Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38362e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          SnLw+il3E4ShagMIZ3xAs3PPoZVCPzSv5KXOpyFHA+8=
Subject key identifier:   60:7C:6E:22:9A:01:F9:23:94:D4:12:80:93:CE:16:19:97:97:35:2E
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       1E4DFD943120AB4CC60918A2074D2490D550E517
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
Signing time:             Thu 08 May 2025 16:54:07 +0000
ROA not before:           Thu 08 May 2025 16:49:07 +0000
ROA not after:            Thu 07 May 2026 16:54:07 +0000
asID:                     152672
IP address blocks:        2.58.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 08:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:4d:fd:94:31:20:ab:4c:c6:09:18:a2:07:4d:24:90:d5:50:e5:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:07 2025 GMT
            Not After : May  7 16:54:07 2026 GMT
        Subject: CN=607C6E229A01F92394D4128093CE16199797352E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:67:9b:d9:ea:62:9e:f7:90:39:2c:02:3f:dc:
                    d6:4d:77:3c:0a:9d:5e:4c:59:02:d6:42:5a:58:3d:
                    bf:16:89:75:5d:5f:ca:53:de:fa:4d:21:d5:05:9a:
                    90:39:e5:5f:7e:ce:cf:7c:13:29:1d:f5:8b:b6:c8:
                    e1:b8:8b:00:fc:71:90:76:9d:b3:94:1a:da:c1:6d:
                    6b:62:3c:e1:bd:15:fb:24:6c:6c:1f:b0:a8:00:90:
                    ed:e1:09:52:d7:1a:89:d9:13:fe:ff:c1:7e:4a:bd:
                    cf:d7:df:f8:4e:64:21:f2:d0:54:05:0d:97:4b:53:
                    a5:8f:a7:ff:df:1a:37:51:13:77:e2:73:83:6b:26:
                    14:c0:fd:fe:1f:d3:bf:c7:10:6b:40:1a:c9:2d:07:
                    29:3d:2a:ea:42:9b:0e:84:0f:1a:f5:f0:fa:aa:5d:
                    89:ec:1b:c2:02:0e:2e:7d:a7:31:85:20:ee:97:1b:
                    3d:b3:36:5b:ee:1c:19:a5:6d:1f:36:69:78:71:b0:
                    32:e6:9d:d3:95:2f:b6:3d:49:5a:d2:a9:03:0b:c3:
                    87:e0:e7:2a:7a:3e:9a:10:85:2b:87:c5:d0:6b:b9:
                    10:e9:59:c1:10:9f:17:87:4e:0a:95:1c:5b:68:93:
                    30:2b:27:70:3b:5c:27:29:b8:6b:24:b2:aa:3b:37:
                    dd:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7C:6E:22:9A:01:F9:23:94:D4:12:80:93:CE:16:19:97:97:35:2E
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:11:8f:f0:8f:33:dd:88:43:07:63:f8:aa:4f:1c:52:f5:38:
         de:c3:f9:7a:ab:8a:c1:c4:fa:12:b5:7e:c1:f8:8f:e5:a0:e5:
         3c:9e:b6:57:89:23:dd:1c:f7:36:d5:67:b3:ef:74:6e:10:b3:
         82:a5:56:53:df:fd:0a:7b:e7:38:3e:0f:a3:09:8a:0c:49:7c:
         58:94:5e:b8:6d:fa:a7:69:32:86:52:90:57:ac:66:c3:a9:de:
         fa:fd:80:db:d5:b5:a7:47:dd:b3:14:bb:02:e7:70:ee:20:ea:
         9f:ce:b1:45:80:e2:d7:1b:78:ea:11:07:57:ec:c6:56:09:c8:
         20:e4:7b:74:aa:ab:16:1e:49:a9:5d:96:eb:1f:0d:ae:57:6e:
         9f:1a:4b:0c:8f:ce:7d:13:53:e7:b7:dd:30:cc:c1:72:20:e7:
         02:87:ee:a6:b8:06:a1:e7:f0:8d:e0:7b:f1:1b:ad:df:9a:29:
         5e:9e:af:23:da:4d:18:69:af:23:be:0a:6b:5e:37:0d:aa:a3:
         f0:4a:c8:46:6b:28:d9:9d:64:1b:87:fe:62:db:f1:1c:f9:c0:
         bc:94:c7:d7:ff:15:7b:7f:4b:eb:b7:77:30:8d:b4:90:a6:7d:
         ed:1e:bf:e5:ea:e1:86:30:39:57:50:f9:d5:d7:ea:45:c0:c1:
         2c:d1:74:ff
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHk39lDEgq0zGCRiiB00kkNVQ5RcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDdaFw0yNjA1MDcxNjU0MDdaMDMxMTAvBgNV
BAMTKDYwN0M2RTIyOUEwMUY5MjM5NEQ0MTI4MDkzQ0UxNjE5OTc5NzM1MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyZ5vZ6mKe95A5LAI/3NZNdzwK
nV5MWQLWQlpYPb8WiXVdX8pT3vpNIdUFmpA55V9+zs98Eykd9Yu2yOG4iwD8cZB2
nbOUGtrBbWtiPOG9FfskbGwfsKgAkO3hCVLXGonZE/7/wX5Kvc/X3/hOZCHy0FQF
DZdLU6WPp//fGjdRE3fic4NrJhTA/f4f07/HEGtAGsktByk9KupCmw6EDxr18Pqq
XYnsG8ICDi59pzGFIO6XGz2zNlvuHBmlbR82aXhxsDLmndOVL7Y9SVrSqQMLw4fg
5yp6PpoQhSuHxdBruRDpWcEQnxeHTgqVHFtokzArJ3A7XCcpuGsksqo7N90PAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUYHxuIpoB+SOU1BKAk84WGZeXNS4wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBAGERj/CPM92IQwdj+KpPHFL1ON7D+XqrisHE+hK1
fsH4j+Wg5TyetleJI90c9zbVZ7PvdG4Qs4KlVlPf/Qp75zg+D6MJigxJfFiUXrht
+qdpMoZSkFesZsOp3vr9gNvVtadH3bMUuwLncO4g6p/OsUWA4tcbeOoRB1fsxlYJ
yCDke3SqqxYeSaldlusfDa5Xbp8aSwyPzn0TU+e33TDMwXIg5wKH7qa4BqHn8I3g
e/Ebrd+aKV6eryPaTRhpryO+CmteNw2qo/BKyEZrKNmdZBuH/mLb8Rz5wLyUx9f/
FXt/S+u3dzCNtJCmfe0ev+Xq4YYwOVdQ+dXX6kXAwSzRdP8=
-----END CERTIFICATE-----