUUc0dLvJ9kgmDiygsx60oJSWxY4fD4ziKLFyU/VV9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9HpBDsYtkpc0dMq9p+rBm/RczBcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIyZTM1MzYyZTMyMzUzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
/TANBgkqhkiG9w0BAQsFAAOCAQEAmcQhv0MB9aYb+xku3C6eVur7vqLGTnlbtadc
wnkOFVfcKA+qsNBOP3K2gVOjd9lGO7NDbXPBSAh/QPhACIdgVI0FS6TT7Rz28VTA
wgCO7TZdoyJB+qnhDHTtQnDnarU+3ENn+dSvnGgjNGTUnEQo4yyDcU6IM5BUzUMR
+uTzrl7xzah72y2k4HwXX4MAERzNJT2mEfEk+/sIIh7c5S1yqyC3MVUI4vlNV2su
5d1TwX6qn2vegm+Car7/pSWzMgg+9GazoGwI9mksLsN6Wlr9qXn8sA2cJoBmxmq+
DMmsFEMMlkPqT4KXcK5t7gUAqDor6mwb0yr9y+sQbH0qOaP7Tg==
-----END CERTIFICATE-----