Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
File:                     322e35382e38342e302f32342d3234203d3e20323136323231.roa (raw, json)
Hash identifier:          EPX6XGpgNwtiRnBvxDuCW65ZQ4Gu+llG59fAl/wr2K4=
Subject key identifier:   4C:4D:FA:CE:50:7C:48:01:40:ED:76:77:10:3B:68:E9:4E:EB:FB:DB
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       372BAC4EFB1398FDD4152EB816289ADB02F1CECF
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
Signing time:             Fri 12 Apr 2024 15:02:05 +0000
ROA not before:           Fri 12 Apr 2024 14:57:05 +0000
ROA not after:            Fri 11 Apr 2025 15:02:05 +0000
asID:                     216221
IP address blocks:        2.58.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 15:47:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:2b:ac:4e:fb:13:98:fd:d4:15:2e:b8:16:28:9a:db:02:f1:ce:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Apr 12 14:57:05 2024 GMT
            Not After : Apr 11 15:02:05 2025 GMT
        Subject: CN=4C4DFACE507C480140ED7677103B68E94EEBFBDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:99:9e:66:0e:07:42:6f:f3:3f:39:58:fe:2e:
                    23:d2:95:28:15:6d:9e:52:6e:5b:d0:64:e2:9d:4e:
                    90:53:13:8e:22:6b:8d:8f:34:4f:95:62:d7:d9:7f:
                    81:e0:53:9c:b6:88:58:d0:8f:4a:57:55:3d:3e:c4:
                    df:b2:34:12:b5:15:eb:1d:31:fb:52:ab:19:bf:81:
                    57:85:b6:7b:df:25:2d:4e:32:70:d7:f1:30:4f:19:
                    f7:36:97:f0:7c:2d:e7:07:a8:0f:8d:26:b5:0d:25:
                    a9:66:58:4a:0d:40:3e:d0:c5:8e:2f:df:ce:a9:ca:
                    54:37:df:0e:20:56:44:68:1b:5a:b6:98:63:da:dd:
                    39:25:a1:d9:58:4d:bd:d9:6d:f8:fd:d8:98:bd:d4:
                    d8:79:90:d7:e7:d1:13:79:a4:f8:dd:8b:85:ce:22:
                    62:76:23:da:b5:91:4a:57:1f:9b:4c:1d:16:8d:9c:
                    3b:82:92:ce:1c:0e:80:ec:83:6d:90:b4:28:15:a7:
                    48:69:b2:33:72:92:7a:3b:92:06:d3:8b:b2:da:1a:
                    0f:af:59:b0:39:8c:eb:e5:e5:41:82:cd:0e:2c:90:
                    26:44:95:7a:4a:7d:fc:fa:c7:50:65:2d:f4:df:6a:
                    0d:dd:19:f5:12:0f:2e:a5:2e:81:02:6a:a9:b5:90:
                    72:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:4D:FA:CE:50:7C:48:01:40:ED:76:77:10:3B:68:E9:4E:EB:FB:DB
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2b:2c:2a:27:8c:ae:01:c3:e7:af:41:a0:96:f6:49:af:fa:
         92:b7:75:5f:3b:26:e1:96:7b:88:35:31:53:6a:3e:51:49:44:
         55:44:ed:da:05:f8:6d:44:b1:dc:44:ca:61:59:26:24:7f:6b:
         d1:a9:d5:f5:e6:e0:bb:20:14:0c:7c:e6:e0:3c:b6:15:8c:4d:
         68:69:e1:0e:f0:0e:22:11:be:1b:4b:cf:5a:a3:8a:67:ea:fd:
         07:8c:aa:84:76:db:a2:53:fe:7b:9e:0b:24:88:d9:ec:9a:bf:
         a1:43:98:15:6b:6d:c6:07:7e:66:ca:4d:bd:a0:13:5f:63:5b:
         b0:d9:33:98:87:64:66:c2:7f:60:64:16:6f:bd:b4:06:2e:bf:
         23:9c:3b:06:38:b7:a0:b1:46:bf:7f:25:c0:c2:b9:d2:c9:eb:
         a5:b1:7b:e6:2f:5f:cb:e6:53:32:5a:a2:19:db:f6:40:99:4a:
         a1:dd:e6:d8:dc:b6:d1:64:70:fe:a5:db:af:9f:7e:f7:e4:60:
         5f:a2:c1:46:85:a5:e6:66:a2:e9:7b:09:48:a0:a5:f1:3a:f8:
         bf:e7:27:fe:84:d5:7a:c2:8b:f3:5d:e3:ad:28:2a:35:87:c4:
         33:3c:07:f4:9a:20:37:f3:4d:66:20:6f:1a:b5:cd:f1:95:46:
         00:57:2b:08
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNyusTvsTmP3UFS64Fiia2wLxzs8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA0MTIxNDU3MDVaFw0yNTA0MTExNTAyMDVaMDMxMTAvBgNV
BAMTKDRDNERGQUNFNTA3QzQ4MDE0MEVENzY3NzEwM0I2OEU5NEVFQkZCREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQmZ5mDgdCb/M/OVj+LiPSlSgV
bZ5SblvQZOKdTpBTE44ia42PNE+VYtfZf4HgU5y2iFjQj0pXVT0+xN+yNBK1Fesd
MftSqxm/gVeFtnvfJS1OMnDX8TBPGfc2l/B8LecHqA+NJrUNJalmWEoNQD7QxY4v
386pylQ33w4gVkRoG1q2mGPa3TklodlYTb3Zbfj92Ji91Nh5kNfn0RN5pPjdi4XO
ImJ2I9q1kUpXH5tMHRaNnDuCks4cDoDsg22QtCgVp0hpsjNykno7kgbTi7LaGg+v
WbA5jOvl5UGCzQ4skCZElXpKffz6x1BlLfTfag3dGfUSDy6lLoECaqm1kHIXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUTE36zlB8SAFA7XZ3EDto6U7r+9swHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlQw
DQYJKoZIhvcNAQELBQADggEBADorLConjK4Bw+evQaCW9kmv+pK3dV87JuGWe4g1
MVNqPlFJRFVE7doF+G1EsdxEymFZJiR/a9Gp1fXm4LsgFAx85uA8thWMTWhp4Q7w
DiIRvhtLz1qjimfq/QeMqoR226JT/nueCySI2eyav6FDmBVrbcYHfmbKTb2gE19j
W7DZM5iHZGbCf2BkFm+9tAYuvyOcOwY4t6CxRr9/JcDCudLJ66Wxe+YvX8vmUzJa
ohnb9kCZSqHd5tjcttFkcP6l26+ffvfkYF+iwUaFpeZmoul7CUigpfE6+L/nJ/6E
1XrCi/Nd460oKjWHxDM8B/SaIDfzTWYgbxq1zfGVRgBXKwg=
-----END CERTIFICATE-----