Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38362e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          ccITXPiYQm4e7JLuCxL3sjQ6S3KmdD3H0icycH44N98=
Subject key identifier:   C0:05:1B:95:0D:21:28:E7:66:E9:92:7B:3D:BA:7A:0A:BB:11:58:A9
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       0294196ABFE54F9CEA3FECF05D18722F40F4BF8E
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa
Signing time:             Mon 30 Jun 2025 06:02:47 +0000
ROA not before:           Mon 30 Jun 2025 05:57:47 +0000
ROA not after:            Mon 29 Jun 2026 06:02:47 +0000
asID:                     152672
IP address blocks:        2.58.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:54:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:94:19:6a:bf:e5:4f:9c:ea:3f:ec:f0:5d:18:72:2f:40:f4:bf:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun 30 05:57:47 2025 GMT
            Not After : Jun 29 06:02:47 2026 GMT
        Subject: CN=C0051B950D2128E766E9927B3DBA7A0ABB1158A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:87:87:c9:5d:a9:5f:5b:a8:de:07:d8:44:82:
                    d5:b0:67:cb:df:2a:89:c7:a8:35:23:77:65:c5:b6:
                    ac:b3:8d:2b:a1:ab:7b:e8:98:74:b1:ee:2f:0a:a7:
                    5f:94:00:68:7d:ab:64:57:d8:c4:70:e9:22:62:4e:
                    f9:f3:82:68:39:41:46:a4:ba:93:f1:f9:0d:76:39:
                    47:ad:6f:22:a1:34:65:2a:f7:57:43:51:51:f6:03:
                    75:ba:c6:70:3f:88:3e:40:1b:b6:90:47:63:9a:70:
                    a6:32:bd:31:ed:d1:cc:5b:ab:0d:56:f4:c2:10:53:
                    1d:46:e0:bf:62:00:a9:54:12:ec:52:1e:93:8a:2d:
                    51:4e:54:9f:54:8c:21:e2:b8:0d:d4:a9:d6:b1:1e:
                    45:f4:c3:ec:ec:e5:cb:90:75:75:b8:d5:9d:8c:d4:
                    17:7c:55:e4:28:10:5c:bb:f7:ec:91:01:96:98:ba:
                    f5:94:8b:f7:e7:99:7a:88:6b:68:6c:37:05:55:56:
                    dc:0c:70:dd:e7:c9:13:73:36:65:dd:d8:fe:2f:f3:
                    05:66:df:34:0a:c2:0f:0e:7a:cc:0a:92:bb:02:66:
                    9d:88:29:5d:26:8a:19:f3:4c:2f:94:ea:20:97:6f:
                    97:e7:4e:cf:cf:1e:05:61:28:cd:e1:fd:73:4b:60:
                    93:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:05:1B:95:0D:21:28:E7:66:E9:92:7B:3D:BA:7A:0A:BB:11:58:A9
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:5b:07:62:3e:83:50:c7:42:d6:d9:bd:ae:86:be:f1:90:7c:
         2a:40:cd:fd:d5:33:56:2d:ee:35:69:9f:af:c7:1a:c7:0a:eb:
         67:d0:96:ff:bd:fc:c7:c6:14:aa:da:74:26:e9:58:96:b4:bf:
         7c:92:fb:fe:07:0a:c5:d5:cf:b3:18:10:96:b6:c5:6e:97:7a:
         99:f6:5d:0d:21:28:e9:ef:a9:29:11:49:b1:87:bc:d3:df:a2:
         6c:15:75:fa:b9:82:2d:ec:98:51:b9:a6:ed:31:4f:43:a1:01:
         72:76:05:6a:6c:c0:e4:ad:09:a5:e3:aa:4c:24:c5:1c:c5:bb:
         80:fe:32:e8:a0:ea:00:d5:28:46:37:3a:b0:37:fc:1b:71:69:
         5d:d4:78:c8:6c:60:fb:e7:fb:0e:9c:a8:74:04:a7:e0:48:4f:
         aa:86:1c:85:6f:61:a1:84:8a:c3:87:ba:bf:f8:ee:9f:43:be:
         6e:d4:a1:96:63:89:c4:d0:9a:86:79:86:d0:8a:1f:4c:60:50:
         21:76:a7:4c:2e:7c:c5:4c:d6:17:0a:2a:e3:5c:a0:37:16:43:
         35:d5:76:9f:48:99:63:23:ac:5f:cd:82:ac:99:4a:be:1c:41:
         fb:5b:bd:ff:7a:4d:11:1f:4e:a3:c2:9a:d3:a8:aa:05:51:e4:
         5f:29:14:e3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUApQZar/lT5zqP+zwXRhyL0D0v44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA2MzAwNTU3NDdaFw0yNjA2MjkwNjAyNDdaMDMxMTAvBgNV
BAMTKEMwMDUxQjk1MEQyMTI4RTc2NkU5OTI3QjNEQkE3QTBBQkIxMTU4QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlh4fJXalfW6jeB9hEgtWwZ8vf
KonHqDUjd2XFtqyzjSuhq3vomHSx7i8Kp1+UAGh9q2RX2MRw6SJiTvnzgmg5QUak
upPx+Q12OUetbyKhNGUq91dDUVH2A3W6xnA/iD5AG7aQR2OacKYyvTHt0cxbqw1W
9MIQUx1G4L9iAKlUEuxSHpOKLVFOVJ9UjCHiuA3UqdaxHkX0w+zs5cuQdXW41Z2M
1Bd8VeQoEFy79+yRAZaYuvWUi/fnmXqIa2hsNwVVVtwMcN3nyRNzNmXd2P4v8wVm
3zQKwg8OeswKkrsCZp2IKV0mihnzTC+U6iCXb5fnTs/PHgVhKM3h/XNLYJMfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUwAUblQ0hKOdm6ZJ7Pbp6CrsRWKkwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlYw
DQYJKoZIhvcNAQELBQADggEBAM5bB2I+g1DHQtbZva6GvvGQfCpAzf3VM1Yt7jVp
n6/HGscK62fQlv+9/MfGFKradCbpWJa0v3yS+/4HCsXVz7MYEJa2xW6Xepn2XQ0h
KOnvqSkRSbGHvNPfomwVdfq5gi3smFG5pu0xT0OhAXJ2BWpswOStCaXjqkwkxRzF
u4D+Muig6gDVKEY3OrA3/BtxaV3UeMhsYPvn+w6cqHQEp+BIT6qGHIVvYaGEisOH
ur/47p9Dvm7UoZZjicTQmoZ5htCKH0xgUCF2p0wufMVM1hcKKuNcoDcWQzXVdp9I
mWMjrF/NgqyZSr4cQftbvf96TREfTqPCmtOoqgVR5F8pFOM=
-----END CERTIFICATE-----