Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135372e302f32342d3234203d3e20313431303339.roa
File:                     322e35392e3135372e302f32342d3234203d3e20313431303339.roa (raw, json)
Hash identifier:          B0WqNqq7l1mis4s8nGbuBuZHSJ73kDo6T/Ab5+KjRwc=
Subject key identifier:   41:5A:01:8D:B5:B3:98:DD:3C:E4:5F:95:4C:10:FC:86:7D:CB:63:05
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4B8F248AF2F15B72F7780CEFC9D21D626E86CFA6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135372e302f32342d3234203d3e20313431303339.roa
Signing time:             Wed 28 Aug 2024 14:04:44 +0000
ROA not before:           Wed 28 Aug 2024 13:59:44 +0000
ROA not after:            Wed 27 Aug 2025 14:04:44 +0000
asID:                     141039
IP address blocks:        2.59.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:8f:24:8a:f2:f1:5b:72:f7:78:0c:ef:c9:d2:1d:62:6e:86:cf:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 13:59:44 2024 GMT
            Not After : Aug 27 14:04:44 2025 GMT
        Subject: CN=415A018DB5B398DD3CE45F954C10FC867DCB6305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c6:fe:b4:1f:af:ba:ba:9b:9f:95:54:00:18:
                    48:19:20:bf:3e:73:1d:83:30:c2:30:d5:b2:39:71:
                    64:e9:45:4f:cb:90:84:db:f3:3e:16:99:46:37:fd:
                    94:6e:8c:55:ce:2a:2a:ba:10:65:da:21:e1:6a:2f:
                    3f:c2:86:b9:c2:d8:a0:63:e8:7e:a5:36:20:30:43:
                    07:2c:20:b3:9e:59:43:65:2d:02:00:63:4b:44:e7:
                    4e:ee:b4:2b:a3:08:b1:76:a8:53:d1:91:9f:24:1d:
                    3c:da:73:b0:91:b5:1e:25:62:9d:5c:d6:60:42:2e:
                    8a:6e:f3:bc:4e:d6:56:45:5d:05:94:30:74:44:cd:
                    6f:91:12:03:29:00:6a:40:5e:23:3d:77:64:86:97:
                    95:2a:3f:6d:e8:6c:1b:20:5c:22:5d:d0:61:a7:ef:
                    66:5d:75:da:0a:05:17:62:58:a7:6b:3a:71:f0:db:
                    2b:5b:44:94:e2:95:ed:de:fe:47:10:a9:d9:2f:6c:
                    03:74:92:e8:74:5f:ff:c5:f7:19:bc:85:25:fb:2e:
                    39:fc:68:4f:58:c6:79:33:d4:3c:15:70:43:f8:a5:
                    8e:e5:f2:43:e4:35:e2:63:02:f0:87:6b:92:86:38:
                    43:9e:7b:da:77:6b:66:43:70:79:89:7c:45:22:54:
                    c6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:5A:01:8D:B5:B3:98:DD:3C:E4:5F:95:4C:10:FC:86:7D:CB:63:05
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/322e35392e3135372e302f32342d3234203d3e20313431303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:98:1c:1e:eb:c2:21:8d:a2:9d:95:1b:40:7e:76:b4:a1:e9:
         cb:af:a7:ad:32:d3:2c:ba:df:5d:2d:06:1d:36:24:d1:54:05:
         64:32:f0:15:62:5d:67:80:c6:b9:89:89:d0:d4:e2:86:58:84:
         aa:d6:03:d1:b6:20:f3:fb:65:17:5f:e0:26:e6:e4:91:8d:f3:
         33:34:f0:ee:10:0e:ca:56:b6:85:97:d1:eb:be:d1:35:74:99:
         e4:0d:72:3b:46:d4:fd:8f:89:3c:66:38:28:09:e0:19:62:71:
         37:e1:33:bc:a6:7f:ae:f3:3f:ba:0a:33:63:d3:d8:43:3d:55:
         a4:58:d2:bf:40:6d:d3:51:9d:d8:42:3c:c0:a4:d8:2e:45:7a:
         87:13:f0:81:e0:37:5c:2e:70:c6:e1:91:c2:ee:53:b9:9c:33:
         db:1e:6d:48:7c:71:67:15:09:06:f6:d0:76:5e:ed:23:c3:90:
         82:b0:e2:73:b4:c2:d5:00:a0:d7:27:50:46:18:77:55:c1:d3:
         d0:e3:98:ed:56:0a:cf:fe:41:78:4c:59:43:46:e9:c7:c3:41:
         1c:9b:cb:89:b8:61:46:c9:49:98:64:90:16:cd:21:d3:eb:aa:
         6c:4d:9f:d9:71:ad:6e:c4:60:21:d8:d3:b8:20:e3:73:22:ca:
         71:56:b6:29
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUS48kivLxW3L3eAzvydIdYm6Gz6YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjgxMzU5NDRaFw0yNTA4MjcxNDA0NDRaMDMxMTAvBgNV
BAMTKDQxNUEwMThEQjVCMzk4REQzQ0U0NUY5NTRDMTBGQzg2N0RDQjYzMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwxv60H6+6upuflVQAGEgZIL8+
cx2DMMIw1bI5cWTpRU/LkITb8z4WmUY3/ZRujFXOKiq6EGXaIeFqLz/ChrnC2KBj
6H6lNiAwQwcsILOeWUNlLQIAY0tE507utCujCLF2qFPRkZ8kHTzac7CRtR4lYp1c
1mBCLopu87xO1lZFXQWUMHREzW+REgMpAGpAXiM9d2SGl5UqP23obBsgXCJd0GGn
72ZdddoKBRdiWKdrOnHw2ytbRJTile3e/kcQqdkvbAN0kuh0X//F9xm8hSX7Ljn8
aE9Yxnkz1DwVcEP4pY7l8kPkNeJjAvCHa5KGOEOee9p3a2ZDcHmJfEUiVMYxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQVoBjbWzmN085F+VTBD8hn3LYwUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIyZTM1MzkyZTMxMzUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzMTMwMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI7
nTANBgkqhkiG9w0BAQsFAAOCAQEAWpgcHuvCIY2inZUbQH52tKHpy6+nrTLTLLrf
XS0GHTYk0VQFZDLwFWJdZ4DGuYmJ0NTihliEqtYD0bYg8/tlF1/gJubkkY3zMzTw
7hAOyla2hZfR677RNXSZ5A1yO0bU/Y+JPGY4KAngGWJxN+EzvKZ/rvM/ugozY9PY
Qz1VpFjSv0Bt01Gd2EI8wKTYLkV6hxPwgeA3XC5wxuGRwu5TuZwz2x5tSHxxZxUJ
BvbQdl7tI8OQgrDic7TC1QCg1ydQRhh3VcHT0OOY7VYKz/5BeExZQ0bpx8NBHJvL
ibhhRslJmGSQFs0h0+uqbE2f2XGtbsRgIdjTuCDjcyLKcVa2KQ==
-----END CERTIFICATE-----