Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38372e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          Jx1SjngxiG3AEWyqgnBJUi7alnggPEv6dySIEq1szLs=
Subject key identifier:   30:56:E5:15:0C:A7:E9:F3:30:9C:3F:9B:26:91:5D:08:F5:DD:22:15
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       0EAF9F1DB3B25FB39298022124D8F1C6FB7A4D2E
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
Signing time:             Mon 30 Jun 2025 21:08:29 +0000
ROA not before:           Mon 30 Jun 2025 21:03:29 +0000
ROA not after:            Mon 29 Jun 2026 21:08:29 +0000
asID:                     142111
IP address blocks:        2.58.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:54:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:af:9f:1d:b3:b2:5f:b3:92:98:02:21:24:d8:f1:c6:fb:7a:4d:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun 30 21:03:29 2025 GMT
            Not After : Jun 29 21:08:29 2026 GMT
        Subject: CN=3056E5150CA7E9F3309C3F9B26915D08F5DD2215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:40:9b:e4:76:b2:1f:34:e7:50:e2:a1:4c:
                    54:30:17:73:4c:c4:20:1e:38:2a:6c:c4:8c:c2:71:
                    9b:55:7c:14:6c:b6:98:34:9f:c2:cb:27:55:b0:8e:
                    1c:07:41:56:54:0a:ed:51:a3:90:57:7b:bf:40:de:
                    9f:9b:d6:07:e8:d2:f9:f7:30:42:a6:0c:fc:a8:fa:
                    dd:6d:5b:fa:73:b6:05:e7:39:bc:36:5d:26:6a:01:
                    10:46:c6:d3:c5:b1:bc:8d:6f:17:00:bd:dc:ec:68:
                    bf:3e:8b:87:fc:6e:9f:0b:19:0f:69:5d:16:8c:56:
                    93:43:00:52:6b:db:1e:b6:c0:09:d2:a4:f2:c5:07:
                    3b:76:3b:0e:5f:27:93:78:41:3a:3b:1b:0e:1a:57:
                    a3:12:45:69:8e:5c:b8:83:bc:49:7c:58:54:91:28:
                    80:bf:a0:9d:72:f8:0d:da:4a:00:e3:84:55:e6:49:
                    f4:c9:4c:8c:53:f3:fd:f0:bc:54:e5:8c:20:24:39:
                    83:49:84:03:f3:ac:00:92:6b:f0:fa:7e:78:a6:4b:
                    92:09:b7:9b:ca:08:06:76:31:0f:83:c7:da:93:aa:
                    9b:53:e7:8b:81:77:77:e3:6a:8a:ea:ab:b4:2e:3f:
                    cb:3a:10:e9:ed:f4:ab:c2:8f:34:a2:25:0a:23:17:
                    35:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:56:E5:15:0C:A7:E9:F3:30:9C:3F:9B:26:91:5D:08:F5:DD:22:15
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:6a:01:4f:2e:49:0f:0c:ce:44:aa:0c:d2:a8:1c:58:9a:c9:
         cf:f3:41:a6:6e:b1:d5:79:87:26:f5:78:7d:0a:69:e5:34:80:
         5f:69:d1:62:86:d4:d7:32:8e:c0:72:6d:d9:41:fc:a8:b0:e2:
         7a:bd:02:0e:0a:dc:2d:57:df:90:de:7e:a2:09:c4:7d:e5:7a:
         bc:b1:19:44:37:12:ae:b4:fb:77:22:e0:87:93:8e:98:49:b3:
         95:fc:ef:ac:0b:69:ff:3d:2c:85:2c:23:10:31:a0:d2:11:6d:
         48:71:e2:07:7d:ab:66:6a:e9:37:d1:b9:00:24:56:c9:84:28:
         b7:5f:ba:47:b7:1a:f0:1f:ff:71:2f:94:67:44:16:3b:d8:fb:
         63:57:d6:5c:bc:86:4f:75:53:02:38:71:2b:ec:6b:d5:bd:1d:
         da:ac:60:e2:20:d3:93:dd:63:a9:d9:10:fc:fc:68:99:44:36:
         ea:90:67:4c:1c:ae:44:a0:da:69:bd:ce:d5:4d:c7:06:86:71:
         13:d8:c4:e5:c3:c4:75:53:b6:bf:21:8d:fe:5f:c8:5c:2e:82:
         74:60:76:93:2e:a9:74:79:47:39:80:2c:a9:16:e0:bd:e1:11:
         6b:f8:20:7c:d9:c8:ff:88:16:80:34:71:12:be:79:c6:d3:a1:
         8e:b8:30:ed
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDq+fHbOyX7OSmAIhJNjxxvt6TS4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA2MzAyMTAzMjlaFw0yNjA2MjkyMTA4MjlaMDMxMTAvBgNV
BAMTKDMwNTZFNTE1MENBN0U5RjMzMDlDM0Y5QjI2OTE1RDA4RjVERDIyMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5r0Cb5HayHzTnUOKhTFQwF3NM
xCAeOCpsxIzCcZtVfBRstpg0n8LLJ1WwjhwHQVZUCu1Ro5BXe79A3p+b1gfo0vn3
MEKmDPyo+t1tW/pztgXnObw2XSZqARBGxtPFsbyNbxcAvdzsaL8+i4f8bp8LGQ9p
XRaMVpNDAFJr2x62wAnSpPLFBzt2Ow5fJ5N4QTo7Gw4aV6MSRWmOXLiDvEl8WFSR
KIC/oJ1y+A3aSgDjhFXmSfTJTIxT8/3wvFTljCAkOYNJhAPzrACSa/D6fnimS5IJ
t5vKCAZ2MQ+Dx9qTqptT54uBd3fjaorqq7QuP8s6EOnt9KvCjzSiJQojFzXLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMFblFQyn6fMwnD+bJpFdCPXdIhUwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAF9qAU8uSQ8MzkSqDNKoHFiayc/zQaZusdV5hyb1
eH0KaeU0gF9p0WKG1NcyjsBybdlB/Kiw4nq9Ag4K3C1X35DefqIJxH3leryxGUQ3
Eq60+3ci4IeTjphJs5X876wLaf89LIUsIxAxoNIRbUhx4gd9q2Zq6TfRuQAkVsmE
KLdfuke3GvAf/3EvlGdEFjvY+2NX1ly8hk91UwI4cSvsa9W9HdqsYOIg05PdY6nZ
EPz8aJlENuqQZ0wcrkSg2mm9ztVNxwaGcRPYxOXDxHVTtr8hjf5fyFwugnRgdpMu
qXR5RzmALKkW4L3hEWv4IHzZyP+IFoA0cRK+ecbToY64MO0=
-----END CERTIFICATE-----