Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa
File:                     322e35382e38352e302f32342d3234203d3e20323031333634.roa (raw, json)
Hash identifier:          Z7CGoOxmV/FvC6Lxzfgi1yiH0QlQzaQf4sHgejVdqLE=
Subject key identifier:   A4:29:EF:32:71:6D:77:6D:60:E3:5D:3C:BC:40:10:D1:D2:C5:CC:F7
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       5533BF12B2329F099D4F634BE3C75BF10C663E91
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa
Signing time:             Thu 06 Jun 2024 16:28:02 +0000
ROA not before:           Thu 06 Jun 2024 16:23:02 +0000
ROA not after:            Thu 05 Jun 2025 16:28:02 +0000
asID:                     201364
IP address blocks:        2.58.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:33:bf:12:b2:32:9f:09:9d:4f:63:4b:e3:c7:5b:f1:0c:66:3e:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:23:02 2024 GMT
            Not After : Jun  5 16:28:02 2025 GMT
        Subject: CN=A429EF32716D776D60E35D3CBC4010D1D2C5CCF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:aa:97:67:c8:cf:d4:c2:e8:25:a6:7d:28:b9:
                    46:61:b5:dd:1f:16:5c:ce:a4:7e:4e:d9:99:4f:7b:
                    f5:d7:55:7b:f8:a6:24:ec:43:85:a5:1f:08:d6:7f:
                    08:ca:2b:fe:d8:76:cc:d6:66:41:04:50:0e:ec:00:
                    44:65:62:2a:c1:28:b1:a1:53:64:dc:54:92:82:bd:
                    a3:32:53:98:c0:e3:f4:56:10:97:8e:96:72:a7:64:
                    60:ed:7f:fa:9d:ee:ea:d1:d0:90:4e:33:89:a4:13:
                    12:bf:bb:03:75:e1:20:29:70:98:40:29:d5:9c:49:
                    3a:f6:e7:1a:fc:26:99:54:eb:5e:d0:7d:18:08:47:
                    a5:87:8c:21:c5:a6:bb:16:3c:4c:8a:6b:bc:42:3d:
                    c9:9e:fe:0e:3c:d9:a2:a0:99:92:ee:54:c6:56:a9:
                    50:6e:b7:1c:33:30:80:c4:24:17:8d:2d:de:de:77:
                    91:63:02:aa:a3:62:0d:69:c5:39:4c:8d:0d:53:d7:
                    0d:ef:de:07:b4:ab:b5:78:ac:53:b2:37:94:a7:77:
                    a4:a4:2f:57:08:e4:be:54:cf:44:90:f2:d8:bc:c4:
                    29:3e:74:42:a4:00:45:73:c0:6b:bf:28:30:fb:fa:
                    f2:18:6f:eb:e6:04:c6:11:61:f3:41:31:fd:24:bf:
                    70:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:29:EF:32:71:6D:77:6D:60:E3:5D:3C:BC:40:10:D1:D2:C5:CC:F7
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a7:7c:1c:d5:af:2e:e9:02:c2:73:5d:7f:ef:96:bc:f6:4b:
         90:ab:65:b7:0d:3f:51:49:11:2a:9a:f5:a9:c1:3d:d7:e2:fa:
         b0:93:09:cc:97:86:b1:15:02:63:36:54:b1:d0:8b:a5:2e:36:
         a2:e4:67:00:48:86:46:31:f1:f8:50:52:e3:19:87:b4:05:55:
         0c:4c:a1:69:e3:b7:ae:d8:c2:8a:2d:3d:ee:c5:82:23:f3:b3:
         30:32:2b:31:37:8c:ea:ca:b3:ba:f5:da:4b:d8:12:91:97:0c:
         45:37:8d:77:18:27:0d:03:d1:0e:78:d1:24:93:25:30:fa:95:
         80:2b:14:c3:6a:18:a6:0e:f8:7e:71:bb:f9:c0:a6:ec:fc:98:
         6d:8f:cf:2e:63:aa:cc:85:2e:cb:bd:98:6a:5a:20:f7:12:f3:
         6c:2f:7d:30:f5:e8:bb:a9:31:62:79:1d:d7:9b:71:b1:39:41:
         2e:69:79:38:a2:61:f9:43:75:0a:53:37:22:36:f7:ae:62:05:
         c3:ea:1f:9d:13:75:82:56:3d:9a:f9:8a:f4:17:5c:e1:95:8c:
         fa:01:79:78:42:f5:f9:ad:9f:a6:19:e0:cc:d8:b1:9c:24:01:
         8f:2f:30:03:f4:59:9d:e4:dd:a1:ac:57:2f:00:6e:0e:2e:eb:
         84:99:6a:70
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVTO/ErIynwmdT2NL48db8QxmPpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjIzMDJaFw0yNTA2MDUxNjI4MDJaMDMxMTAvBgNV
BAMTKEE0MjlFRjMyNzE2RDc3NkQ2MEUzNUQzQ0JDNDAxMEQxRDJDNUNDRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYqpdnyM/Uwuglpn0ouUZhtd0f
FlzOpH5O2ZlPe/XXVXv4piTsQ4WlHwjWfwjKK/7YdszWZkEEUA7sAERlYirBKLGh
U2TcVJKCvaMyU5jA4/RWEJeOlnKnZGDtf/qd7urR0JBOM4mkExK/uwN14SApcJhA
KdWcSTr25xr8JplU617QfRgIR6WHjCHFprsWPEyKa7xCPcme/g482aKgmZLuVMZW
qVButxwzMIDEJBeNLd7ed5FjAqqjYg1pxTlMjQ1T1w3v3ge0q7V4rFOyN5Snd6Sk
L1cI5L5Uz0SQ8ti8xCk+dEKkAEVzwGu/KDD7+vIYb+vmBMYRYfNBMf0kv3ALAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUpCnvMnFtd21g4108vEAQ0dLFzPcwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlUw
DQYJKoZIhvcNAQELBQADggEBAIunfBzVry7pAsJzXX/vlrz2S5CrZbcNP1FJESqa
9anBPdfi+rCTCcyXhrEVAmM2VLHQi6UuNqLkZwBIhkYx8fhQUuMZh7QFVQxMoWnj
t67YwootPe7FgiPzszAyKzE3jOrKs7r12kvYEpGXDEU3jXcYJw0D0Q540SSTJTD6
lYArFMNqGKYO+H5xu/nApuz8mG2Pzy5jqsyFLsu9mGpaIPcS82wvfTD16LupMWJ5
HdebcbE5QS5peTiiYflDdQpTNyI2965iBcPqH50TdYJWPZr5ivQXXOGVjPoBeXhC
9fmtn6YZ4MzYsZwkAY8vMAP0WZ3k3aGsVy8Abg4u64SZanA=
-----END CERTIFICATE-----