Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38372e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          /1aZYnPXFsidrkO7zcZbEz+dvZdrcm8iqP3GgJ5LX54=
Subject key identifier:   E4:73:ED:00:46:1C:8E:F6:97:53:0A:1F:B3:D7:31:CC:90:D1:12:34
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       1BDFC3A4C82DED70EBF41BDCD4E4D9707ED5B41C
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
Signing time:             Mon 03 Jul 2023 13:19:14 +0000
ROA not before:           Mon 03 Jul 2023 13:14:14 +0000
ROA not after:            Mon 01 Jul 2024 13:19:14 +0000
asID:                     142111
IP address blocks:        2.58.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:df:c3:a4:c8:2d:ed:70:eb:f4:1b:dc:d4:e4:d9:70:7e:d5:b4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Jul  3 13:14:14 2023 GMT
            Not After : Jul  1 13:19:14 2024 GMT
        Subject: CN=E473ED00461C8EF697530A1FB3D731CC90D11234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:be:7d:f0:c6:73:19:9b:6a:57:9a:6e:1a:19:
                    91:bc:27:c5:d0:2b:34:28:1c:92:a9:b6:02:4c:ec:
                    0d:2a:cf:e4:47:8d:d7:5e:ea:58:d9:67:04:30:07:
                    2b:61:32:b8:72:22:f9:b3:97:81:c3:d8:72:7f:e8:
                    76:4a:b9:0d:bf:3b:97:10:c2:ac:63:8e:8a:fb:fd:
                    cd:8e:8b:cd:0e:d6:5c:1c:32:57:da:e7:29:c9:2e:
                    46:d5:36:b3:36:d6:de:de:ef:68:a4:d7:db:39:65:
                    94:eb:c0:0f:4c:5b:e9:8c:b8:05:78:01:a6:a2:91:
                    4e:75:6e:65:ff:da:7e:85:a5:06:76:15:b2:16:8a:
                    87:8c:44:b1:48:f7:13:8f:b8:d5:be:86:e6:5d:73:
                    86:8f:b9:63:1b:5e:d4:74:dd:41:51:ae:fe:fa:90:
                    01:4d:c8:58:96:67:a8:b4:c3:ff:fc:5b:c4:85:a6:
                    b7:dc:8d:b7:60:23:c8:ac:16:1c:b4:07:b5:a1:14:
                    a8:41:6e:53:be:59:36:27:ff:da:df:07:39:c8:bc:
                    be:34:da:be:3c:99:ea:79:f4:a4:fb:5d:41:4a:76:
                    dd:c6:c3:af:79:a9:a9:77:8e:e0:cc:6e:30:02:61:
                    d6:fa:a9:86:4c:73:5b:44:cb:a8:e6:f3:5e:b2:df:
                    f5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:73:ED:00:46:1C:8E:F6:97:53:0A:1F:B3:D7:31:CC:90:D1:12:34
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:40:cd:43:30:40:f1:7b:1c:ac:f6:15:e9:58:72:b7:9e:4b:
         75:18:bb:19:2b:65:1d:a1:98:c2:75:0a:56:c7:c8:17:2f:a9:
         7d:dd:a0:d7:24:d8:8f:2c:67:ca:e7:e8:93:6d:31:6a:08:8d:
         c9:20:9d:df:33:90:fe:b0:4b:02:24:44:10:dd:4e:95:ca:95:
         f5:f2:0e:bb:aa:15:99:90:9c:0c:b5:87:37:35:80:85:96:2f:
         63:09:ad:83:50:e1:d1:01:44:60:67:2f:1d:13:bc:e9:df:70:
         83:b8:9f:81:64:c4:64:59:2b:5c:6c:d4:5b:ce:0f:e6:2a:fc:
         53:18:e2:f3:a4:50:6b:fc:cf:c8:d5:e1:4e:ef:8f:34:d9:7b:
         3c:d4:c3:02:84:d3:ce:f1:fd:6f:5a:3d:88:70:f7:24:22:31:
         59:77:b3:7c:f2:a5:4f:98:63:88:18:48:c7:88:20:cc:a0:fb:
         fb:ce:a2:66:18:ab:fe:13:bb:f0:af:02:e3:90:0f:24:0e:4e:
         6c:21:8f:99:ee:c6:10:51:ec:a3:40:49:69:fa:7b:55:48:a5:
         79:84:96:3a:6f:39:93:aa:48:2c:53:c2:d6:64:e2:18:b8:81:
         5a:25:9c:20:da:ce:b0:a9:af:ce:39:da:11:a1:b6:5f:bd:9a:
         40:33:f9:90
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUG9/DpMgt7XDr9Bvc1OTZcH7VtBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yMzA3MDMxMzE0MTRaFw0yNDA3MDExMzE5MTRaMDMxMTAvBgNV
BAMTKEU0NzNFRDAwNDYxQzhFRjY5NzUzMEExRkIzRDczMUNDOTBEMTEyMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5vn3wxnMZm2pXmm4aGZG8J8XQ
KzQoHJKptgJM7A0qz+RHjdde6ljZZwQwBythMrhyIvmzl4HD2HJ/6HZKuQ2/O5cQ
wqxjjor7/c2Oi80O1lwcMlfa5ynJLkbVNrM21t7e72ik19s5ZZTrwA9MW+mMuAV4
AaaikU51bmX/2n6FpQZ2FbIWioeMRLFI9xOPuNW+huZdc4aPuWMbXtR03UFRrv76
kAFNyFiWZ6i0w//8W8SFprfcjbdgI8isFhy0B7WhFKhBblO+WTYn/9rfBznIvL40
2r48mep59KT7XUFKdt3Gw695qal3juDMbjACYdb6qYZMc1tEy6jm816y3/X9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU5HPtAEYcjvaXUwofs9cxzJDREjQwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAD9AzUMwQPF7HKz2FelYcreeS3UYuxkrZR2hmMJ1
ClbHyBcvqX3doNck2I8sZ8rn6JNtMWoIjckgnd8zkP6wSwIkRBDdTpXKlfXyDruq
FZmQnAy1hzc1gIWWL2MJrYNQ4dEBRGBnLx0TvOnfcIO4n4FkxGRZK1xs1FvOD+Yq
/FMY4vOkUGv8z8jV4U7vjzTZezzUwwKE087x/W9aPYhw9yQiMVl3s3zypU+YY4gY
SMeIIMyg+/vOomYYq/4Tu/CvAuOQDyQOTmwhj5nuxhBR7KNASWn6e1VIpXmEljpv
OZOqSCxTwtZk4hi4gVolnCDazrCpr8452hGhtl+9mkAz+ZA=
-----END CERTIFICATE-----