Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
File:                     322e35382e38342e302f32342d3234203d3e20323136323231.roa (raw, json)
Hash identifier:          bQ4XQ3aj1pz8P7l6xuEgKxWN0btTtEF69isGvxNiYW0=
Subject key identifier:   5C:97:74:44:40:08:B0:85:22:A1:F9:22:4F:F6:AE:3B:7C:54:1C:62
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       6E0EA05C7DAA3E169A892D56F0DF11B6EB0D46AF
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
Signing time:             Thu 13 Jun 2024 14:09:39 +0000
ROA not before:           Thu 13 Jun 2024 14:04:39 +0000
ROA not after:            Thu 12 Jun 2025 14:09:39 +0000
asID:                     216221
IP address blocks:        2.58.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:0e:a0:5c:7d:aa:3e:16:9a:89:2d:56:f0:df:11:b6:eb:0d:46:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun 13 14:04:39 2024 GMT
            Not After : Jun 12 14:09:39 2025 GMT
        Subject: CN=5C9774444008B08522A1F9224FF6AE3B7C541C62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a4:3b:4d:c7:2f:e2:c2:3c:90:ac:0f:b5:6b:
                    3b:7d:f8:da:b3:92:7b:1d:54:ef:32:6a:39:7b:64:
                    c1:6d:a8:12:0b:14:5a:8b:39:26:4b:1c:28:e1:a4:
                    c0:aa:d8:06:73:6d:c2:eb:9e:d4:5a:85:77:75:4d:
                    6e:70:67:7e:9f:92:57:eb:db:8e:e8:b5:68:77:0f:
                    3a:e4:37:0d:9f:41:aa:7c:5b:b8:3c:b3:12:2d:3d:
                    f8:8a:30:9a:ad:93:6d:40:c6:8e:41:ba:e9:84:09:
                    76:d6:46:f2:2a:f6:39:f6:eb:2a:f4:91:0b:44:20:
                    e9:f3:0e:7d:7c:92:bc:8f:97:06:2b:f9:4e:04:b4:
                    99:17:e7:01:77:6f:15:8c:f9:bb:93:0c:28:83:76:
                    2c:d1:3d:36:c5:b5:35:07:1b:13:44:f9:62:f1:40:
                    3f:96:80:02:98:b1:88:23:87:d5:8d:d4:f1:68:96:
                    ee:22:a5:d7:7b:28:b6:6d:df:1c:a8:b9:cf:b4:7f:
                    c1:0b:bd:3c:37:91:af:0c:3d:05:e8:c2:0b:75:f9:
                    52:84:dd:ec:ff:e2:9c:7d:4a:14:07:19:38:58:e7:
                    31:31:4d:d0:d4:d3:92:90:f9:00:23:12:2f:06:73:
                    6f:c4:ea:e6:6e:b0:bc:b2:3e:f0:06:96:f4:e8:6c:
                    a4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:97:74:44:40:08:B0:85:22:A1:F9:22:4F:F6:AE:3B:7C:54:1C:62
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:f9:f1:fc:ca:36:45:79:7a:1e:1f:4a:52:25:0b:ca:2c:58:
         e5:cd:bc:3a:a4:cc:06:5c:89:47:a5:15:40:69:4e:c9:fb:92:
         77:42:bf:79:68:f9:65:47:13:f0:d5:7d:e2:bc:80:c9:ff:e2:
         1d:20:34:26:9a:33:d0:ed:5f:a2:87:66:ac:e1:83:0d:a2:13:
         df:96:ad:da:b3:e3:e6:aa:d6:f7:ec:8f:c3:bb:d4:18:3d:59:
         f6:28:3d:2b:cd:88:22:7f:2b:0d:35:6f:5b:d7:5b:ee:b7:f0:
         b4:e6:4a:cc:ee:06:e4:9f:f7:60:38:22:95:28:3a:5c:7b:04:
         19:09:c6:5b:57:4b:8c:a3:9d:a3:d7:28:20:ab:e1:a4:e5:48:
         d1:c5:41:90:c1:da:ef:18:fc:47:69:46:6e:9c:9a:0e:b9:9d:
         24:ef:e9:9b:e7:e6:e8:36:3c:6e:3b:28:a2:05:d7:92:ab:61:
         0c:72:02:8c:32:03:fd:1e:c3:bb:9c:40:b1:cb:a3:30:4f:e0:
         f3:df:9e:76:c7:db:7c:1e:1b:17:57:ba:11:9b:c7:3c:63:77:
         26:a6:99:fa:7c:b4:c9:48:09:f5:a2:cb:c4:cd:b4:ea:31:58:
         41:b7:94:8d:bc:fb:ec:b1:75:64:37:03:82:e5:22:fc:47:fa:
         ac:43:77:2a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbg6gXH2qPhaaiS1W8N8RtusNRq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MTMxNDA0MzlaFw0yNTA2MTIxNDA5MzlaMDMxMTAvBgNV
BAMTKDVDOTc3NDQ0NDAwOEIwODUyMkExRjkyMjRGRjZBRTNCN0M1NDFDNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVpDtNxy/iwjyQrA+1azt9+Nqz
knsdVO8yajl7ZMFtqBILFFqLOSZLHCjhpMCq2AZzbcLrntRahXd1TW5wZ36fklfr
247otWh3DzrkNw2fQap8W7g8sxItPfiKMJqtk21Axo5BuumECXbWRvIq9jn26yr0
kQtEIOnzDn18kryPlwYr+U4EtJkX5wF3bxWM+buTDCiDdizRPTbFtTUHGxNE+WLx
QD+WgAKYsYgjh9WN1PFolu4ipdd7KLZt3xyouc+0f8ELvTw3ka8MPQXowgt1+VKE
3ez/4px9ShQHGThY5zExTdDU05KQ+QAjEi8Gc2/E6uZusLyyPvAGlvTobKTfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUXJd0REAIsIUiofkiT/auO3xUHGIwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlQw
DQYJKoZIhvcNAQELBQADggEBAEr58fzKNkV5eh4fSlIlC8osWOXNvDqkzAZciUel
FUBpTsn7kndCv3lo+WVHE/DVfeK8gMn/4h0gNCaaM9DtX6KHZqzhgw2iE9+Wrdqz
4+aq1vfsj8O71Bg9WfYoPSvNiCJ/Kw01b1vXW+638LTmSszuBuSf92A4IpUoOlx7
BBkJxltXS4yjnaPXKCCr4aTlSNHFQZDB2u8Y/EdpRm6cmg65nSTv6Zvn5ug2PG47
KKIF15KrYQxyAowyA/0ew7ucQLHLozBP4PPfnnbH23weGxdXuhGbxzxjdyammfp8
tMlICfWiy8TNtOoxWEG3lI28++yxdWQ3A4LlIvxH+qxDdyo=
-----END CERTIFICATE-----