Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323133373931.roa
File:                     322e35382e38342e302f32342d3234203d3e20323133373931.roa (raw, json)
Hash identifier:          GP7G3iKZS0eBPTwu6D554rUd6n3xCyAeAvzjRiXprSw=
Subject key identifier:   40:33:3C:34:D5:A9:DE:F1:66:5D:93:A8:C5:A2:8B:36:F7:7E:E3:55
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       1AAEF21827D94B70038E911B1DD208F5C6437A19
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323133373931.roa
Signing time:             Wed 04 Mar 2026 21:39:26 +0000
ROA not before:           Wed 04 Mar 2026 21:34:26 +0000
ROA not after:            Wed 03 Mar 2027 21:39:26 +0000
asID:                     213791
IP address blocks:        2.58.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 19:55:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:ae:f2:18:27:d9:4b:70:03:8e:91:1b:1d:d2:08:f5:c6:43:7a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Mar  4 21:34:26 2026 GMT
            Not After : Mar  3 21:39:26 2027 GMT
        Subject: CN=40333C34D5A9DEF1665D93A8C5A28B36F77EE355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:09:64:49:01:ad:d4:7a:51:d7:a1:61:96:5a:
                    ae:80:4a:6a:c0:90:cb:5f:d7:9e:3a:28:75:ad:0f:
                    0c:37:c7:77:e5:38:3f:44:cb:3a:b7:4e:3e:f9:51:
                    af:80:ab:ef:0f:d9:8b:f7:a8:89:86:ba:f5:de:10:
                    59:eb:0f:ce:85:c4:e6:57:27:9b:0d:86:1e:18:43:
                    61:0b:d0:54:c7:a6:5a:31:81:82:84:87:4d:8b:6d:
                    78:04:68:f8:e2:ff:26:e1:23:e8:19:22:d2:1e:2b:
                    68:ed:a5:b3:5e:5a:43:3d:ab:6a:ec:ed:3d:1f:8a:
                    1c:dd:7c:bf:30:00:86:58:98:f6:0e:3c:b6:b1:a6:
                    82:98:6a:a5:60:29:aa:b4:26:50:f4:a3:1b:54:cf:
                    62:fb:d5:0a:43:4d:8c:7c:82:8f:c1:47:d9:45:ef:
                    8c:99:01:cd:cf:c5:4b:45:d3:55:19:7e:8a:a5:5c:
                    d6:11:81:6f:d7:cb:c3:76:72:2c:74:71:22:91:16:
                    f1:56:35:c9:d0:dc:19:c5:75:8d:4f:41:74:a0:63:
                    c1:fc:1a:b2:90:20:e9:9b:95:59:c2:4f:7a:a4:08:
                    77:1e:69:2d:86:39:fc:c0:54:7c:a3:fc:ff:1e:a6:
                    93:aa:0e:07:52:b3:89:cc:40:8c:16:eb:59:83:de:
                    f0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:33:3C:34:D5:A9:DE:F1:66:5D:93:A8:C5:A2:8B:36:F7:7E:E3:55
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323133373931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:67:a2:b1:19:8d:6e:99:82:25:c4:60:49:e3:01:cd:fe:3a:
         04:5b:2f:cb:ee:e6:c2:46:70:2d:ff:be:23:02:2d:9e:69:3b:
         4b:b1:d2:b6:da:ff:f4:b4:9e:20:75:08:aa:b5:ea:bb:6a:f6:
         26:c5:cc:78:67:44:be:3b:43:89:ba:7d:fb:f6:0e:55:91:5a:
         3e:ea:2f:c8:30:f8:30:73:e4:0d:87:4e:8a:9c:f0:b0:c0:e4:
         11:c7:10:0c:3e:ff:3e:f8:96:84:4b:5d:ea:d6:c2:a1:04:f6:
         76:48:64:8e:2d:16:af:ba:5c:ba:f8:4f:de:11:db:3e:d7:97:
         90:bd:f4:9f:25:8e:33:5f:99:e6:7e:45:fa:f4:83:55:6d:03:
         5c:ec:fa:10:9a:31:f5:39:90:11:7f:8f:52:ee:00:a8:98:09:
         0d:3a:12:3f:13:9b:31:38:c2:04:dd:75:3d:80:19:46:28:d1:
         ec:d6:ba:7a:09:a5:58:d2:d6:36:09:c5:ec:4c:76:35:e7:61:
         be:95:5a:72:dd:bd:a6:f5:08:6d:22:29:9e:ac:07:94:0d:fc:
         7b:6a:21:77:c0:9c:16:69:24:bb:4f:21:8e:34:b5:0f:99:5f:
         2e:17:21:f1:c2:4e:d2:67:fc:c1:64:e7:20:74:b7:17:a9:0a:
         88:9d:eb:3e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGq7yGCfZS3ADjpEbHdII9cZDehkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjAzMDQyMTM0MjZaFw0yNzAzMDMyMTM5MjZaMDMxMTAvBgNV
BAMTKDQwMzMzQzM0RDVBOURFRjE2NjVEOTNBOEM1QTI4QjM2Rjc3RUUzNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzCWRJAa3UelHXoWGWWq6ASmrA
kMtf1546KHWtDww3x3flOD9Eyzq3Tj75Ua+Aq+8P2Yv3qImGuvXeEFnrD86FxOZX
J5sNhh4YQ2EL0FTHploxgYKEh02LbXgEaPji/ybhI+gZItIeK2jtpbNeWkM9q2rs
7T0fihzdfL8wAIZYmPYOPLaxpoKYaqVgKaq0JlD0oxtUz2L71QpDTYx8go/BR9lF
74yZAc3PxUtF01UZfoqlXNYRgW/Xy8N2cix0cSKRFvFWNcnQ3BnFdY1PQXSgY8H8
GrKQIOmblVnCT3qkCHceaS2GOfzAVHyj/P8eppOqDgdSs4nMQIwW61mD3vD7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQDM8NNWp3vFmXZOoxaKLNvd+41UwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzMzNzM5MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlQw
DQYJKoZIhvcNAQELBQADggEBAE1norEZjW6ZgiXEYEnjAc3+OgRbL8vu5sJGcC3/
viMCLZ5pO0ux0rba//S0niB1CKq16rtq9ibFzHhnRL47Q4m6ffv2DlWRWj7qL8gw
+DBz5A2HToqc8LDA5BHHEAw+/z74loRLXerWwqEE9nZIZI4tFq+6XLr4T94R2z7X
l5C99J8ljjNfmeZ+Rfr0g1VtA1zs+hCaMfU5kBF/j1LuAKiYCQ06Ej8TmzE4wgTd
dT2AGUYo0ezWunoJpVjS1jYJxexMdjXnYb6VWnLdvab1CG0iKZ6sB5QN/HtqIXfA
nBZpJLtPIY40tQ+ZXy4XIfHCTtJn/MFk5yB0txepCoid6z4=
-----END CERTIFICATE-----