Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37342e302f32342d3234203d3e20313336373837.roa
File:                     322e35382e37342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          XIXRW4Bab38yqBd5L+tRthMuPBX523YkozHLtotOj+s=
Subject key identifier:   D1:90:4A:88:4B:49:2A:77:11:BA:82:B2:74:72:FF:8C:FC:1D:F8:61
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       18D330D3B5D9510306992D1C4B1F512A2501B72A
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37342e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 20 May 2024 17:03:45 +0000
ROA not before:           Mon 20 May 2024 16:58:45 +0000
ROA not after:            Mon 19 May 2025 17:03:45 +0000
asID:                     136787
IP address blocks:        2.58.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:d3:30:d3:b5:d9:51:03:06:99:2d:1c:4b:1f:51:2a:25:01:b7:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: May 20 16:58:45 2024 GMT
            Not After : May 19 17:03:45 2025 GMT
        Subject: CN=D1904A884B492A7711BA82B27472FF8CFC1DF861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:15:99:63:17:ae:24:cd:cd:51:0f:8e:5c:c4:
                    29:b6:71:77:be:55:fe:d6:16:ee:4a:d1:b2:5c:c7:
                    2a:49:c1:01:16:a2:8f:5e:a9:79:24:72:e8:89:c1:
                    65:94:89:39:a4:0e:f1:e2:32:22:03:5d:7a:b5:8a:
                    65:8d:11:15:95:aa:f5:50:c9:c0:24:da:2c:fd:74:
                    b4:24:96:ab:07:49:5f:8c:4a:37:e7:69:0e:0b:ab:
                    d9:4a:21:bb:27:cf:92:6c:f8:b4:30:60:70:4d:ff:
                    a9:70:d0:14:a6:f8:f8:bd:49:81:b9:be:79:e2:36:
                    4f:8f:0a:61:b3:2d:34:cc:b5:bc:20:d2:65:f8:5b:
                    01:cd:fa:6e:09:82:eb:87:14:ca:2d:dc:a1:9c:10:
                    6a:0c:2d:1f:5a:3a:7a:eb:77:09:db:88:b7:3b:83:
                    95:65:9c:9d:36:b1:3d:2c:29:7a:cf:82:23:96:e4:
                    a1:0a:cd:0c:1a:d7:3d:ed:ae:01:c0:b2:d2:4c:48:
                    e6:56:c6:66:ef:4f:48:c5:27:66:3a:e2:4e:d6:df:
                    47:50:21:39:1c:60:80:9b:77:9e:d8:91:2d:44:09:
                    99:f3:fb:32:d3:cf:9d:eb:a8:7e:76:9f:bb:58:ff:
                    78:85:54:50:b8:91:35:95:6a:10:7a:7d:cf:7d:c3:
                    06:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:90:4A:88:4B:49:2A:77:11:BA:82:B2:74:72:FF:8C:FC:1D:F8:61
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:cb:9f:b9:30:84:ca:73:2c:55:1a:88:69:cf:f2:96:e5:7a:
         bc:a0:a8:8a:2b:51:49:8b:4b:de:ae:1d:05:7b:5f:8f:b6:a0:
         5a:8b:a5:42:bb:dd:6f:fa:b5:e6:a4:7e:15:23:f6:aa:70:b8:
         bb:37:9c:b2:82:73:e9:3b:4b:8d:6d:8f:64:ef:17:fe:8d:6f:
         f7:62:5f:0e:b2:ab:61:e0:49:13:60:3c:fb:48:2a:db:bb:8f:
         35:25:68:82:65:5e:b0:90:6f:51:43:62:8a:62:1f:e2:60:ca:
         48:f4:06:9b:3b:43:a2:63:7f:20:15:9d:18:f9:9d:0a:aa:09:
         a4:0a:61:a8:3a:cc:f4:aa:e0:82:02:98:ff:0f:a6:68:33:c5:
         05:67:2d:3f:4a:10:62:ad:e5:5e:53:c4:9f:dd:3b:22:6c:d6:
         30:fb:4f:ea:e3:4e:d5:fd:79:5f:39:ba:a3:24:39:c3:4e:71:
         82:bc:bd:0f:80:6b:08:43:d0:1a:e2:1d:21:d9:ff:98:37:2d:
         ab:dc:f8:d6:2d:aa:5c:82:02:8f:16:72:5b:0d:c1:94:db:02:
         75:a9:c2:0c:b5:ee:a1:4a:fd:8c:ba:3b:ed:36:72:ba:d9:55:
         1b:d4:4b:23:88:06:cb:7e:95:ce:0c:4f:d1:44:3a:55:2d:81:
         96:94:a0:d8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGNMw07XZUQMGmS0cSx9RKiUBtyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA1MjAxNjU4NDVaFw0yNTA1MTkxNzAzNDVaMDMxMTAvBgNV
BAMTKEQxOTA0QTg4NEI0OTJBNzcxMUJBODJCMjc0NzJGRjhDRkMxREY4NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYFZljF64kzc1RD45cxCm2cXe+
Vf7WFu5K0bJcxypJwQEWoo9eqXkkcuiJwWWUiTmkDvHiMiIDXXq1imWNERWVqvVQ
ycAk2iz9dLQklqsHSV+MSjfnaQ4Lq9lKIbsnz5Js+LQwYHBN/6lw0BSm+Pi9SYG5
vnniNk+PCmGzLTTMtbwg0mX4WwHN+m4JguuHFMot3KGcEGoMLR9aOnrrdwnbiLc7
g5VlnJ02sT0sKXrPgiOW5KEKzQwa1z3trgHAstJMSOZWxmbvT0jFJ2Y64k7W30dQ
ITkcYICbd57YkS1ECZnz+zLTz53rqH52n7tY/3iFVFC4kTWVahB6fc99wwbPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU0ZBKiEtJKncRuoKydHL/jPwd+GEwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzIyZTM1MzgyZTM3MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOkow
DQYJKoZIhvcNAQELBQADggEBADzLn7kwhMpzLFUaiGnP8pblerygqIorUUmLS96u
HQV7X4+2oFqLpUK73W/6teakfhUj9qpwuLs3nLKCc+k7S41tj2TvF/6Nb/diXw6y
q2HgSRNgPPtIKtu7jzUlaIJlXrCQb1FDYopiH+Jgykj0Bps7Q6JjfyAVnRj5nQqq
CaQKYag6zPSq4IICmP8PpmgzxQVnLT9KEGKt5V5TxJ/dOyJs1jD7T+rjTtX9eV85
uqMkOcNOcYK8vQ+AawhD0BriHSHZ/5g3Lavc+NYtqlyCAo8WclsNwZTbAnWpwgy1
7qFK/Yy6O+02crrZVRvUSyOIBst+lc4MT9FEOlUtgZaUoNg=
-----END CERTIFICATE-----