Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa
File:                     322e35382e38352e302f32342d3234203d3e20323031333634.roa (raw, json)
Hash identifier:          D1gSVTjM3kaH+QdxcFDy3RNE5cowzusP7CxdRrnSHWw=
Subject key identifier:   BD:99:0A:F5:9C:42:94:2B:56:E5:B8:FA:E2:BB:46:A9:1E:81:9B:31
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       20969261BEFD0DB3B0DD7D912789B381C066F3C1
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     201364
IP address blocks:        2.58.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:96:92:61:be:fd:0d:b3:b0:dd:7d:91:27:89:b3:81:c0:66:f3:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=BD990AF59C42942B56E5B8FAE2BB46A91E819B31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:49:af:43:f4:ac:da:ec:54:38:1c:55:72:5f:
                    6d:37:1b:d3:83:ed:28:ef:e9:25:bb:7e:d7:ab:4d:
                    53:52:61:b2:ee:5f:7b:17:cb:69:45:ac:f0:95:13:
                    be:32:07:ca:d3:c4:bc:e6:5a:5f:5b:f4:bb:f0:67:
                    0a:f7:6f:21:40:6e:05:d0:e4:97:b7:3d:80:42:8c:
                    8a:ed:7e:51:aa:bd:d0:11:85:7a:a5:cd:6b:e8:7a:
                    4d:50:46:39:33:f9:01:9a:08:ef:98:d9:d6:29:e7:
                    17:fd:ad:75:67:92:c9:a5:ad:75:57:b4:0c:f8:a3:
                    aa:42:aa:04:55:2e:aa:9a:78:9c:ef:ec:c5:66:97:
                    01:a8:53:ed:00:81:d0:cd:54:b3:49:79:c3:9a:3e:
                    aa:47:2f:f8:e6:3a:33:50:e7:9c:59:a9:71:1a:a3:
                    40:da:ee:39:5c:1f:a5:24:9b:5c:23:af:bb:8e:2c:
                    e3:72:23:c2:b2:7b:a6:e1:88:54:e7:0d:d6:35:dc:
                    7c:84:f4:08:ee:90:71:78:19:18:15:bd:76:6a:45:
                    7b:51:7f:a4:7d:c3:1b:09:bf:ce:43:25:4c:29:0b:
                    ff:97:a2:8e:d4:54:47:27:ff:a8:11:6e:bd:73:81:
                    01:f5:40:0a:a4:f0:83:cc:b6:e3:35:23:1c:c8:e1:
                    0f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:99:0A:F5:9C:42:94:2B:56:E5:B8:FA:E2:BB:46:A9:1E:81:9B:31
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2f:f2:09:fd:9d:5d:50:fe:e5:80:70:39:f3:fe:c2:e9:2e:
         75:34:9c:fd:4a:5e:dc:69:f6:ba:89:8c:7d:3f:2c:bd:0b:5d:
         51:bd:3c:62:f5:eb:89:e7:b7:0b:16:94:30:ab:9f:67:e5:51:
         83:66:32:79:9f:a4:9e:40:e4:93:d6:8a:e2:74:8b:c0:2e:be:
         bc:d7:04:af:ec:fb:ff:40:1f:13:46:d6:1f:aa:a0:fa:5d:c5:
         89:29:e1:f4:c0:8c:1e:10:db:01:8d:00:35:aa:bc:dd:bd:f8:
         c7:a1:99:d2:38:1a:0b:bb:2a:05:84:26:b7:7e:0e:ce:bb:d1:
         2d:9e:a1:54:6c:db:de:00:07:93:6e:a2:62:b0:81:8d:23:77:
         58:bd:76:1a:12:eb:30:09:33:a7:43:7f:0b:fe:8a:ff:45:be:
         71:3b:ab:37:31:ba:c3:5b:09:c8:ba:2d:2a:b5:ef:76:d7:68:
         71:11:7e:24:f0:a6:ff:26:36:55:ef:d0:2c:f3:0e:5b:35:2c:
         44:df:56:a2:13:76:a8:b1:9e:ab:ef:23:3d:be:ca:af:04:e4:
         b3:a5:95:0a:30:e0:fd:d2:c1:0e:e7:68:30:a2:85:fb:b7:6c:
         a9:58:02:5e:e8:18:19:ea:96:1b:4b:e1:4b:78:b6:26:ff:7e:
         1c:2e:69:23
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIJaSYb79DbOw3X2RJ4mzgcBm88EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKEJEOTkwQUY1OUM0Mjk0MkI1NkU1QjhGQUUyQkI0NkE5MUU4MTlCMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiSa9D9Kza7FQ4HFVyX203G9OD
7Sjv6SW7fterTVNSYbLuX3sXy2lFrPCVE74yB8rTxLzmWl9b9LvwZwr3byFAbgXQ
5Je3PYBCjIrtflGqvdARhXqlzWvoek1QRjkz+QGaCO+Y2dYp5xf9rXVnksmlrXVX
tAz4o6pCqgRVLqqaeJzv7MVmlwGoU+0AgdDNVLNJecOaPqpHL/jmOjNQ55xZqXEa
o0Da7jlcH6Ukm1wjr7uOLONyI8Kye6bhiFTnDdY13HyE9AjukHF4GRgVvXZqRXtR
f6R9wxsJv85DJUwpC/+Xoo7UVEcn/6gRbr1zgQH1QAqk8IPMtuM1IxzI4Q9BAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvZkK9ZxClCtW5bj64rtGqR6BmzEwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlUw
DQYJKoZIhvcNAQELBQADggEBABAv8gn9nV1Q/uWAcDnz/sLpLnU0nP1KXtxp9rqJ
jH0/LL0LXVG9PGL164nntwsWlDCrn2flUYNmMnmfpJ5A5JPWiuJ0i8AuvrzXBK/s
+/9AHxNG1h+qoPpdxYkp4fTAjB4Q2wGNADWqvN29+MehmdI4Ggu7KgWEJrd+Ds67
0S2eoVRs294AB5NuomKwgY0jd1i9dhoS6zAJM6dDfwv+iv9FvnE7qzcxusNbCci6
LSq173bXaHERfiTwpv8mNlXv0CzzDls1LETfVqITdqixnqvvIz2+yq8E5LOllQow
4P3SwQ7naDCihfu3bKlYAl7oGBnqlhtL4Ut4tib/fhwuaSM=
-----END CERTIFICATE-----