Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35362e37322e302f32322d3234203d3e20333936333139.roa
File:                     322e35362e37322e302f32322d3234203d3e20333936333139.roa (raw, json)
Hash identifier:          wkWjMUcoDcyHG38a/dCPq0LlR7ZPL+ES4IrIMIKG64o=
Subject key identifier:   2A:1E:68:27:F0:3A:A6:90:12:40:D6:ED:81:64:61:06:7B:EE:D9:BA
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       194707E9D215FCC4F059A1F81680AFA666E86C27
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35362e37322e302f32322d3234203d3e20333936333139.roa
Signing time:             Mon 26 Feb 2024 08:52:42 +0000
ROA not before:           Mon 26 Feb 2024 08:47:42 +0000
ROA not after:            Mon 24 Feb 2025 08:52:42 +0000
asID:                     396319
IP address blocks:        2.56.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:47:07:e9:d2:15:fc:c4:f0:59:a1:f8:16:80:af:a6:66:e8:6c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:42 2024 GMT
            Not After : Feb 24 08:52:42 2025 GMT
        Subject: CN=2A1E6827F03AA6901240D6ED816461067BEED9BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:d5:80:60:5b:4d:ec:d2:cc:c5:c4:c1:a5:b0:
                    2b:a2:3b:dc:23:aa:34:06:d7:c5:dd:e4:7e:79:3a:
                    83:9c:58:7c:20:91:b3:82:a6:94:ab:d4:d5:aa:91:
                    5b:b7:68:35:8b:07:22:ac:98:3d:58:e0:14:12:99:
                    1f:b3:76:f9:85:0a:1b:2d:6e:aa:39:03:24:50:00:
                    4d:c3:40:f6:16:87:f0:f6:9a:80:cf:79:22:66:11:
                    15:3d:14:83:29:d9:ac:da:45:81:ca:ab:b4:b7:a1:
                    7c:98:85:41:d1:09:9e:ad:e9:71:38:eb:08:82:16:
                    67:87:db:8d:68:f4:92:38:7d:de:cc:37:df:42:63:
                    c0:47:1a:d8:91:56:2b:22:1f:28:c7:15:f7:83:92:
                    06:8d:45:51:3b:ff:7b:91:ae:1a:5c:ad:b6:e6:6d:
                    fa:8c:fb:b7:f2:57:5a:8c:d3:5d:b5:09:f7:04:c7:
                    c0:b5:45:b0:61:0a:85:57:d6:20:0b:31:e0:3a:ef:
                    d0:53:9a:57:e7:34:ef:1b:5b:6d:5f:ee:ea:b7:9e:
                    bf:f9:8a:71:73:d4:eb:39:f6:9a:a0:d9:4e:8d:a8:
                    a8:c5:d4:04:80:70:b0:5b:2a:ae:f8:a6:b7:39:08:
                    e2:3a:13:b0:df:99:e7:93:91:f3:99:e0:2b:c2:3e:
                    5f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:1E:68:27:F0:3A:A6:90:12:40:D6:ED:81:64:61:06:7B:EE:D9:BA
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35362e37322e302f32322d3234203d3e20333936333139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:31:fa:df:de:0f:de:7f:bc:e8:a4:69:53:64:ee:46:9c:34:
         29:dd:c7:21:c7:49:ab:9e:92:e6:58:b3:4d:53:a1:26:95:34:
         01:b5:98:e2:4d:78:f8:01:84:66:96:56:e2:48:49:fc:dc:f3:
         ed:5b:60:5d:1f:a9:45:cf:dc:8c:eb:50:c4:90:02:cf:89:11:
         fd:e6:74:e9:9e:e7:8d:dd:59:32:c5:c3:74:d0:76:d3:26:6e:
         fd:11:b4:2f:d2:04:8a:d3:a5:92:6b:65:b8:e9:83:65:5a:23:
         cb:f3:90:91:52:97:13:b9:85:42:1f:14:f8:0f:66:ec:40:70:
         6c:3c:00:f5:58:57:57:80:19:98:a7:f9:8c:ea:d2:c7:0e:ae:
         b3:e2:b2:04:f2:d8:b0:35:5f:56:c4:6f:9f:d0:95:ee:83:aa:
         34:ac:9d:3f:fe:ed:6a:42:87:7a:3f:1e:ac:79:fc:6e:3c:8d:
         98:ab:71:18:bf:6b:51:cf:2e:ef:a2:54:63:aa:96:ec:a9:c0:
         c5:d1:85:72:c7:14:d4:9e:5e:95:cb:7f:27:45:73:bd:ac:33:
         52:4f:8b:ef:2d:47:66:76:de:fd:47:40:da:91:21:97:28:f7:
         73:e8:7b:22:6f:df:12:2a:25:fe:60:04:b9:7f:5c:c4:ed:68:
         f7:51:6a:b4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGUcH6dIV/MTwWaH4FoCvpmbobCcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDJaFw0yNTAyMjQwODUyNDJaMDMxMTAvBgNV
BAMTKDJBMUU2ODI3RjAzQUE2OTAxMjQwRDZFRDgxNjQ2MTA2N0JFRUQ5QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD51YBgW03s0szFxMGlsCuiO9wj
qjQG18Xd5H55OoOcWHwgkbOCppSr1NWqkVu3aDWLByKsmD1Y4BQSmR+zdvmFChst
bqo5AyRQAE3DQPYWh/D2moDPeSJmERU9FIMp2azaRYHKq7S3oXyYhUHRCZ6t6XE4
6wiCFmeH241o9JI4fd7MN99CY8BHGtiRVisiHyjHFfeDkgaNRVE7/3uRrhpcrbbm
bfqM+7fyV1qM0121CfcEx8C1RbBhCoVX1iALMeA679BTmlfnNO8bW21f7uq3nr/5
inFz1Os59pqg2U6NqKjF1ASAcLBbKq74prc5COI6E7DfmeeTkfOZ4CvCPl+1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUKh5oJ/A6ppASQNbtgWRhBnvu2bowHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzIyZTM1MzYyZTM3MzIyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzMzM5MzYzMzMxMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAICOEgw
DQYJKoZIhvcNAQELBQADggEBACIx+t/eD95/vOikaVNk7kacNCndxyHHSauekuZY
s01ToSaVNAG1mOJNePgBhGaWVuJISfzc8+1bYF0fqUXP3IzrUMSQAs+JEf3mdOme
543dWTLFw3TQdtMmbv0RtC/SBIrTpZJrZbjpg2VaI8vzkJFSlxO5hUIfFPgPZuxA
cGw8APVYV1eAGZin+Yzq0scOrrPisgTy2LA1X1bEb5/Qle6DqjSsnT/+7WpCh3o/
Hqx5/G48jZircRi/a1HPLu+iVGOqluypwMXRhXLHFNSeXpXLfydFc72sM1JPi+8t
R2Z23v1HQNqRIZco93PoeyJv3xIqJf5gBLl/XMTtaPdRarQ=
-----END CERTIFICATE-----