Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38362e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          tNsoRZno9g5c4kHPue2BCF3XjEvgFvwq+crngY6j0CE=
Subject key identifier:   15:EA:86:62:AE:25:75:6B:FA:57:42:0C:2E:45:F8:E0:BD:C9:B0:58
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       0CA29991203BE923B19595DAE7B9CF532D4DD5D3
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
Signing time:             Thu 06 Jun 2024 16:23:07 +0000
ROA not before:           Thu 06 Jun 2024 16:18:07 +0000
ROA not after:            Thu 05 Jun 2025 16:23:07 +0000
asID:                     142111
IP address blocks:        2.58.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:a2:99:91:20:3b:e9:23:b1:95:95:da:e7:b9:cf:53:2d:4d:d5:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:18:07 2024 GMT
            Not After : Jun  5 16:23:07 2025 GMT
        Subject: CN=15EA8662AE25756BFA57420C2E45F8E0BDC9B058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:29:b1:ab:87:57:52:7e:36:20:73:9e:26:7a:
                    5a:8a:62:5a:40:78:07:b6:28:c5:ac:87:b3:c7:ed:
                    42:22:4b:d5:18:94:8c:9c:9c:e3:92:82:d2:a0:b9:
                    28:29:59:09:29:81:1b:64:24:44:27:57:91:3c:c2:
                    fd:ae:61:81:7c:5b:6f:ef:1d:a2:e1:b6:73:3e:df:
                    b8:3a:8c:41:4d:40:42:c7:4a:33:19:f5:77:a1:7e:
                    7b:d0:b5:e3:f7:db:37:39:a0:5b:d7:f4:8c:43:0c:
                    08:f4:3b:a7:d9:ae:34:24:7e:4d:33:8c:3a:49:83:
                    ff:ea:10:34:af:a5:d4:1f:51:c7:7b:46:01:3f:12:
                    d6:86:df:28:48:aa:70:79:c5:62:a2:fc:36:3f:15:
                    92:f7:3d:48:ac:e7:5f:0f:27:76:ef:5b:40:99:02:
                    a4:70:57:1f:8f:bc:ab:50:5d:33:8c:33:76:81:de:
                    b3:e1:35:d9:17:b3:e4:73:b1:b5:88:80:6f:ee:78:
                    66:7d:3e:47:80:1f:14:05:f2:f5:0b:81:6d:15:90:
                    e8:25:70:07:de:b2:29:16:b9:db:f0:97:a8:93:7d:
                    1a:81:51:ca:f9:7f:93:ad:22:94:94:67:ab:48:96:
                    b9:81:45:a0:ba:ba:18:13:7d:8c:e7:69:d9:a6:82:
                    42:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:EA:86:62:AE:25:75:6B:FA:57:42:0C:2E:45:F8:E0:BD:C9:B0:58
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:ca:8f:34:f3:6c:30:2d:59:0a:77:80:db:7c:5d:a7:79:85:
         44:32:59:84:be:03:64:6c:30:55:b0:7d:e4:ae:4f:94:96:1a:
         27:e5:75:5a:90:bc:29:4c:e3:c6:dd:37:b6:9a:8b:9e:40:4d:
         a7:b0:27:29:63:93:c4:10:a5:51:bf:6c:40:f8:fe:9b:19:76:
         66:c6:ec:00:fc:e6:a8:70:74:37:45:cd:40:3f:f2:0d:26:66:
         8d:83:c4:96:31:16:7d:37:be:07:3a:7f:f5:35:95:cb:d2:c0:
         9f:70:80:7b:50:8f:90:9f:9d:b1:57:fb:2a:e7:9e:66:39:5d:
         e4:38:66:96:51:f4:d7:8d:7a:ed:e1:dd:fe:a9:b2:f0:31:29:
         75:07:0d:61:22:7a:82:a8:f0:e3:3d:53:25:64:23:2b:d6:ce:
         5d:61:aa:34:20:97:07:69:c2:28:6e:bc:fc:6e:d4:93:8e:50:
         d9:61:c4:4c:db:1c:28:9f:b6:74:b4:60:fd:be:34:b0:f1:39:
         e6:29:2b:f5:04:b7:52:b7:ab:e4:10:cf:26:9e:56:7d:59:8e:
         9b:04:7e:1a:2e:25:1f:03:99:0f:33:83:44:c7:ff:99:0a:30:
         72:9b:33:82:a2:7a:00:dc:48:d7:8d:b3:f1:9b:4d:08:3b:05:
         0b:8e:43:29
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDKKZkSA76SOxlZXa57nPUy1N1dMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE4MDdaFw0yNTA2MDUxNjIzMDdaMDMxMTAvBgNV
BAMTKDE1RUE4NjYyQUUyNTc1NkJGQTU3NDIwQzJFNDVGOEUwQkRDOUIwNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiKbGrh1dSfjYgc54melqKYlpA
eAe2KMWsh7PH7UIiS9UYlIycnOOSgtKguSgpWQkpgRtkJEQnV5E8wv2uYYF8W2/v
HaLhtnM+37g6jEFNQELHSjMZ9XehfnvQteP32zc5oFvX9IxDDAj0O6fZrjQkfk0z
jDpJg//qEDSvpdQfUcd7RgE/EtaG3yhIqnB5xWKi/DY/FZL3PUis518PJ3bvW0CZ
AqRwVx+PvKtQXTOMM3aB3rPhNdkXs+RzsbWIgG/ueGZ9PkeAHxQF8vULgW0VkOgl
cAfesikWudvwl6iTfRqBUcr5f5OtIpSUZ6tIlrmBRaC6uhgTfYznadmmgkJjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUFeqGYq4ldWv6V0IMLkX44L3JsFgwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBAJ3KjzTzbDAtWQp3gNt8Xad5hUQyWYS+A2RsMFWw
feSuT5SWGifldVqQvClM48bdN7aai55ATaewJyljk8QQpVG/bED4/psZdmbG7AD8
5qhwdDdFzUA/8g0mZo2DxJYxFn03vgc6f/U1lcvSwJ9wgHtQj5CfnbFX+yrnnmY5
XeQ4ZpZR9NeNeu3h3f6psvAxKXUHDWEieoKo8OM9UyVkIyvWzl1hqjQglwdpwihu
vPxu1JOOUNlhxEzbHCiftnS0YP2+NLDxOeYpK/UEt1K3q+QQzyaeVn1ZjpsEfhou
JR8DmQ8zg0TH/5kKMHKbM4KiegDcSNeNs/GbTQg7BQuOQyk=
-----END CERTIFICATE-----