Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e203437343336.roa
File:                     322e35382e38352e302f32342d3234203d3e203437343336.roa (raw, json)
Hash identifier:          nYgu9kBkRhcLmcGO/2u6SLmuyYzZA0j/VnRcY6P4Llo=
Subject key identifier:   1A:0F:CC:24:0D:F1:A4:0E:E8:25:C8:E7:B0:62:90:E1:AF:32:8F:21
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       669AC02E10DD17D13DC5260334C0FCFEF332CD08
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e203437343336.roa
Signing time:             Sun 22 Oct 2023 05:39:54 +0000
ROA not before:           Sun 22 Oct 2023 05:34:54 +0000
ROA not after:            Sun 20 Oct 2024 05:39:54 +0000
asID:                     47436
IP address blocks:        2.58.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 15:47:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:9a:c0:2e:10:dd:17:d1:3d:c5:26:03:34:c0:fc:fe:f3:32:cd:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Oct 22 05:34:54 2023 GMT
            Not After : Oct 20 05:39:54 2024 GMT
        Subject: CN=1A0FCC240DF1A40EE825C8E7B06290E1AF328F21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b7:dd:d0:e5:10:32:d6:97:a0:8d:3c:0c:70:
                    99:b6:88:a5:b1:0d:28:46:48:99:27:19:d7:0c:d7:
                    38:66:3b:2a:07:6b:d9:49:a5:b9:e6:3f:76:23:3e:
                    62:ef:df:4f:44:a2:57:0e:9e:5c:2a:30:53:fb:7a:
                    89:26:4d:06:24:16:99:16:50:fb:df:db:6f:f3:be:
                    0d:d0:59:59:21:67:93:45:85:b6:ef:82:01:16:ba:
                    7a:de:63:24:8c:3b:b6:ad:3a:ff:26:50:19:fd:59:
                    7d:49:4e:19:dc:33:c6:00:80:e9:57:e0:c8:a9:0a:
                    55:54:57:1d:fc:23:5e:7f:fe:5c:5c:20:09:fa:67:
                    47:2b:78:e2:66:d2:97:c4:2e:fc:f0:1e:b6:ea:41:
                    17:d2:ab:4f:dd:8e:0c:30:28:19:be:a5:55:0a:be:
                    f6:82:5e:f4:3c:87:32:3d:96:7a:a8:f2:42:af:17:
                    62:40:6b:01:86:a5:71:dd:8b:d7:87:f1:ec:2b:23:
                    ab:b2:a2:95:a4:70:83:4f:de:02:5b:cf:95:1e:4a:
                    9b:46:e3:2a:bf:95:51:60:6b:53:f4:f7:b7:ec:b2:
                    4b:81:e7:65:f3:8d:3b:61:c5:ed:44:13:58:3d:77:
                    05:ac:45:8a:9c:f0:fe:e5:45:da:39:d8:4d:1e:47:
                    6e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:0F:CC:24:0D:F1:A4:0E:E8:25:C8:E7:B0:62:90:E1:AF:32:8F:21
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e203437343336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:29:8b:5e:52:5c:36:95:4c:4b:f6:20:1d:43:56:86:af:4e:
         03:ed:a4:11:7e:9d:86:f3:22:13:f4:69:8c:1e:2e:11:6a:a6:
         b9:13:c4:83:f0:dc:6f:dc:09:ee:e9:62:18:cf:e6:5c:83:68:
         5e:af:f3:e6:8d:f1:67:d6:86:97:55:bf:ed:22:f5:c1:15:b2:
         cd:e9:cd:8d:28:ec:89:43:c3:7e:b7:bc:45:02:ea:15:e4:3a:
         48:2b:61:89:b3:3d:40:19:6d:6e:49:70:bc:1c:b6:71:d7:9c:
         12:5c:76:9f:26:71:83:7f:81:dc:35:69:c1:28:b5:12:61:46:
         f7:dc:2e:a8:02:5c:fc:ca:3c:49:42:2a:87:a4:5d:1f:96:fc:
         c4:5b:43:74:38:4c:55:c2:c9:3d:13:63:f6:ee:f6:d4:e1:bd:
         da:c7:70:8c:54:8c:83:90:22:ab:60:c0:c0:ba:71:5e:7e:55:
         79:1d:af:1c:6d:27:44:8b:49:dd:b0:9d:cf:65:93:1f:e1:dd:
         2f:7d:36:4e:a7:e9:55:09:02:63:99:2c:6e:10:fb:91:28:cb:
         a9:6b:4e:3a:92:4a:9e:02:2a:f1:e9:3f:cf:88:7f:a3:f9:6d:
         43:ac:09:28:81:9c:7f:a7:1d:f3:a2:fe:5b:5b:a5:0a:e4:ca:
         51:67:f2:09
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZprALhDdF9E9xSYDNMD8/vMyzQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yMzEwMjIwNTM0NTRaFw0yNDEwMjAwNTM5NTRaMDMxMTAvBgNV
BAMTKDFBMEZDQzI0MERGMUE0MEVFODI1QzhFN0IwNjI5MEUxQUYzMjhGMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYt93Q5RAy1pegjTwMcJm2iKWx
DShGSJknGdcM1zhmOyoHa9lJpbnmP3YjPmLv309EolcOnlwqMFP7eokmTQYkFpkW
UPvf22/zvg3QWVkhZ5NFhbbvggEWunreYySMO7atOv8mUBn9WX1JThncM8YAgOlX
4MipClVUVx38I15//lxcIAn6Z0creOJm0pfELvzwHrbqQRfSq0/djgwwKBm+pVUK
vvaCXvQ8hzI9lnqo8kKvF2JAawGGpXHdi9eH8ewrI6uyopWkcINP3gJbz5UeSptG
4yq/lVFga1P097fsskuB52XzjTthxe1EE1g9dwWsRYqc8P7lRdo52E0eR27TAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUGg/MJA3xpA7oJcjnsGKQ4a8yjyEwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM3MzQzMzM2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpVMA0G
CSqGSIb3DQEBCwUAA4IBAQBKKYteUlw2lUxL9iAdQ1aGr04D7aQRfp2G8yIT9GmM
Hi4Raqa5E8SD8Nxv3Anu6WIYz+Zcg2her/PmjfFn1oaXVb/tIvXBFbLN6c2NKOyJ
Q8N+t7xFAuoV5DpIK2GJsz1AGW1uSXC8HLZx15wSXHafJnGDf4HcNWnBKLUSYUb3
3C6oAlz8yjxJQiqHpF0flvzEW0N0OExVwsk9E2P27vbU4b3ax3CMVIyDkCKrYMDA
unFeflV5Ha8cbSdEi0ndsJ3PZZMf4d0vfTZOp+lVCQJjmSxuEPuRKMupa046kkqe
Airx6T/PiH+j+W1DrAkogZx/px3zov5bW6UK5MpRZ/IJ
-----END CERTIFICATE-----