Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35362e37322e302f32322d3234203d3e20333936333139.roa
File:                     322e35362e37322e302f32322d3234203d3e20333936333139.roa (raw, json)
Hash identifier:          cRC24jYTCqQ+ZYyVOZ9qKyi84M/ur9yKX3+tis7reio=
Subject key identifier:   10:A0:C4:85:08:3E:2D:47:5A:0E:B0:AD:1F:32:E3:B7:26:F0:71:6F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       159AFA395FCF769BF9F0622F75E3DAA2D7D4A6F4
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35362e37322e302f32322d3234203d3e20333936333139.roa
Signing time:             Mon 27 Jan 2025 09:44:46 +0000
ROA not before:           Mon 27 Jan 2025 09:39:46 +0000
ROA not after:            Mon 26 Jan 2026 09:44:46 +0000
asID:                     396319
IP address blocks:        2.56.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:9a:fa:39:5f:cf:76:9b:f9:f0:62:2f:75:e3:da:a2:d7:d4:a6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:46 2025 GMT
            Not After : Jan 26 09:44:46 2026 GMT
        Subject: CN=10A0C485083E2D475A0EB0AD1F32E3B726F0716F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:3e:b9:d4:ff:ab:f1:95:76:17:06:63:1f:9f:
                    48:b3:27:cd:ad:5e:3e:ec:99:6c:21:06:76:a3:67:
                    6b:3d:a7:9e:b7:4a:3b:3d:39:b5:94:d6:15:f3:62:
                    03:42:90:5e:8e:15:95:bd:18:b7:97:d2:9e:72:87:
                    30:66:c7:6c:23:07:ef:1d:89:24:67:fd:b7:1d:4d:
                    2c:64:b7:65:37:9d:d2:0b:8d:81:22:84:a5:de:dd:
                    f4:fb:26:68:9b:e1:a6:ff:e3:28:5e:9e:e8:57:ae:
                    fd:17:4d:64:b4:ec:f6:00:6c:1a:c2:63:a7:a0:1e:
                    46:98:1a:f1:50:5c:34:1d:ac:63:e8:0f:8c:ac:95:
                    3a:af:10:13:68:c9:3f:4e:fc:87:d1:0d:23:39:eb:
                    d5:7e:d4:e8:31:1d:c0:c8:07:6d:83:23:e9:cc:62:
                    12:dd:4a:44:10:55:24:c3:46:22:41:e8:1d:46:23:
                    e2:e4:1c:da:3e:ca:a4:46:2b:37:50:43:f6:4a:e0:
                    10:35:79:fb:ae:46:6e:58:d6:97:99:b7:a7:d4:b1:
                    85:d0:8a:c3:37:f5:99:39:8b:e5:97:d1:dd:5f:5d:
                    09:f0:84:94:a9:1a:0b:ef:1c:f1:4f:bc:c2:45:fc:
                    87:f6:1c:c0:21:b8:70:d0:e3:d4:9d:03:ce:bc:f7:
                    49:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:A0:C4:85:08:3E:2D:47:5A:0E:B0:AD:1F:32:E3:B7:26:F0:71:6F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35362e37322e302f32322d3234203d3e20333936333139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:ff:20:0e:3d:40:04:04:96:00:fd:5e:be:8e:80:ee:bd:e9:
         4d:44:09:ef:5c:b4:de:6b:7b:19:86:0f:16:c2:7f:55:f9:47:
         de:02:79:7d:a0:39:7c:bf:46:0e:ae:75:24:72:ef:f5:8b:bf:
         5f:67:5d:41:fc:3d:4e:f7:c3:57:8b:77:9e:58:07:b8:ca:c0:
         0d:13:9c:2a:63:92:c5:6e:45:7d:86:52:63:29:81:5b:8b:e3:
         b4:0c:54:8a:0a:a6:45:80:68:5c:40:40:d9:f7:08:39:06:5e:
         b3:67:bd:94:00:78:ce:4d:5e:2b:28:e8:db:62:6b:23:06:53:
         07:bd:bd:88:73:49:35:35:8f:a5:4d:a5:5f:a8:70:e6:61:e1:
         18:d7:90:3b:8f:05:8a:54:e6:13:ee:af:87:9b:28:6f:2b:08:
         0a:da:83:1c:fc:1c:8f:f1:03:a3:c4:ca:c4:4c:02:b9:5d:ce:
         9e:ca:91:ce:72:ad:03:a3:e7:60:d4:6f:15:b1:3a:1b:32:24:
         88:d6:1d:c7:a8:89:68:d5:27:5d:fe:14:76:0a:d1:e5:b4:5b:
         22:6d:93:f9:41:6e:dd:25:e7:c1:76:f7:5d:52:cc:a5:f7:65:
         3d:96:22:1b:a4:34:97:c3:5e:ab:52:34:a9:ce:9d:2a:21:6e:
         b9:94:97:e7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFZr6OV/Pdpv58GIvdePaotfUpvQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDZaFw0yNjAxMjYwOTQ0NDZaMDMxMTAvBgNV
BAMTKDEwQTBDNDg1MDgzRTJENDc1QTBFQjBBRDFGMzJFM0I3MjZGMDcxNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaPrnU/6vxlXYXBmMfn0izJ82t
Xj7smWwhBnajZ2s9p563Sjs9ObWU1hXzYgNCkF6OFZW9GLeX0p5yhzBmx2wjB+8d
iSRn/bcdTSxkt2U3ndILjYEihKXe3fT7Jmib4ab/4yhenuhXrv0XTWS07PYAbBrC
Y6egHkaYGvFQXDQdrGPoD4yslTqvEBNoyT9O/IfRDSM569V+1OgxHcDIB22DI+nM
YhLdSkQQVSTDRiJB6B1GI+LkHNo+yqRGKzdQQ/ZK4BA1efuuRm5Y1peZt6fUsYXQ
isM39Zk5i+WX0d1fXQnwhJSpGgvvHPFPvMJF/If2HMAhuHDQ49SdA86890kHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEKDEhQg+LUdaDrCtHzLjtybwcW8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzIyZTM1MzYyZTM3MzIyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzMzM5MzYzMzMxMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAICOEgw
DQYJKoZIhvcNAQELBQADggEBAAP/IA49QAQElgD9Xr6OgO696U1ECe9ctN5rexmG
DxbCf1X5R94CeX2gOXy/Rg6udSRy7/WLv19nXUH8PU73w1eLd55YB7jKwA0TnCpj
ksVuRX2GUmMpgVuL47QMVIoKpkWAaFxAQNn3CDkGXrNnvZQAeM5NXiso6NtiayMG
Uwe9vYhzSTU1j6VNpV+ocOZh4RjXkDuPBYpU5hPur4ebKG8rCAragxz8HI/xA6PE
ysRMArldzp7Kkc5yrQOj52DUbxWxOhsyJIjWHceoiWjVJ13+FHYK0eW0WyJtk/lB
bt0l58F2911SzKX3ZT2WIhukNJfDXqtSNKnOnSohbrmUl+c=
-----END CERTIFICATE-----