Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3134382e302f32332d3234203d3e20343030383636.roa
File:                     322e35392e3134382e302f32332d3234203d3e20343030383636.roa (raw, json)
Hash identifier:          Zh5FSlR3Z7PiKhIKxws+vI3NL1637/BO3TcKJUJPh5A=
Subject key identifier:   B2:DE:D4:86:72:5E:4D:84:74:85:57:28:D1:86:9D:6A:3B:53:F7:43
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       03087EFABA9C0E40E91EF719EDF6F632EAF91727
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3134382e302f32332d3234203d3e20343030383636.roa
Signing time:             Fri 12 Jul 2024 16:23:56 +0000
ROA not before:           Fri 12 Jul 2024 16:18:56 +0000
ROA not after:            Fri 11 Jul 2025 16:23:56 +0000
asID:                     400866
IP address blocks:        2.59.148.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:08:7e:fa:ba:9c:0e:40:e9:1e:f7:19:ed:f6:f6:32:ea:f9:17:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 12 16:18:56 2024 GMT
            Not After : Jul 11 16:23:56 2025 GMT
        Subject: CN=B2DED486725E4D8474855728D1869D6A3B53F743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:30:e2:79:47:59:68:8a:33:87:b0:33:0d:25:
                    2b:98:78:7b:1d:e9:f5:41:18:b8:1a:7a:ff:33:15:
                    26:b9:cb:a4:03:fc:56:79:92:24:83:e4:ea:26:1d:
                    d1:97:2b:26:9f:8b:7c:ef:82:46:64:b9:ce:48:56:
                    3e:da:1a:a1:79:4f:08:de:37:4b:34:00:74:52:46:
                    cc:35:7a:18:d1:ef:88:37:ba:81:0f:4a:d4:89:e1:
                    a5:62:f2:cb:f3:0e:9e:95:5e:77:51:81:bf:ec:e7:
                    3d:9f:d9:fb:11:78:71:b6:35:60:5c:af:af:0c:9e:
                    a8:a2:7a:7d:65:85:bc:de:b0:6b:f6:25:d2:f0:b5:
                    42:cb:8d:fb:24:ed:51:c8:58:a0:f7:6c:bb:06:2f:
                    e1:26:d9:5a:00:97:23:e3:fe:34:dd:b0:f6:15:02:
                    84:61:c2:db:9b:f2:81:e3:2d:f6:2a:cf:21:a2:e2:
                    01:37:4e:28:64:78:8a:3f:64:f1:f4:be:e3:4e:8c:
                    30:9b:c5:87:64:19:9c:2f:f1:23:1e:42:84:34:c4:
                    bd:42:c8:d3:e5:32:7e:69:7f:86:0e:ba:45:d9:d4:
                    31:a0:e1:40:7c:ba:74:06:a6:01:48:9d:2c:9e:07:
                    4c:cd:99:5b:7f:b1:d5:6c:4c:95:58:bf:c4:54:33:
                    85:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:DE:D4:86:72:5E:4D:84:74:85:57:28:D1:86:9D:6A:3B:53:F7:43
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3134382e302f32332d3234203d3e20343030383636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:c6:f3:ab:35:3c:dc:4b:ae:75:c5:15:ac:b5:28:cf:f3:2d:
         8d:b3:0b:a1:85:cb:86:5b:d6:03:0c:5e:d2:81:5e:e0:9f:91:
         2f:08:a7:84:bd:d0:5e:25:01:87:9c:3b:75:10:02:d5:76:cb:
         0e:99:47:0c:ed:9f:05:c6:70:f8:61:52:15:54:d5:ed:d3:b5:
         6e:d7:c9:ed:81:d3:82:90:7b:59:29:03:57:ac:07:c0:36:53:
         50:21:47:ce:3a:71:a6:85:f3:ae:f2:39:d9:88:25:7e:48:fc:
         6b:c3:51:a5:81:29:31:0a:db:c1:d4:92:d0:61:a6:9f:86:26:
         35:e0:e0:0d:55:3f:57:d8:92:68:1e:2d:fb:95:b7:ae:04:d8:
         e5:82:56:a0:77:ac:ad:a5:a5:2d:4e:9b:3d:0d:02:8e:82:57:
         ad:02:a0:c1:6d:89:a7:65:f3:bd:07:39:9c:01:4b:ce:ba:03:
         f2:65:46:99:e1:98:eb:80:51:4a:0d:a8:1b:73:f4:27:ab:c9:
         25:51:30:89:c1:92:05:5c:b4:1e:c2:ef:d1:88:b6:ff:8d:5c:
         e6:6b:dc:c0:6e:a9:f2:af:34:cd:37:d7:a3:ce:b4:f1:18:90:
         b8:c9:8b:cd:60:46:22:a8:47:0b:ea:1f:fc:9e:e8:3a:28:3f:
         d9:20:03:ba
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAwh++rqcDkDpHvcZ7fb2Mur5FycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTIxNjE4NTZaFw0yNTA3MTExNjIzNTZaMDMxMTAvBgNV
BAMTKEIyREVENDg2NzI1RTREODQ3NDg1NTcyOEQxODY5RDZBM0I1M0Y3NDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEMOJ5R1loijOHsDMNJSuYeHsd
6fVBGLgaev8zFSa5y6QD/FZ5kiSD5OomHdGXKyafi3zvgkZkuc5IVj7aGqF5Twje
N0s0AHRSRsw1ehjR74g3uoEPStSJ4aVi8svzDp6VXndRgb/s5z2f2fsReHG2NWBc
r68Mnqiien1lhbzesGv2JdLwtULLjfsk7VHIWKD3bLsGL+Em2VoAlyPj/jTdsPYV
AoRhwtub8oHjLfYqzyGi4gE3TihkeIo/ZPH0vuNOjDCbxYdkGZwv8SMeQoQ0xL1C
yNPlMn5pf4YOukXZ1DGg4UB8unQGpgFInSyeB0zNmVt/sdVsTJVYv8RUM4UvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUst7UhnJeTYR0hVco0YadajtT90MwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIyZTM1MzkyZTMxMzQzODJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzAzMDM4MzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQI7
lDANBgkqhkiG9w0BAQsFAAOCAQEAYMbzqzU83EuudcUVrLUoz/MtjbMLoYXLhlvW
Awxe0oFe4J+RLwinhL3QXiUBh5w7dRAC1XbLDplHDO2fBcZw+GFSFVTV7dO1btfJ
7YHTgpB7WSkDV6wHwDZTUCFHzjpxpoXzrvI52Yglfkj8a8NRpYEpMQrbwdSS0GGm
n4YmNeDgDVU/V9iSaB4t+5W3rgTY5YJWoHesraWlLU6bPQ0CjoJXrQKgwW2Jp2Xz
vQc5nAFLzroD8mVGmeGY64BRSg2oG3P0J6vJJVEwicGSBVy0HsLv0Yi2/41c5mvc
wG6p8q80zTfXo8608RiQuMmLzWBGIqhHC+of/J7oOig/2SADug==
-----END CERTIFICATE-----