Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38372e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          BppMkR46goDmRilMgHSuVei/eawmxzIyd06PCyZu6mg=
Subject key identifier:   9F:21:3F:7C:05:69:5E:8C:3C:4D:CD:C1:8B:36:09:93:2E:9A:7B:10
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       484239A343DBE0FE987BCF6F8C91E9DF3BE0EE34
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
Signing time:             Sat 11 May 2024 15:37:06 +0000
ROA not before:           Sat 11 May 2024 15:32:06 +0000
ROA not after:            Sat 10 May 2025 15:37:06 +0000
asID:                     152672
IP address blocks:        2.58.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:42:39:a3:43:db:e0:fe:98:7b:cf:6f:8c:91:e9:df:3b:e0:ee:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: May 11 15:32:06 2024 GMT
            Not After : May 10 15:37:06 2025 GMT
        Subject: CN=9F213F7C05695E8C3C4DCDC18B3609932E9A7B10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fb:de:f6:a8:de:a4:3e:c7:80:c4:bc:f3:17:
                    1d:20:ab:f7:24:b6:e6:d2:73:01:b5:9a:1c:3b:32:
                    59:d4:e1:c8:10:54:be:32:6a:32:0b:70:ee:27:35:
                    e6:12:2f:d5:eb:26:bf:ee:bb:95:30:85:86:7e:9a:
                    d3:36:a2:31:73:9a:9b:09:3b:67:6f:a0:5b:8d:cb:
                    97:57:ec:b5:47:13:4b:82:cf:b8:b3:83:fe:d5:c3:
                    ce:45:57:fc:47:0d:28:48:89:8c:06:88:f6:79:d5:
                    41:7a:7e:87:99:f9:29:c2:9c:a7:ea:c2:7d:18:8a:
                    bf:ad:f5:c0:fb:ad:5d:ad:23:03:8a:df:23:fc:48:
                    39:a8:4d:25:a4:e3:be:67:0e:8b:f7:c7:c8:0d:89:
                    9f:4a:91:b5:12:8a:0b:ef:7e:b9:87:fc:0d:dd:7d:
                    68:56:86:e0:64:11:f9:17:5f:25:4c:93:ce:50:9d:
                    85:65:e1:8e:1e:b5:34:06:3d:ba:2d:1c:0b:1f:2e:
                    f5:88:e7:2a:4e:4c:71:da:26:4a:94:26:c5:1f:4a:
                    af:f0:01:00:9d:02:81:40:08:5c:ec:94:c3:70:c9:
                    23:0e:10:b3:fb:9f:42:ee:1d:92:98:a1:ec:0a:9d:
                    42:bb:ae:ec:fc:7a:de:ab:39:e6:6e:57:99:ee:6a:
                    90:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:21:3F:7C:05:69:5E:8C:3C:4D:CD:C1:8B:36:09:93:2E:9A:7B:10
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:15:61:2c:d7:eb:fd:d6:df:66:1c:dd:6a:6c:e3:85:43:c6:
         2b:15:40:11:6a:ba:2b:fa:a4:6e:98:3e:06:8d:70:7f:99:dc:
         6e:f2:1b:37:9e:6e:f1:04:54:69:ab:27:e4:e5:d4:68:f9:8c:
         83:77:10:c5:48:bc:83:62:fe:17:c9:9d:7c:e6:b7:68:8f:6e:
         9c:4d:d0:a0:de:21:a5:d1:38:90:39:25:10:2b:c5:32:ce:a5:
         25:3f:86:a2:6f:ae:3c:f2:ef:cb:47:99:f8:f9:dd:3c:cb:0b:
         ac:df:3a:25:4a:a9:ad:2f:f5:44:da:84:28:d5:83:b5:fc:e3:
         04:ec:2a:13:d3:bd:67:22:f9:f4:bf:ae:e0:0a:53:03:96:e1:
         c3:0f:22:3a:e8:c6:39:78:66:99:dc:aa:e6:f9:38:39:53:29:
         cd:19:f8:cd:d3:74:9e:00:ad:47:d6:76:f8:58:24:03:37:5a:
         4b:ab:3a:dc:9e:1e:91:c7:ab:8c:e5:f8:2f:ac:da:86:b6:66:
         97:f2:85:3d:28:77:df:23:c3:3b:5c:8b:70:88:65:c9:0e:e5:
         18:f0:0d:dc:b0:c5:cc:0a:c0:d6:df:a5:bb:58:f6:1f:ae:d8:
         2e:a0:2b:eb:43:2e:e7:1d:68:a7:3f:82:1a:6b:75:81:c9:1d:
         9c:a6:e6:10
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSEI5o0Pb4P6Ye89vjJHp3zvg7jQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA1MTExNTMyMDZaFw0yNTA1MTAxNTM3MDZaMDMxMTAvBgNV
BAMTKDlGMjEzRjdDMDU2OTVFOEMzQzREQ0RDMThCMzYwOTkzMkU5QTdCMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6+972qN6kPseAxLzzFx0gq/ck
tubScwG1mhw7MlnU4cgQVL4yajILcO4nNeYSL9XrJr/uu5UwhYZ+mtM2ojFzmpsJ
O2dvoFuNy5dX7LVHE0uCz7izg/7Vw85FV/xHDShIiYwGiPZ51UF6foeZ+SnCnKfq
wn0Yir+t9cD7rV2tIwOK3yP8SDmoTSWk475nDov3x8gNiZ9KkbUSigvvfrmH/A3d
fWhWhuBkEfkXXyVMk85QnYVl4Y4etTQGPbotHAsfLvWI5ypOTHHaJkqUJsUfSq/w
AQCdAoFACFzslMNwySMOELP7n0LuHZKYoewKnUK7ruz8et6rOeZuV5nuapDBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUnyE/fAVpXow8Tc3BizYJky6aexAwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAKUVYSzX6/3W32Yc3Wps44VDxisVQBFquiv6pG6Y
PgaNcH+Z3G7yGzeebvEEVGmrJ+Tl1Gj5jIN3EMVIvINi/hfJnXzmt2iPbpxN0KDe
IaXROJA5JRArxTLOpSU/hqJvrjzy78tHmfj53TzLC6zfOiVKqa0v9UTahCjVg7X8
4wTsKhPTvWci+fS/ruAKUwOW4cMPIjroxjl4Zpncqub5ODlTKc0Z+M3TdJ4ArUfW
dvhYJAM3WkurOtyeHpHHq4zl+C+s2oa2ZpfyhT0od98jwztci3CIZckO5RjwDdyw
xcwKwNbfpbtY9h+u2C6gK+tDLucdaKc/ghprdYHJHZym5hA=
-----END CERTIFICATE-----