Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38362e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          nrpIepzIhM6oKAjY/IhLd9JgBv9vrBZuDK/G4/qzF5I=
Subject key identifier:   50:67:01:37:AF:A6:B3:06:E8:04:6A:2F:B3:B1:38:EE:40:1D:58:F2
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       099125B98941C7244C6DE5262E703E674DB6EACF
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa
Signing time:             Mon 30 Jun 2025 21:08:33 +0000
ROA not before:           Mon 30 Jun 2025 21:03:33 +0000
ROA not after:            Mon 29 Jun 2026 21:08:33 +0000
asID:                     142111
IP address blocks:        2.58.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 14:55:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:91:25:b9:89:41:c7:24:4c:6d:e5:26:2e:70:3e:67:4d:b6:ea:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun 30 21:03:33 2025 GMT
            Not After : Jun 29 21:08:33 2026 GMT
        Subject: CN=50670137AFA6B306E8046A2FB3B138EE401D58F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1d:7b:ea:64:fd:6a:32:1f:25:0c:67:5a:f1:
                    e5:b0:1e:f5:90:9e:71:b8:93:31:db:48:23:37:04:
                    e6:e4:2f:4c:b2:07:53:59:f3:3a:19:94:07:a0:4b:
                    56:eb:54:52:14:c7:95:bb:db:9c:0d:03:d4:e3:9d:
                    5a:62:e0:0d:ef:0f:3a:88:59:19:5e:66:e8:04:cf:
                    e5:e4:85:46:8e:99:ed:fe:bd:1c:2e:85:e0:32:60:
                    68:68:62:d7:36:f7:45:1d:8f:72:83:b6:43:15:2b:
                    79:c1:59:cb:da:73:81:28:bc:f3:a0:f1:f5:4b:e4:
                    25:ee:7d:51:28:73:30:df:cb:57:f8:a8:a8:58:82:
                    24:12:2f:bb:28:11:eb:ef:f3:e4:cb:41:8b:de:3e:
                    42:6e:ad:87:a1:b6:90:3c:b7:34:3a:10:08:0d:c8:
                    61:07:9d:fd:56:ef:ec:9e:ad:46:7c:ef:67:28:fa:
                    ca:f0:29:5e:97:0f:ca:f9:ec:33:7b:93:f4:bd:62:
                    1f:ca:f3:65:c9:39:93:f5:34:07:05:dc:99:9d:ef:
                    f9:82:7f:01:b2:b0:da:99:78:8e:3f:ee:84:98:c4:
                    29:42:b9:07:e3:0d:46:36:4d:37:91:de:b0:17:9d:
                    fe:2e:7f:63:40:6f:27:62:08:7b:4f:72:25:95:b9:
                    42:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:67:01:37:AF:A6:B3:06:E8:04:6A:2F:B3:B1:38:EE:40:1D:58:F2
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:11:15:70:3c:9c:37:0b:e4:f0:90:ab:75:cd:d0:80:da:19:
         98:77:15:a7:e3:60:a2:60:4c:fb:de:65:57:81:42:fa:4a:99:
         4b:31:47:1c:55:c1:59:02:8f:50:59:c8:24:04:dc:1d:07:e1:
         1c:2d:66:bb:8f:58:41:3e:f7:57:6d:54:aa:ee:d6:5f:d7:4c:
         df:de:8a:93:8a:91:bc:92:4e:ae:6f:b3:e1:55:90:0a:4d:f2:
         49:a6:3b:8b:49:91:06:47:27:f4:ea:89:8e:0f:21:6b:de:f6:
         76:92:47:a4:3f:92:71:d4:4d:d6:53:99:4b:45:97:c7:d6:0e:
         1f:10:d7:9d:a6:33:d5:d0:72:2a:e9:d7:94:3d:ad:71:fe:87:
         c0:1d:ef:9e:d5:05:cd:dc:ca:6b:ca:11:e2:b2:a1:ca:6a:fd:
         96:03:71:73:d9:d2:2a:e5:41:07:66:fb:3d:44:fc:bb:48:b7:
         c1:c7:68:32:da:2e:4a:f2:dc:66:53:f8:e6:62:df:d0:4e:b5:
         cf:5f:6b:e1:d1:18:de:6e:7f:de:13:99:5d:87:4c:69:a2:41:
         fa:01:9b:02:89:46:a9:f9:94:ad:03:9c:30:8d:4a:4e:8f:5a:
         5b:44:e2:d9:38:fa:ff:49:de:cd:e7:02:1f:d8:76:3b:45:a5:
         e4:d2:7c:18
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCZEluYlBxyRMbeUmLnA+Z0226s8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA2MzAyMTAzMzNaFw0yNjA2MjkyMTA4MzNaMDMxMTAvBgNV
BAMTKDUwNjcwMTM3QUZBNkIzMDZFODA0NkEyRkIzQjEzOEVFNDAxRDU4RjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdHXvqZP1qMh8lDGda8eWwHvWQ
nnG4kzHbSCM3BObkL0yyB1NZ8zoZlAegS1brVFIUx5W725wNA9TjnVpi4A3vDzqI
WRleZugEz+XkhUaOme3+vRwuheAyYGhoYtc290Udj3KDtkMVK3nBWcvac4EovPOg
8fVL5CXufVEoczDfy1f4qKhYgiQSL7soEevv8+TLQYvePkJurYehtpA8tzQ6EAgN
yGEHnf1W7+yerUZ872co+srwKV6XD8r57DN7k/S9Yh/K82XJOZP1NAcF3Jmd7/mC
fwGysNqZeI4/7oSYxClCuQfjDUY2TTeR3rAXnf4uf2NAbydiCHtPciWVuUIhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUGcBN6+mswboBGovs7E47kAdWPIwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBAAcRFXA8nDcL5PCQq3XN0IDaGZh3FafjYKJgTPve
ZVeBQvpKmUsxRxxVwVkCj1BZyCQE3B0H4RwtZruPWEE+91dtVKru1l/XTN/eipOK
kbySTq5vs+FVkApN8kmmO4tJkQZHJ/TqiY4PIWve9naSR6Q/knHUTdZTmUtFl8fW
Dh8Q152mM9XQcirp15Q9rXH+h8Ad757VBc3cymvKEeKyocpq/ZYDcXPZ0irlQQdm
+z1E/LtIt8HHaDLaLkry3GZT+OZi39BOtc9fa+HRGN5uf94TmV2HTGmiQfoBmwKJ
Rqn5lK0DnDCNSk6PWltE4tk4+v9J3s3nAh/YdjtFpeTSfBg=
-----END CERTIFICATE-----