Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
File:                     322e35382e38372e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          GskJPRP5+rnvvHOREh4sZ2sSIv4K+a70HYvv48uTIUc=
Subject key identifier:   B4:6A:DF:EB:56:34:52:DC:C1:D7:23:2C:37:22:AF:DD:25:C0:39:EB
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       5D35F881B2C252DF97FD0D0C903FE8EC43AA84C3
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
Signing time:             Thu 22 Feb 2024 17:05:14 +0000
ROA not before:           Thu 22 Feb 2024 17:00:14 +0000
ROA not after:            Thu 20 Feb 2025 17:05:14 +0000
asID:                     63023
IP address blocks:        2.58.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:35:f8:81:b2:c2:52:df:97:fd:0d:0c:90:3f:e8:ec:43:aa:84:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:14 2024 GMT
            Not After : Feb 20 17:05:14 2025 GMT
        Subject: CN=B46ADFEB563452DCC1D7232C3722AFDD25C039EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:07:85:8d:09:10:4b:72:57:54:44:c3:fa:e2:
                    65:6e:49:2e:c9:c3:de:2b:ad:6f:af:07:53:3f:de:
                    8e:0f:20:c8:a2:ac:61:d8:d4:8c:68:52:3f:09:c0:
                    04:f0:fe:cd:ab:86:f5:3c:c2:e3:b5:d7:5c:7c:29:
                    df:82:d2:47:27:bf:86:16:f8:cc:25:7d:22:76:81:
                    58:61:11:35:0c:01:b0:dc:21:13:43:c2:f8:8b:68:
                    15:f9:91:cf:2a:62:b1:f7:39:1f:bd:cc:75:f9:7a:
                    15:f8:10:4c:5d:a4:56:1a:4c:de:9a:9a:38:4b:57:
                    77:a2:85:98:95:2a:57:55:d2:c9:31:ec:b1:56:41:
                    23:28:ab:44:8c:e7:98:7c:a9:65:c7:55:de:19:d3:
                    90:bb:1d:7c:f5:e0:92:4d:0f:b7:b1:49:7e:2a:24:
                    b6:f0:28:f1:05:9c:11:e0:24:f0:b2:ba:ff:54:19:
                    41:b3:f4:53:38:9a:19:65:f5:ce:d3:0e:2c:07:bf:
                    ec:9e:1b:9a:38:b0:21:96:b4:05:f8:33:ef:12:f7:
                    7c:eb:2d:16:7b:65:ac:c1:bc:1b:e6:2b:02:e2:18:
                    bc:0a:5a:4a:82:b6:35:9d:ae:bb:d7:17:db:73:0d:
                    8b:f5:04:63:57:2c:56:88:0b:66:78:5a:8d:05:6f:
                    76:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:6A:DF:EB:56:34:52:DC:C1:D7:23:2C:37:22:AF:DD:25:C0:39:EB
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:44:a3:d4:cc:9d:98:c8:f6:45:b3:84:ba:36:78:92:21:4d:
         e8:89:2c:00:8e:e7:81:a4:64:18:39:7b:db:03:c7:55:b8:ee:
         37:0d:7e:33:eb:07:55:89:84:00:5e:49:b7:74:8b:e7:64:7f:
         17:13:60:24:d0:c2:4e:65:fc:67:ea:2f:de:4a:77:bf:43:5c:
         0b:ad:23:c5:50:5a:89:4c:78:81:64:40:4e:47:f7:f5:d9:84:
         26:3b:d7:79:05:2f:88:49:59:46:00:7e:40:4a:3d:cc:7f:00:
         96:d6:2e:3c:83:7e:fd:ca:02:fb:63:97:7b:0b:08:a8:93:09:
         21:bc:1d:48:09:06:e1:7e:8b:d4:13:cb:e7:49:5b:e5:d8:a2:
         73:ae:5e:8c:2b:2b:d2:7f:54:ef:fc:34:bc:fb:a5:60:f6:12:
         53:cc:25:4b:19:72:a5:16:ed:7e:eb:95:be:a3:39:9d:9f:64:
         cd:0e:bc:77:68:1c:7b:5a:85:fa:ce:b4:79:01:56:a2:fb:db:
         50:dd:69:a3:6b:fb:5f:10:59:45:d2:ba:6a:1c:0f:d7:0d:f6:
         a4:49:9e:16:6a:23:79:f5:05:aa:6d:cf:75:0a:de:0c:ca:03:
         0e:c3:88:10:3b:52:42:61:a6:94:f2:c5:7d:43:e8:f1:06:33:
         aa:0e:2c:5b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUXTX4gbLCUt+X/Q0MkD/o7EOqhMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTRaFw0yNTAyMjAxNzA1MTRaMDMxMTAvBgNV
BAMTKEI0NkFERkVCNTYzNDUyRENDMUQ3MjMyQzM3MjJBRkREMjVDMDM5RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZB4WNCRBLcldURMP64mVuSS7J
w94rrW+vB1M/3o4PIMiirGHY1IxoUj8JwATw/s2rhvU8wuO111x8Kd+C0kcnv4YW
+MwlfSJ2gVhhETUMAbDcIRNDwviLaBX5kc8qYrH3OR+9zHX5ehX4EExdpFYaTN6a
mjhLV3eihZiVKldV0skx7LFWQSMoq0SM55h8qWXHVd4Z05C7HXz14JJND7exSX4q
JLbwKPEFnBHgJPCyuv9UGUGz9FM4mhll9c7TDiwHv+yeG5o4sCGWtAX4M+8S93zr
LRZ7ZazBvBvmKwLiGLwKWkqCtjWdrrvXF9tzDYv1BGNXLFaIC2Z4Wo0Fb3b7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtGrf61Y0UtzB1yMsNyKv3SXAOeswHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpXMA0G
CSqGSIb3DQEBCwUAA4IBAQAvRKPUzJ2YyPZFs4S6NniSIU3oiSwAjueBpGQYOXvb
A8dVuO43DX4z6wdViYQAXkm3dIvnZH8XE2Ak0MJOZfxn6i/eSne/Q1wLrSPFUFqJ
THiBZEBOR/f12YQmO9d5BS+ISVlGAH5ASj3MfwCW1i48g379ygL7Y5d7Cwiokwkh
vB1ICQbhfovUE8vnSVvl2KJzrl6MKyvSf1Tv/DS8+6Vg9hJTzCVLGXKlFu1+65W+
ozmdn2TNDrx3aBx7WoX6zrR5AVai+9tQ3Wmja/tfEFlF0rpqHA/XDfakSZ4WaiN5
9QWqbc91Ct4MygMOw4gQO1JCYaaU8sV9Q+jxBjOqDixb
-----END CERTIFICATE-----