Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20383334.roa
File:                     322e35382e38342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          AgVdwhcnHIHcJ0o/zH1X4VKB+ihq/iXI4jqEIG4ks+I=
Subject key identifier:   A3:FE:A2:74:F8:77:47:B0:A2:06:CE:DF:DA:8C:F6:AF:2D:9C:9D:FE
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       653C862BCBF12F445639729460BCE1A1705D1A69
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20383334.roa
Signing time:             Thu 13 Jun 2024 10:08:00 +0000
ROA not before:           Thu 13 Jun 2024 10:03:00 +0000
ROA not after:            Thu 12 Jun 2025 10:08:00 +0000
asID:                     834
IP address blocks:        2.58.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:3c:86:2b:cb:f1:2f:44:56:39:72:94:60:bc:e1:a1:70:5d:1a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun 13 10:03:00 2024 GMT
            Not After : Jun 12 10:08:00 2025 GMT
        Subject: CN=A3FEA274F87747B0A206CEDFDA8CF6AF2D9C9DFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2f:9a:b6:de:ee:ea:9c:ba:b0:dc:01:d7:bf:
                    79:26:0e:38:4a:4a:46:40:83:95:98:11:8c:a3:85:
                    41:2e:1c:51:48:52:8f:59:5f:c3:34:73:75:3f:db:
                    e7:c4:e9:cc:81:f2:f3:23:d7:74:1f:b0:56:62:b9:
                    e1:f1:cf:ac:76:98:83:40:27:0d:31:87:d0:ac:ba:
                    fc:a0:b1:93:1a:17:95:5c:62:9d:ef:64:df:37:96:
                    df:a0:72:b3:16:bf:54:49:1a:33:75:b6:7a:18:8c:
                    b8:19:1f:79:3b:cb:23:e5:71:08:ee:48:98:83:3c:
                    2b:ff:b6:6d:9e:f7:50:1c:a4:ea:50:54:09:45:5f:
                    25:54:6a:5b:32:2f:b7:99:e1:f1:dc:1d:fe:8f:cb:
                    09:4d:dd:74:98:01:ff:2b:ce:73:cf:35:20:ee:9c:
                    21:ed:96:d7:2c:ff:c7:d6:17:3f:42:69:de:f1:39:
                    08:96:e7:f4:9b:20:d1:f7:02:f4:a2:a6:31:ad:d3:
                    22:78:e3:32:2d:1a:0d:45:63:74:94:20:17:2f:c2:
                    07:66:1d:59:f0:c2:05:80:c9:1f:34:b2:ba:c9:b6:
                    3d:29:7e:4e:c0:7b:99:08:70:9d:8c:ce:94:7f:4e:
                    93:2f:ce:45:d9:8f:f9:2d:5b:cb:6d:4c:b9:b5:61:
                    28:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FE:A2:74:F8:77:47:B0:A2:06:CE:DF:DA:8C:F6:AF:2D:9C:9D:FE
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:79:67:72:7b:4d:c4:b4:9b:5c:96:cd:0b:12:a9:af:c8:af:
         72:3e:c4:e3:75:0a:da:ed:f6:0a:b3:c4:1f:35:2b:fa:07:27:
         9e:9f:7a:bc:c9:eb:c0:ba:a0:3e:75:93:5e:5e:c2:7d:c5:08:
         f8:7c:2c:f2:e0:81:6a:7f:d2:f2:95:df:73:9f:80:ef:e9:ce:
         3a:e0:b9:9a:47:13:0e:3c:f8:ca:33:23:ad:c9:8b:88:0c:b6:
         6d:6a:0f:50:8f:5d:3a:2d:68:da:81:0d:20:52:8d:5d:60:ec:
         b2:28:23:e7:3a:0a:ec:8f:0c:70:6d:d7:15:05:53:1f:42:ac:
         43:32:a8:24:8e:05:10:a6:52:2b:ef:b2:1d:75:66:59:28:ba:
         10:54:50:a6:ad:24:63:e4:9c:32:c0:68:42:81:43:08:96:af:
         d6:f9:52:0a:38:e3:45:cd:59:a5:11:11:1e:de:45:eb:6b:e7:
         a9:a4:4c:92:ec:b4:42:52:69:3a:35:f9:3a:28:cf:d9:75:21:
         c4:c1:fe:7b:92:7b:81:20:58:b9:b0:6b:dd:cf:74:72:67:ea:
         49:18:e1:74:0b:ee:75:1a:70:1b:29:1c:e8:6e:dd:ec:53:e4:
         6f:13:9f:28:6a:8f:e5:fb:a9:56:24:97:05:27:7d:6c:b2:33:
         c3:65:10:83
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUZTyGK8vxL0RWOXKUYLzhoXBdGmkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MTMxMDAzMDBaFw0yNTA2MTIxMDA4MDBaMDMxMTAvBgNV
BAMTKEEzRkVBMjc0Rjg3NzQ3QjBBMjA2Q0VERkRBOENGNkFGMkQ5QzlERkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPL5q23u7qnLqw3AHXv3kmDjhK
SkZAg5WYEYyjhUEuHFFIUo9ZX8M0c3U/2+fE6cyB8vMj13QfsFZiueHxz6x2mINA
Jw0xh9CsuvygsZMaF5VcYp3vZN83lt+gcrMWv1RJGjN1tnoYjLgZH3k7yyPlcQju
SJiDPCv/tm2e91AcpOpQVAlFXyVUalsyL7eZ4fHcHf6PywlN3XSYAf8rznPPNSDu
nCHtltcs/8fWFz9Cad7xOQiW5/SbINH3AvSipjGt0yJ44zItGg1FY3SUIBcvwgdm
HVnwwgWAyR80srrJtj0pfk7Ae5kIcJ2MzpR/TpMvzkXZj/ktW8ttTLm1YSjHAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUo/6idPh3R7CiBs7f2oz2ry2cnf4wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlQwDQYJKoZI
hvcNAQELBQADggEBAC95Z3J7TcS0m1yWzQsSqa/Ir3I+xON1Ctrt9gqzxB81K/oH
J56ferzJ68C6oD51k15ewn3FCPh8LPLggWp/0vKV33OfgO/pzjrguZpHEw48+Moz
I63Ji4gMtm1qD1CPXTotaNqBDSBSjV1g7LIoI+c6CuyPDHBt1xUFUx9CrEMyqCSO
BRCmUivvsh11ZlkouhBUUKatJGPknDLAaEKBQwiWr9b5Ugo440XNWaURER7eRetr
56mkTJLstEJSaTo1+Tooz9l1IcTB/nuSe4EgWLmwa93PdHJn6kkY4XQL7nUacBsp
HOhu3exT5G8Tnyhqj+X7qVYklwUnfWyyM8NlEIM=
-----END CERTIFICATE-----