Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38362e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          ghP/K0aFSuuh8OzXlyABQdz31k5fHzbuxuUBeRfhY40=
Subject key identifier:   41:E6:2C:95:08:F8:BD:0B:77:0E:86:D3:25:7D:2C:1A:6B:B6:30:74
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       07F36FC31AD5FA26AA51EDF80C2358ED5F51C232
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     142111
IP address blocks:        2.58.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 14:08:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:f3:6f:c3:1a:d5:fa:26:aa:51:ed:f8:0c:23:58:ed:5f:51:c2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=41E62C9508F8BD0B770E86D3257D2C1A6BB63074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:16:c6:9b:75:2d:1f:e9:42:95:98:3f:b6:74:
                    2b:dc:3c:26:9c:91:99:21:93:7e:f4:d0:99:a3:7e:
                    40:80:9e:79:63:ed:2d:6a:cd:c3:74:0f:ab:1b:d2:
                    b1:84:06:35:24:0d:d0:99:f2:3f:29:03:38:c3:42:
                    7f:29:26:0c:af:1c:9c:bc:57:5e:d9:9d:d4:52:53:
                    2d:30:0b:b9:b9:5b:41:67:b2:3d:9f:e2:c6:2d:5b:
                    7d:b5:cb:b3:ba:89:e4:bc:26:af:65:69:c5:27:36:
                    af:45:27:d0:be:87:f9:eb:45:57:f2:f1:25:99:1b:
                    49:ef:f1:d7:e3:1b:e2:04:3f:49:35:d6:37:91:95:
                    c8:45:2c:17:e2:98:7d:67:1a:52:d3:99:0a:52:3b:
                    8e:00:1e:c8:8d:4f:25:43:39:7a:39:8e:6e:61:d8:
                    ff:8b:9e:70:57:29:0e:ca:9b:92:91:06:4d:e9:f1:
                    36:b7:9d:2d:29:ff:8f:dd:1d:68:39:72:da:0f:22:
                    94:8e:54:b1:85:41:c5:77:e3:b9:f9:d0:7a:69:ea:
                    f2:81:74:70:eb:c6:db:d2:6f:50:c0:1d:35:6e:75:
                    53:4d:9b:08:74:28:9a:da:45:99:eb:ad:b6:d4:d3:
                    87:d8:56:7b:7c:df:cc:43:21:16:94:2d:36:24:f1:
                    c8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E6:2C:95:08:F8:BD:0B:77:0E:86:D3:25:7D:2C:1A:6B:B6:30:74
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:6f:9d:e9:05:68:c9:65:77:ee:dd:75:9d:aa:9b:2a:a2:b4:
         a4:d6:cb:67:b7:4d:be:b9:4f:a7:47:db:b7:67:a4:f9:ea:65:
         22:5e:01:a8:b2:09:bc:3f:4e:0a:f8:a4:2a:dc:b1:bf:fb:48:
         2b:c5:83:d3:b0:83:48:25:5e:82:cd:4f:cb:62:ed:9e:2b:87:
         09:34:31:e0:58:d7:16:bf:e4:35:91:c9:7b:72:70:7d:e0:24:
         72:b1:f4:10:00:a6:36:bf:51:84:4e:8e:6c:45:6b:21:89:a0:
         df:70:4b:ac:5f:1c:6a:7c:a2:cf:78:b9:20:1e:45:b9:ae:9c:
         84:53:97:6a:3a:8a:f2:9a:58:b4:a7:c0:f6:34:23:4a:b9:2a:
         4b:76:c6:81:ba:41:d6:98:0d:72:b7:0c:a0:6f:e2:d2:64:1d:
         74:2d:ea:9b:90:95:a1:22:39:77:54:93:df:ae:ee:73:0d:11:
         a3:63:8a:fb:a3:8b:91:0e:6d:3f:5d:11:34:c5:06:77:1c:79:
         53:d8:7e:02:29:c1:f6:32:21:0d:56:25:5d:99:bb:39:9c:3b:
         73:c6:11:6b:f7:5d:b7:73:60:62:9b:5d:6a:bd:ee:09:1c:f4:
         d6:6f:05:d7:26:ca:25:70:79:a3:3f:39:b5:01:d9:da:47:aa:
         64:60:98:fc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUB/NvwxrV+iaqUe34DCNY7V9RwjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKDQxRTYyQzk1MDhGOEJEMEI3NzBFODZEMzI1N0QyQzFBNkJCNjMwNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSFsabdS0f6UKVmD+2dCvcPCac
kZkhk3700JmjfkCAnnlj7S1qzcN0D6sb0rGEBjUkDdCZ8j8pAzjDQn8pJgyvHJy8
V17ZndRSUy0wC7m5W0Fnsj2f4sYtW321y7O6ieS8Jq9lacUnNq9FJ9C+h/nrRVfy
8SWZG0nv8dfjG+IEP0k11jeRlchFLBfimH1nGlLTmQpSO44AHsiNTyVDOXo5jm5h
2P+LnnBXKQ7Km5KRBk3p8Ta3nS0p/4/dHWg5ctoPIpSOVLGFQcV347n50Hpp6vKB
dHDrxtvSb1DAHTVudVNNmwh0KJraRZnrrbbU04fYVnt838xDIRaULTYk8cj5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQeYslQj4vQt3DobTJX0sGmu2MHQwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBAJtvnekFaMlld+7ddZ2qmyqitKTWy2e3Tb65T6dH
27dnpPnqZSJeAaiyCbw/Tgr4pCrcsb/7SCvFg9Owg0glXoLNT8ti7Z4rhwk0MeBY
1xa/5DWRyXtycH3gJHKx9BAApja/UYROjmxFayGJoN9wS6xfHGp8os94uSAeRbmu
nIRTl2o6ivKaWLSnwPY0I0q5Kkt2xoG6QdaYDXK3DKBv4tJkHXQt6puQlaEiOXdU
k9+u7nMNEaNjivuji5EObT9dETTFBncceVPYfgIpwfYyIQ1WJV2ZuzmcO3PGEWv3
XbdzYGKbXWq97gkc9NZvBdcmyiVweaM/ObUB2dpHqmRgmPw=
-----END CERTIFICATE-----