Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38372e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          CAIVAbVr4KnWXmPV7Q+w/tv+85XP9pQkGmbD3H1VqkQ=
Subject key identifier:   10:79:E4:BB:79:7D:45:69:3C:FC:3C:02:B3:8E:8D:F9:50:A2:47:55
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       31EE49480870E0E6370BEF9C82283083F95E40ED
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
Signing time:             Mon 03 Jun 2024 14:05:18 +0000
ROA not before:           Mon 03 Jun 2024 14:00:18 +0000
ROA not after:            Mon 02 Jun 2025 14:05:18 +0000
asID:                     142111
IP address blocks:        2.58.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Jun 2024 17:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ee:49:48:08:70:e0:e6:37:0b:ef:9c:82:28:30:83:f9:5e:40:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Jun  3 14:00:18 2024 GMT
            Not After : Jun  2 14:05:18 2025 GMT
        Subject: CN=1079E4BB797D45693CFC3C02B38E8DF950A24755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f5:11:9d:7f:01:2e:d8:66:df:1f:4f:54:0a:
                    93:b1:d1:6a:8b:ef:d3:8c:29:55:d8:19:a9:84:5e:
                    07:71:1d:7b:d0:21:d7:96:3a:92:8b:d2:63:19:01:
                    e9:b1:d4:c3:39:77:52:29:6b:90:24:66:46:e3:d8:
                    4b:3c:e8:55:67:d6:f2:78:c8:68:48:54:90:7b:04:
                    44:26:e6:64:75:42:56:b1:63:60:9b:cf:ab:a6:0f:
                    e9:b2:88:db:b9:16:d8:f8:12:db:10:9c:45:10:49:
                    50:42:1c:0d:17:d6:06:d8:6f:eb:30:c1:90:04:4f:
                    d1:d3:c9:4b:c3:87:12:44:7f:14:3b:0a:6e:b3:6b:
                    71:5f:8a:cd:26:57:c8:77:27:bc:bc:20:81:fa:b0:
                    1b:b0:25:fa:cb:62:67:00:4c:d1:de:15:52:4a:81:
                    af:4f:08:2b:c8:8f:ed:f9:be:00:f0:85:1b:86:86:
                    db:e7:4a:85:67:84:86:5b:b8:10:61:07:1a:08:02:
                    0a:6e:52:45:30:91:54:1a:da:06:13:53:d0:21:ee:
                    a2:6c:ce:aa:ed:88:e4:9f:a7:cc:bd:a6:b0:e2:61:
                    09:73:ea:1a:1c:fd:03:6d:69:93:26:3e:89:d6:09:
                    ae:55:69:71:03:17:74:7a:c4:c3:12:11:72:1b:ad:
                    a9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:79:E4:BB:79:7D:45:69:3C:FC:3C:02:B3:8E:8D:F9:50:A2:47:55
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:6b:b7:ec:6c:00:59:1f:03:d2:84:97:6e:48:ca:bd:79:2d:
         22:d4:b4:91:41:cf:7a:22:d8:70:b9:8c:86:96:05:ee:93:3a:
         c2:d5:3f:e9:60:0e:3d:b4:c1:9e:25:a0:c3:62:d2:a9:bf:3e:
         f8:92:db:80:f8:26:74:74:4c:1a:1a:2d:29:c5:b8:bc:ba:63:
         4a:0f:ed:ce:5d:75:8f:b6:d2:49:da:f1:92:a3:58:75:ad:8f:
         36:f6:45:59:45:4f:86:b9:b6:f2:d0:da:72:05:bf:94:c2:13:
         fa:c5:b2:e0:ee:d2:bc:d3:56:8d:25:28:b4:7f:11:f9:ec:5c:
         28:24:af:8f:c9:d9:b2:36:95:72:fa:19:de:9b:35:46:5c:73:
         c0:26:13:34:38:3c:0e:dc:7b:61:a4:54:6c:03:6d:05:30:f8:
         94:d7:a0:8b:bd:53:a8:5a:df:31:34:29:1a:75:08:4d:ec:af:
         1d:2c:b7:c6:65:55:c4:97:22:ab:f1:1b:7c:3e:9e:a1:b4:8e:
         25:a1:68:8b:47:df:26:e9:aa:e0:de:41:37:3a:8c:44:30:5f:
         5b:b4:c7:ae:e5:b7:17:0e:21:7e:e3:b9:09:f4:6f:b6:c7:f1:
         c7:7a:eb:a4:8f:59:77:78:18:f6:2d:d3:ba:57:a3:61:8b:be:
         6e:92:e8:7d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMe5JSAhw4OY3C++cgigwg/leQO0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA2MDMxNDAwMThaFw0yNTA2MDIxNDA1MThaMDMxMTAvBgNV
BAMTKDEwNzlFNEJCNzk3RDQ1NjkzQ0ZDM0MwMkIzOEU4REY5NTBBMjQ3NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY9RGdfwEu2GbfH09UCpOx0WqL
79OMKVXYGamEXgdxHXvQIdeWOpKL0mMZAemx1MM5d1Ipa5AkZkbj2Es86FVn1vJ4
yGhIVJB7BEQm5mR1QlaxY2Cbz6umD+myiNu5Ftj4EtsQnEUQSVBCHA0X1gbYb+sw
wZAET9HTyUvDhxJEfxQ7Cm6za3Ffis0mV8h3J7y8IIH6sBuwJfrLYmcATNHeFVJK
ga9PCCvIj+35vgDwhRuGhtvnSoVnhIZbuBBhBxoIAgpuUkUwkVQa2gYTU9Ah7qJs
zqrtiOSfp8y9prDiYQlz6hoc/QNtaZMmPonWCa5VaXEDF3R6xMMSEXIbralHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEHnku3l9RWk8/DwCs46N+VCiR1UwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAA1rt+xsAFkfA9KEl25Iyr15LSLUtJFBz3oi2HC5
jIaWBe6TOsLVP+lgDj20wZ4loMNi0qm/PviS24D4JnR0TBoaLSnFuLy6Y0oP7c5d
dY+20kna8ZKjWHWtjzb2RVlFT4a5tvLQ2nIFv5TCE/rFsuDu0rzTVo0lKLR/Efns
XCgkr4/J2bI2lXL6Gd6bNUZcc8AmEzQ4PA7ce2GkVGwDbQUw+JTXoIu9U6ha3zE0
KRp1CE3srx0st8ZlVcSXIqvxG3w+nqG0jiWhaItH3ybpquDeQTc6jEQwX1u0x67l
txcOIX7juQn0b7bH8cd666SPWXd4GPYt07pXo2GLvm6S6H0=
-----END CERTIFICATE-----