Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38362e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          7SLtdrOwA2eFb8LT7xwxSGFdwIFFw8tyKAggL/zou9U=
Subject key identifier:   DE:7E:2F:A4:7B:1A:56:0A:EB:18:AB:94:64:8D:4E:62:83:C4:22:BE
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       06F648DFE21EE926B152CB2C77BF63646DE2AEE4
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
Signing time:             Thu 08 May 2025 16:54:07 +0000
ROA not before:           Thu 08 May 2025 16:49:07 +0000
ROA not after:            Thu 07 May 2026 16:54:07 +0000
asID:                     142111
IP address blocks:        2.58.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 08:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f6:48:df:e2:1e:e9:26:b1:52:cb:2c:77:bf:63:64:6d:e2:ae:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:07 2025 GMT
            Not After : May  7 16:54:07 2026 GMT
        Subject: CN=DE7E2FA47B1A560AEB18AB94648D4E6283C422BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:aa:c5:fe:99:d1:c2:fb:3c:2c:7c:9f:0b:d7:
                    72:02:3c:e5:23:69:76:2e:ee:26:8b:08:04:4f:03:
                    e7:97:ca:0e:fd:e3:80:c4:4c:a5:7f:29:07:6c:d5:
                    43:ad:46:d8:65:17:9c:7d:be:b5:67:23:7e:90:16:
                    03:3e:5d:16:0c:57:4c:5f:3d:04:52:c5:02:a6:dd:
                    c2:5f:fb:c1:90:64:b2:ba:1e:a8:0c:7c:ea:2e:b6:
                    78:b5:2b:da:46:90:70:a3:24:d6:19:68:3d:6d:72:
                    2a:79:b7:86:15:2c:71:76:15:5b:5c:93:60:ea:6d:
                    91:87:06:8e:4b:e2:20:17:16:79:5c:07:c0:51:a2:
                    5a:9c:c9:1a:2d:6a:a4:de:d5:7f:b4:16:4a:11:cc:
                    ca:3e:e0:a6:46:3e:bf:75:6f:5e:a7:97:35:02:1a:
                    22:ab:f6:b9:a0:cb:50:bb:d0:04:df:27:6d:86:b0:
                    50:e3:b1:51:9e:ff:4a:3f:75:4d:3e:c5:5a:67:28:
                    ab:90:2f:85:b2:c3:3d:90:ac:f0:1a:90:6f:c1:7f:
                    09:21:2a:a3:e9:9e:db:ae:3b:c2:f1:b9:84:71:d6:
                    20:dc:3c:e9:4e:85:53:13:20:40:1d:76:3a:df:b2:
                    c4:36:ec:a9:58:ee:dc:b1:b6:9f:19:d7:09:77:56:
                    4c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:7E:2F:A4:7B:1A:56:0A:EB:18:AB:94:64:8D:4E:62:83:C4:22:BE
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a3:f5:00:8d:92:7c:ff:73:cc:da:33:0c:24:37:3e:6a:bf:
         53:29:5b:63:59:93:06:d0:11:bd:12:bf:34:de:2c:bc:d8:e9:
         b4:0d:6d:52:1b:52:19:ad:8a:00:49:b5:71:a5:63:e6:c6:ed:
         3d:58:80:8c:eb:6a:65:b0:e5:36:dc:3d:b1:62:37:e5:8a:ff:
         5d:fb:34:29:ba:8d:71:49:2d:4d:ad:77:b3:51:be:b5:d5:3e:
         95:a3:ba:d0:f4:b8:a7:2c:28:4d:55:77:57:04:87:7d:3f:64:
         6c:11:b1:25:45:7b:79:d6:6f:64:d3:b4:4a:22:fd:7f:5e:50:
         9f:d9:10:e2:2f:5c:71:0b:31:49:13:fc:de:06:94:fc:ec:c8:
         8f:e2:67:2b:1f:5f:e0:53:f7:ef:f6:88:e7:01:03:c5:7f:89:
         27:31:f0:7a:d0:f4:ed:47:7f:33:e5:65:9c:82:eb:86:40:3f:
         3f:9b:30:72:f2:01:7c:6a:73:cf:fd:df:2a:32:b0:9c:1f:6a:
         00:8c:dd:73:b7:43:04:4e:37:fe:15:d5:38:30:ff:bd:4b:14:
         7d:ce:b9:9f:56:6a:e9:4b:9b:eb:00:3b:e1:aa:53:0a:c6:6a:
         c4:9f:0d:d4:d7:bd:55:6b:0b:a7:19:0b:f9:40:3b:ac:81:72:
         48:94:47:5a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBvZI3+Ie6SaxUsssd79jZG3iruQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDdaFw0yNjA1MDcxNjU0MDdaMDMxMTAvBgNV
BAMTKERFN0UyRkE0N0IxQTU2MEFFQjE4QUI5NDY0OEQ0RTYyODNDNDIyQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHqsX+mdHC+zwsfJ8L13ICPOUj
aXYu7iaLCARPA+eXyg7944DETKV/KQds1UOtRthlF5x9vrVnI36QFgM+XRYMV0xf
PQRSxQKm3cJf+8GQZLK6HqgMfOoutni1K9pGkHCjJNYZaD1tcip5t4YVLHF2FVtc
k2DqbZGHBo5L4iAXFnlcB8BRolqcyRotaqTe1X+0FkoRzMo+4KZGPr91b16nlzUC
GiKr9rmgy1C70ATfJ22GsFDjsVGe/0o/dU0+xVpnKKuQL4Wywz2QrPAakG/Bfwkh
KqPpntuuO8LxuYRx1iDcPOlOhVMTIEAddjrfssQ27KlY7tyxtp8Z1wl3VkxBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU3n4vpHsaVgrrGKuUZI1OYoPEIr4wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBABCj9QCNknz/c8zaMwwkNz5qv1MpW2NZkwbQEb0S
vzTeLLzY6bQNbVIbUhmtigBJtXGlY+bG7T1YgIzramWw5TbcPbFiN+WK/137NCm6
jXFJLU2td7NRvrXVPpWjutD0uKcsKE1Vd1cEh30/ZGwRsSVFe3nWb2TTtEoi/X9e
UJ/ZEOIvXHELMUkT/N4GlPzsyI/iZysfX+BT9+/2iOcBA8V/iScx8HrQ9O1HfzPl
ZZyC64ZAPz+bMHLyAXxqc8/93yoysJwfagCM3XO3QwRON/4V1Tgw/71LFH3OuZ9W
aulLm+sAO+GqUwrGasSfDdTXvVVrC6cZC/lAO6yBckiUR1o=
-----END CERTIFICATE-----