Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e203633303233.roa
File:                     322e35382e38362e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          waF6qA6R1w7kBLXKGoxlVi2r5v8Kr+slBxOo/BnKxi0=
Subject key identifier:   F7:A4:82:20:8D:43:40:7C:3D:5F:0E:16:E9:EA:DE:F3:73:95:32:6C
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       7FCE64CCD4999C467DDB08B42D2643DB115B9187
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e203633303233.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     63023
IP address blocks:        2.58.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:ce:64:cc:d4:99:9c:46:7d:db:08:b4:2d:26:43:db:11:5b:91:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=F7A482208D43407C3D5F0E16E9EADEF37395326C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:67:68:d2:43:3c:af:46:60:73:e1:78:4f:80:
                    a8:38:a6:48:d9:b9:54:36:da:4e:7f:96:1a:c6:79:
                    e7:86:68:1a:66:a2:bd:b4:50:23:4f:b5:6c:86:2a:
                    00:01:4a:3c:39:6c:5e:0e:c1:a2:6c:56:2e:5e:42:
                    a9:7d:51:5d:bd:e0:cb:0f:aa:ed:2e:da:5b:6a:fd:
                    95:6b:32:f5:44:6e:41:33:60:d6:12:ae:79:07:21:
                    9f:65:59:04:68:b8:e9:73:8d:2a:aa:16:f3:75:c4:
                    56:3d:79:78:bd:48:b1:fc:66:3a:0a:f1:fc:f1:9f:
                    d2:7c:46:4e:bb:d6:84:19:0d:85:81:be:76:e2:18:
                    00:a6:40:e9:4a:c9:7d:cb:81:a1:2d:99:b7:22:32:
                    a4:a4:b5:4f:c3:7b:2c:70:b1:ca:35:54:6e:e0:af:
                    e4:08:a3:bb:55:e0:b0:5e:83:96:f2:e9:95:16:3a:
                    24:c5:c6:8b:53:f6:a1:5d:5a:17:1d:cf:14:ed:90:
                    f5:76:3c:d0:29:e4:16:93:65:5c:d1:e0:e2:9e:4e:
                    08:d7:01:19:ab:2b:b7:c5:e3:8b:4a:da:24:a4:3a:
                    a9:5c:f1:3a:6b:0b:d7:51:cc:b9:aa:c4:1f:14:af:
                    34:96:8f:9d:1f:f4:15:54:53:1a:f6:2f:17:14:cb:
                    a2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A4:82:20:8D:43:40:7C:3D:5F:0E:16:E9:EA:DE:F3:73:95:32:6C
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ea:ba:db:79:48:02:df:bb:1b:8f:b6:ac:00:9b:2b:4c:a9:
         1d:b6:c9:ca:c3:06:09:54:7c:35:69:51:30:d8:40:0b:e9:1d:
         7b:b8:41:06:1d:7e:4c:c3:c2:5e:56:82:00:1e:dc:a3:f4:8e:
         2d:5b:0c:c0:d9:10:7b:0a:16:0e:fc:f7:3f:e6:4c:e9:e6:59:
         26:e5:ba:bc:13:ff:7d:a7:97:fd:5f:56:a8:22:88:cd:db:b4:
         9f:40:88:40:b1:34:e3:1b:fc:e7:d8:56:ce:ef:f3:8e:24:da:
         a6:cf:eb:94:ae:e8:c5:a0:93:85:b9:80:0d:b9:e2:71:46:05:
         b0:73:20:19:8c:c0:61:22:ff:d6:8d:8a:b4:c1:2a:08:dc:b5:
         78:81:e2:d4:a8:12:3d:56:5c:57:95:e3:15:42:3e:b5:fa:e5:
         bf:a5:b0:db:a2:f3:97:51:3c:b3:aa:33:97:97:ef:58:8e:da:
         71:e6:43:7f:60:e8:ef:cd:8f:b5:52:13:d4:f4:d2:c1:4e:c0:
         db:49:fe:99:c0:5b:d1:79:94:6b:67:4f:b4:a4:6b:2c:9f:68:
         17:0e:b5:94:05:7c:a8:41:e1:6b:d3:1c:18:81:0a:98:fc:62:
         36:a7:e5:a1:9e:42:ef:c9:b9:62:a3:5d:ec:1c:1a:f3:bd:d3:
         ff:53:2c:1d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUf85kzNSZnEZ92wi0LSZD2xFbkYcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKEY3QTQ4MjIwOEQ0MzQwN0MzRDVGMEUxNkU5RUFERUYzNzM5NTMyNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkZ2jSQzyvRmBz4XhPgKg4pkjZ
uVQ22k5/lhrGeeeGaBpmor20UCNPtWyGKgABSjw5bF4OwaJsVi5eQql9UV294MsP
qu0u2ltq/ZVrMvVEbkEzYNYSrnkHIZ9lWQRouOlzjSqqFvN1xFY9eXi9SLH8ZjoK
8fzxn9J8Rk671oQZDYWBvnbiGACmQOlKyX3LgaEtmbciMqSktU/Deyxwsco1VG7g
r+QIo7tV4LBeg5by6ZUWOiTFxotT9qFdWhcdzxTtkPV2PNAp5BaTZVzR4OKeTgjX
ARmrK7fF44tK2iSkOqlc8TprC9dRzLmqxB8UrzSWj50f9BVUUxr2LxcUy6InAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU96SCII1DQHw9Xw4W6ere83OVMmwwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpWMA0G
CSqGSIb3DQEBCwUAA4IBAQBW6rrbeUgC37sbj7asAJsrTKkdtsnKwwYJVHw1aVEw
2EAL6R17uEEGHX5Mw8JeVoIAHtyj9I4tWwzA2RB7ChYO/Pc/5kzp5lkm5bq8E/99
p5f9X1aoIojN27SfQIhAsTTjG/zn2FbO7/OOJNqmz+uUrujFoJOFuYANueJxRgWw
cyAZjMBhIv/WjYq0wSoI3LV4geLUqBI9VlxXleMVQj61+uW/pbDbovOXUTyzqjOX
l+9Yjtpx5kN/YOjvzY+1UhPU9NLBTsDbSf6ZwFvReZRrZ0+0pGssn2gXDrWUBXyo
QeFr0xwYgQqY/GI2p+WhnkLvyblio13sHBrzvdP/Uywd
-----END CERTIFICATE-----