Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38362e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          d8kGYhHncLaUfVW2oy/ItqX+ZXfKEpEpsfVRCcwum5A=
Subject key identifier:   BB:F9:DE:8C:D0:A8:56:1E:7B:0B:33:C3:96:9B:C4:CF:3A:29:C2:06
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       17F1D7495455AB8746F89A2D5CC6AE0217250EEA
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
Signing time:             Thu 06 Jun 2024 16:26:46 +0000
ROA not before:           Thu 06 Jun 2024 16:21:46 +0000
ROA not after:            Thu 05 Jun 2025 16:26:46 +0000
asID:                     152672
IP address blocks:        2.58.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f1:d7:49:54:55:ab:87:46:f8:9a:2d:5c:c6:ae:02:17:25:0e:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:21:46 2024 GMT
            Not After : Jun  5 16:26:46 2025 GMT
        Subject: CN=BBF9DE8CD0A8561E7B0B33C3969BC4CF3A29C206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7f:c4:f1:5d:ce:aa:34:4b:2f:84:83:75:39:
                    5b:1e:eb:ee:53:99:ea:28:48:51:4f:a1:52:d5:fc:
                    37:43:09:c7:bb:4e:e5:2f:8f:6f:e1:39:dd:a2:8c:
                    fb:56:b1:88:39:7b:9e:01:b6:35:5a:f0:14:7e:32:
                    04:a2:7d:8a:eb:28:25:bd:08:05:db:05:1d:bc:1f:
                    73:20:2f:a2:39:8c:ba:4b:d9:e2:6d:bd:e7:57:46:
                    d1:92:10:31:15:60:80:c8:68:ca:bd:c1:86:20:83:
                    ac:dc:b2:ce:75:16:ca:ef:52:a9:0d:02:d7:4c:50:
                    d2:46:47:dc:a2:17:49:09:fa:95:77:29:7c:41:7d:
                    3a:59:72:2d:03:ef:b3:7f:c7:c6:ad:85:95:7a:6e:
                    2c:3f:8c:bb:76:41:13:78:49:97:a2:74:5f:cc:64:
                    76:85:93:b9:98:4b:cd:04:b3:61:eb:95:c5:fa:0c:
                    d3:dc:6c:a2:d2:69:bc:29:84:01:c9:58:85:97:55:
                    4f:06:e5:e5:ff:28:78:37:bb:dd:e4:c6:db:d2:f4:
                    fa:a0:ac:9d:90:03:2a:f5:28:49:3c:e3:eb:21:d2:
                    0f:c8:0a:26:45:de:4b:36:d1:6d:88:4a:38:7e:c0:
                    6d:57:ef:23:2f:c7:54:fd:0c:33:5c:4a:e7:b9:6a:
                    72:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:F9:DE:8C:D0:A8:56:1E:7B:0B:33:C3:96:9B:C4:CF:3A:29:C2:06
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:31:64:d6:52:fd:e5:2a:9e:1e:91:31:44:a3:2e:c1:9a:1f:
         08:45:91:c0:ab:d6:7e:14:c4:c8:f2:0b:10:ca:84:c5:80:5d:
         21:04:3f:9a:c5:47:76:b2:25:70:3b:b2:52:14:f0:8b:75:97:
         4e:2d:09:5a:51:c4:61:a2:92:5b:92:f7:ff:85:f1:88:35:d5:
         52:e5:34:a7:04:e6:93:2a:ac:a6:fd:3d:b9:3d:a7:12:a7:b4:
         d2:f8:48:b0:71:fe:0d:36:ef:c8:fe:50:5b:f0:e7:b9:4a:a5:
         24:b2:a8:8f:d7:8a:fb:80:7f:e4:78:b6:62:03:b5:43:f9:4b:
         49:c2:4e:e8:10:32:8b:d3:28:98:d4:aa:ff:66:d9:0f:8d:79:
         00:ad:9a:1d:db:e8:d9:ea:89:cb:9d:91:a4:e0:67:0c:ec:62:
         f5:77:35:e5:14:fb:b6:e7:b0:db:9d:88:bb:96:d3:e3:81:45:
         dd:8e:c5:d9:75:64:15:62:e3:d6:35:22:cf:67:43:f1:8b:4d:
         5f:0c:3f:df:2c:fa:d2:f9:38:cb:5a:9f:44:50:eb:ac:5b:51:
         2d:72:fa:d4:a3:60:b0:a4:c6:6d:60:77:3c:ec:32:a9:97:8c:
         58:a8:2b:09:a5:0b:8f:50:d9:7e:ab:50:ef:bc:c7:1e:7c:0a:
         98:7d:91:5c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUF/HXSVRVq4dG+JotXMauAhclDuowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjIxNDZaFw0yNTA2MDUxNjI2NDZaMDMxMTAvBgNV
BAMTKEJCRjlERThDRDBBODU2MUU3QjBCMzNDMzk2OUJDNENGM0EyOUMyMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7f8TxXc6qNEsvhIN1OVse6+5T
meooSFFPoVLV/DdDCce7TuUvj2/hOd2ijPtWsYg5e54BtjVa8BR+MgSifYrrKCW9
CAXbBR28H3MgL6I5jLpL2eJtvedXRtGSEDEVYIDIaMq9wYYgg6zcss51FsrvUqkN
AtdMUNJGR9yiF0kJ+pV3KXxBfTpZci0D77N/x8athZV6biw/jLt2QRN4SZeidF/M
ZHaFk7mYS80Es2HrlcX6DNPcbKLSabwphAHJWIWXVU8G5eX/KHg3u93kxtvS9Pqg
rJ2QAyr1KEk84+sh0g/ICiZF3ks20W2ISjh+wG1X7yMvx1T9DDNcSue5anLdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUu/nejNCoVh57CzPDlpvEzzopwgYwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBACYxZNZS/eUqnh6RMUSjLsGaHwhFkcCr1n4UxMjy
CxDKhMWAXSEEP5rFR3ayJXA7slIU8It1l04tCVpRxGGikluS9/+F8Yg11VLlNKcE
5pMqrKb9Pbk9pxKntNL4SLBx/g0278j+UFvw57lKpSSyqI/XivuAf+R4tmIDtUP5
S0nCTugQMovTKJjUqv9m2Q+NeQCtmh3b6NnqicudkaTgZwzsYvV3NeUU+7bnsNud
iLuW0+OBRd2Oxdl1ZBVi49Y1Is9nQ/GLTV8MP98s+tL5OMtan0RQ66xbUS1y+tSj
YLCkxm1gdzzsMqmXjFioKwmlC49Q2X6rUO+8xx58Cph9kVw=
-----END CERTIFICATE-----