Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e203437343336.roa
File:                     322e35382e38352e302f32342d3234203d3e203437343336.roa (raw, json)
Hash identifier:          fqA71PdlXOG8fkrThemWoyT9EUV8aS4x85zKtL1ncVo=
Subject key identifier:   45:0F:5D:66:F8:CE:17:37:F2:2B:A5:DB:A6:00:F1:BE:56:1E:7E:6B
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       237103600B266F3329FF6F31B8BEF19136A98E88
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e203437343336.roa
Signing time:             Thu 06 Jun 2024 15:56:51 +0000
ROA not before:           Thu 06 Jun 2024 15:51:51 +0000
ROA not after:            Thu 05 Jun 2025 15:56:51 +0000
asID:                     47436
IP address blocks:        2.58.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:71:03:60:0b:26:6f:33:29:ff:6f:31:b8:be:f1:91:36:a9:8e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 15:51:51 2024 GMT
            Not After : Jun  5 15:56:51 2025 GMT
        Subject: CN=450F5D66F8CE1737F22BA5DBA600F1BE561E7E6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:52:31:7c:e5:8c:bb:2f:8a:eb:88:5a:4a:77:
                    d8:8e:81:ea:a4:08:f9:de:63:87:8c:64:84:58:fa:
                    cc:ef:be:98:0e:70:c0:2f:5c:1a:ab:ac:76:74:a4:
                    4f:d2:cb:b9:01:c1:93:d5:28:84:44:08:cb:e7:02:
                    f0:8d:01:84:db:61:13:cb:58:c2:96:42:5b:bf:a2:
                    53:f1:f7:f3:ad:b0:ee:71:cc:21:b4:79:bd:fa:5d:
                    8e:a7:d6:91:68:c2:2b:c9:33:c6:e9:05:25:6d:05:
                    3d:08:6e:27:c5:46:b6:9d:c7:37:87:db:42:cf:86:
                    cc:70:33:74:3e:0f:ab:ca:3c:3f:e0:61:6a:62:a7:
                    c5:5f:a9:d9:71:50:1d:74:26:9e:c5:f1:c9:0f:ec:
                    46:ff:d6:a3:53:5e:78:0c:2d:67:84:3a:60:97:8f:
                    df:fc:ee:00:40:fd:a8:4b:6f:6e:b4:c8:5f:cc:30:
                    89:1c:5e:05:fc:4e:ab:92:9b:56:eb:24:28:30:6a:
                    1c:9d:49:21:1e:e0:9c:09:6f:55:63:b6:42:0b:57:
                    f4:8a:38:0b:e0:37:7e:6a:8c:f8:c6:79:48:05:e9:
                    fc:58:ca:fc:66:e4:0b:f7:31:79:86:9a:0f:8f:b2:
                    06:a9:60:41:81:4a:7e:77:87:77:93:0e:77:f5:66:
                    35:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0F:5D:66:F8:CE:17:37:F2:2B:A5:DB:A6:00:F1:BE:56:1E:7E:6B
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e203437343336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:07:cb:ab:f0:b8:fa:95:4e:3d:a0:1c:c8:85:2f:c3:bb:c8:
         5f:b6:54:8c:02:8e:52:f8:e5:d8:29:31:da:84:a6:2c:34:39:
         8a:fc:b0:5a:6d:5d:a5:eb:46:84:54:be:27:53:d6:c9:21:bc:
         04:cd:eb:ad:8c:d4:50:a3:60:77:b1:91:7c:83:7c:34:f5:01:
         bd:59:d1:4d:47:33:0b:6e:fb:9f:ad:5f:c4:cb:c3:dc:26:52:
         8f:3f:db:73:b0:87:8a:7e:c3:88:16:2a:36:06:c6:37:a7:bb:
         5e:90:9b:2f:09:5a:e0:39:38:e7:bd:ec:59:d3:4f:49:22:d2:
         74:e3:b3:3c:78:51:fc:48:81:1f:45:f2:5b:32:69:3a:1f:39:
         03:c4:47:80:52:b3:c1:88:0b:7e:00:c6:4e:6f:bb:be:c6:9d:
         9d:1e:00:df:00:db:30:15:49:95:e7:e3:52:94:a7:53:dd:da:
         ed:b8:17:b9:2b:b1:2c:b7:d8:1c:bf:44:19:08:7b:36:f0:91:
         53:97:c5:43:00:42:26:a5:e9:49:df:7f:3c:09:e9:64:d8:4b:
         58:a6:63:80:18:7f:61:3c:99:fb:7b:31:77:79:08:a2:c8:ce:
         51:5d:f5:95:d2:22:e2:33:28:9a:51:23:ac:8d:5a:e1:bf:37:
         21:e9:07:a1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUI3EDYAsmbzMp/28xuL7xkTapjogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNTUxNTFaFw0yNTA2MDUxNTU2NTFaMDMxMTAvBgNV
BAMTKDQ1MEY1RDY2RjhDRTE3MzdGMjJCQTVEQkE2MDBGMUJFNTYxRTdFNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgUjF85Yy7L4rriFpKd9iOgeqk
CPneY4eMZIRY+szvvpgOcMAvXBqrrHZ0pE/Sy7kBwZPVKIRECMvnAvCNAYTbYRPL
WMKWQlu/olPx9/OtsO5xzCG0eb36XY6n1pFowivJM8bpBSVtBT0IbifFRradxzeH
20LPhsxwM3Q+D6vKPD/gYWpip8VfqdlxUB10Jp7F8ckP7Eb/1qNTXngMLWeEOmCX
j9/87gBA/ahLb260yF/MMIkcXgX8TquSm1brJCgwahydSSEe4JwJb1VjtkILV/SK
OAvgN35qjPjGeUgF6fxYyvxm5Av3MXmGmg+PsgapYEGBSn53h3eTDnf1ZjV3AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQURQ9dZvjOFzfyK6XbpgDxvlYefmswHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM3MzQzMzM2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpVMA0G
CSqGSIb3DQEBCwUAA4IBAQB2B8ur8Lj6lU49oBzIhS/Du8hftlSMAo5S+OXYKTHa
hKYsNDmK/LBabV2l60aEVL4nU9bJIbwEzeutjNRQo2B3sZF8g3w09QG9WdFNRzML
bvufrV/Ey8PcJlKPP9tzsIeKfsOIFio2BsY3p7tekJsvCVrgOTjnvexZ009JItJ0
47M8eFH8SIEfRfJbMmk6HzkDxEeAUrPBiAt+AMZOb7u+xp2dHgDfANswFUmV5+NS
lKdT3drtuBe5K7Est9gcv0QZCHs28JFTl8VDAEImpelJ3388Celk2EtYpmOAGH9h
PJn7ezF3eQiiyM5RXfWV0iLiMyiaUSOsjVrhvzch6Qeh
-----END CERTIFICATE-----