Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38372e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          forKJ/8Sud8NSEK1I/BLWnc9LbmgV8dvdwTHXuXXWsI=
Subject key identifier:   FD:C9:2D:37:0D:96:52:48:FA:CB:77:CC:8D:1C:EB:AE:78:DA:FF:1C
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       3BAF04167B2CD6E054D9FEE12F61436588681301
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
Signing time:             Thu 06 Jun 2024 16:24:14 +0000
ROA not before:           Thu 06 Jun 2024 16:19:14 +0000
ROA not after:            Thu 05 Jun 2025 16:24:14 +0000
asID:                     142111
IP address blocks:        2.58.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:af:04:16:7b:2c:d6:e0:54:d9:fe:e1:2f:61:43:65:88:68:13:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:19:14 2024 GMT
            Not After : Jun  5 16:24:14 2025 GMT
        Subject: CN=FDC92D370D965248FACB77CC8D1CEBAE78DAFF1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6c:87:70:df:25:68:83:5d:97:60:4c:1a:3a:
                    b0:51:12:b5:00:37:02:0f:e1:94:b2:01:e3:c3:c2:
                    5f:95:03:32:50:ef:fd:8f:02:f4:a2:bb:0b:07:3b:
                    3c:d8:c9:9f:ab:42:c0:88:f1:08:19:5d:92:9b:1d:
                    35:63:2d:1a:c6:38:26:9e:aa:8e:b0:ca:aa:ff:44:
                    b4:12:ee:48:20:1c:e0:68:45:0a:2c:87:fd:ca:f2:
                    0a:c8:0a:2e:c7:6a:4f:1d:fe:8f:14:6b:53:29:14:
                    2a:3d:4e:d7:84:2f:2c:44:68:98:67:6c:ec:b3:e4:
                    f8:c7:9a:92:e1:a5:8e:2e:21:bf:bd:59:d6:53:b8:
                    4d:da:a0:58:40:44:fd:df:49:1c:ef:fc:16:14:26:
                    6e:8c:29:5b:78:aa:b3:b6:94:ba:75:a8:cc:5c:3f:
                    00:6e:79:87:31:05:16:0a:4c:0d:91:38:58:8d:fe:
                    4a:76:53:64:32:db:9d:df:f7:15:43:97:c4:bc:70:
                    3f:ac:a5:c9:c4:60:25:6c:da:2b:3b:16:66:a1:1e:
                    18:cf:f4:c3:f9:eb:38:a1:23:68:e6:71:99:4a:f6:
                    95:71:bd:31:76:63:5a:45:27:f3:8e:d6:01:96:19:
                    8d:11:04:78:c1:d7:72:c7:48:82:de:13:77:cd:44:
                    9c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C9:2D:37:0D:96:52:48:FA:CB:77:CC:8D:1C:EB:AE:78:DA:FF:1C
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:1c:8b:d4:a6:b7:02:17:3d:75:76:df:1a:f6:b0:da:82:fb:
         09:16:f0:6d:cb:e2:a4:6e:59:55:f4:04:72:8b:5b:ac:b0:bb:
         7d:ef:7a:25:f7:b8:bf:6a:7c:ea:43:fa:f3:55:f7:2d:9c:e2:
         0b:9b:7b:a4:e8:47:01:55:24:40:f5:82:bc:9b:74:37:94:5d:
         be:6c:d3:f9:4a:e3:d9:2a:84:bc:17:42:84:fa:f0:35:c4:f4:
         1b:62:54:2b:7e:7e:d6:8c:fe:8a:00:1d:5a:66:ce:d4:a9:69:
         75:8c:6c:57:fc:b6:51:35:95:50:46:ca:1f:51:f1:f6:b2:73:
         bb:4b:cf:b6:ba:36:0d:fc:d2:c3:61:a7:af:b4:bd:ae:af:e6:
         8f:48:01:f8:f9:1c:53:80:e7:f0:dc:06:be:83:1c:73:8c:f8:
         ac:7d:f1:3e:ec:49:21:1d:2d:bc:db:e6:58:1c:8d:c0:00:de:
         6a:b7:fa:56:44:10:1d:a3:47:11:dd:55:6e:6f:8f:28:74:07:
         2f:1e:a1:4d:d7:73:a2:54:90:72:17:68:30:44:03:8b:f3:3f:
         76:bf:a8:95:46:9e:7a:96:e3:56:cd:1e:72:29:91:d1:e7:ee:
         6e:b9:66:59:4b:ee:fc:2a:4a:dd:9a:76:0e:bb:b9:ca:47:34:
         12:a7:14:45
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUO68EFnss1uBU2f7hL2FDZYhoEwEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE5MTRaFw0yNTA2MDUxNjI0MTRaMDMxMTAvBgNV
BAMTKEZEQzkyRDM3MEQ5NjUyNDhGQUNCNzdDQzhEMUNFQkFFNzhEQUZGMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHbIdw3yVog12XYEwaOrBRErUA
NwIP4ZSyAePDwl+VAzJQ7/2PAvSiuwsHOzzYyZ+rQsCI8QgZXZKbHTVjLRrGOCae
qo6wyqr/RLQS7kggHOBoRQosh/3K8grICi7Hak8d/o8Ua1MpFCo9TteELyxEaJhn
bOyz5PjHmpLhpY4uIb+9WdZTuE3aoFhARP3fSRzv/BYUJm6MKVt4qrO2lLp1qMxc
PwBueYcxBRYKTA2ROFiN/kp2U2Qy253f9xVDl8S8cD+spcnEYCVs2is7FmahHhjP
9MP56zihI2jmcZlK9pVxvTF2Y1pFJ/OO1gGWGY0RBHjB13LHSILeE3fNRJxBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU/cktNw2WUkj6y3fMjRzrrnja/xwwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAGUci9SmtwIXPXV23xr2sNqC+wkW8G3L4qRuWVX0
BHKLW6ywu33veiX3uL9qfOpD+vNV9y2c4gube6ToRwFVJED1grybdDeUXb5s0/lK
49kqhLwXQoT68DXE9BtiVCt+ftaM/ooAHVpmztSpaXWMbFf8tlE1lVBGyh9R8fay
c7tLz7a6Ng380sNhp6+0va6v5o9IAfj5HFOA5/DcBr6DHHOM+Kx98T7sSSEdLbzb
5lgcjcAA3mq3+lZEEB2jRxHdVW5vjyh0By8eoU3Xc6JUkHIXaDBEA4vzP3a/qJVG
nnqW41bNHnIpkdHn7m65ZllL7vwqSt2adg67ucpHNBKnFEU=
-----END CERTIFICATE-----