Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38362e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          ih3AHjCGpafM5RuLKhdLo6m35UKDvTzkhWqno3bhhXs=
Subject key identifier:   65:71:58:97:E9:99:4B:3B:ED:A6:58:8B:C8:9C:67:89:52:62:EB:3C
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       04F989775111FE2BC9E879687245E14BB7D9B233
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
Signing time:             Sun 12 May 2024 03:21:52 +0000
ROA not before:           Sun 12 May 2024 03:16:52 +0000
ROA not after:            Sun 11 May 2025 03:21:52 +0000
asID:                     152672
IP address blocks:        2.58.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Jun 2024 17:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f9:89:77:51:11:fe:2b:c9:e8:79:68:72:45:e1:4b:b7:d9:b2:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: May 12 03:16:52 2024 GMT
            Not After : May 11 03:21:52 2025 GMT
        Subject: CN=65715897E9994B3BEDA6588BC89C67895262EB3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:44:80:25:c9:2c:01:d8:ec:05:22:4a:85:12:
                    b5:03:b3:f6:46:fa:80:01:22:95:69:4b:45:3c:da:
                    46:f2:96:f0:2d:04:a6:2b:f5:5a:3d:dc:f4:83:7f:
                    ef:94:09:87:b2:7f:60:9f:53:c0:31:46:9e:ad:5b:
                    7d:b7:6a:1b:7b:fa:91:cc:84:6b:75:df:ea:43:7e:
                    d7:0d:c4:e5:9a:90:44:c5:34:7e:dc:c8:35:8c:6f:
                    6b:58:99:98:0d:5c:03:07:3a:09:50:bc:f8:e1:21:
                    66:1a:f6:78:77:47:28:39:36:3d:8a:37:c9:44:6a:
                    93:56:7d:95:e4:ce:05:67:39:3e:81:ad:ec:5e:7a:
                    da:10:ed:73:c0:82:f9:c0:5c:e1:f3:79:df:d9:ee:
                    89:40:fc:9b:77:d4:24:fc:90:fd:2f:aa:fb:77:2a:
                    5a:66:31:d9:7d:32:7a:cf:37:fe:23:7b:77:e3:28:
                    cd:38:3d:03:73:15:e3:0f:b3:c2:63:00:ac:fd:b3:
                    b6:52:08:c8:d1:a7:ec:87:83:66:48:0c:73:e4:3f:
                    8e:5c:d0:93:2d:ba:12:74:03:c9:06:f5:c5:3c:87:
                    51:f2:1e:c0:cb:33:05:2a:35:20:50:25:d3:fb:62:
                    81:03:f8:60:67:43:10:62:41:6e:d7:dd:a8:2e:3b:
                    95:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:71:58:97:E9:99:4B:3B:ED:A6:58:8B:C8:9C:67:89:52:62:EB:3C
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:00:13:8a:bd:ac:ed:f5:97:c3:78:7a:5f:3e:14:b9:38:6e:
         cb:a7:c9:fc:79:dd:c6:8b:6a:a5:b0:8a:b1:44:d4:89:5d:bb:
         1e:f4:52:71:c3:09:2a:db:55:b7:b0:8a:3e:93:f6:d3:e8:5d:
         06:a0:fc:00:57:66:b3:51:1e:e2:a0:30:dc:32:21:7f:f7:ca:
         72:ac:46:73:d3:5e:41:ff:9d:1b:f4:e9:88:41:d2:55:b9:c9:
         2d:2b:ed:7b:c8:08:4d:a7:b5:a9:35:2a:3e:31:64:fa:17:c5:
         5e:53:89:4e:c9:bb:86:1b:38:59:b9:9a:51:45:ef:c2:af:af:
         0b:2a:a2:0e:4d:d4:1c:12:97:d1:96:78:f3:61:ba:37:67:3e:
         c6:44:ab:aa:84:6b:6d:c7:6d:c9:b8:53:f8:6e:d1:38:4b:8b:
         fe:b9:05:6b:9a:9f:e8:68:7d:c5:9d:17:26:2d:d1:1d:42:af:
         3b:6b:e2:3c:af:5c:6b:a5:52:c1:fe:bd:f1:96:8b:ee:41:af:
         b4:b8:50:96:49:c8:5a:ea:f3:e9:b2:72:35:45:82:dc:8e:48:
         a3:9f:d2:bc:b5:e0:01:84:7a:61:fc:aa:bb:22:54:ce:e4:de:
         2a:a6:30:64:ee:7d:b6:96:5a:ac:75:d0:ba:4b:4d:45:e2:ed:
         fc:25:c0:ef
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBPmJd1ER/ivJ6HlockXhS7fZsjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA1MTIwMzE2NTJaFw0yNTA1MTEwMzIxNTJaMDMxMTAvBgNV
BAMTKDY1NzE1ODk3RTk5OTRCM0JFREE2NTg4QkM4OUM2Nzg5NTI2MkVCM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7RIAlySwB2OwFIkqFErUDs/ZG
+oABIpVpS0U82kbylvAtBKYr9Vo93PSDf++UCYeyf2CfU8AxRp6tW323aht7+pHM
hGt13+pDftcNxOWakETFNH7cyDWMb2tYmZgNXAMHOglQvPjhIWYa9nh3Ryg5Nj2K
N8lEapNWfZXkzgVnOT6BrexeetoQ7XPAgvnAXOHzed/Z7olA/Jt31CT8kP0vqvt3
KlpmMdl9MnrPN/4je3fjKM04PQNzFeMPs8JjAKz9s7ZSCMjRp+yHg2ZIDHPkP45c
0JMtuhJ0A8kG9cU8h1HyHsDLMwUqNSBQJdP7YoED+GBnQxBiQW7X3aguO5X/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZXFYl+mZSzvtpliLyJxniVJi6zwwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBAJsAE4q9rO31l8N4el8+FLk4bsunyfx53caLaqWw
irFE1Ildux70UnHDCSrbVbewij6T9tPoXQag/ABXZrNRHuKgMNwyIX/3ynKsRnPT
XkH/nRv06YhB0lW5yS0r7XvICE2ntak1Kj4xZPoXxV5TiU7Ju4YbOFm5mlFF78Kv
rwsqog5N1BwSl9GWePNhujdnPsZEq6qEa23Hbcm4U/hu0ThLi/65BWuan+hofcWd
FyYt0R1Crztr4jyvXGulUsH+vfGWi+5Br7S4UJZJyFrq8+mycjVFgtyOSKOf0ry1
4AGEemH8qrsiVM7k3iqmMGTufbaWWqx10LpLTUXi7fwlwO8=
-----END CERTIFICATE-----