Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38372e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          4thOFDSKDIU79PqinoSmRs7CZOHr/mbWbQI5pKHhcrM=
Subject key identifier:   52:B8:AC:6F:29:28:28:6D:FB:5F:F4:9E:EA:3B:20:B8:61:99:22:70
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       61FD04595CD6740E474BD095F624072692625A14
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
Signing time:             Thu 06 Jun 2024 16:23:55 +0000
ROA not before:           Thu 06 Jun 2024 16:18:55 +0000
ROA not after:            Thu 05 Jun 2025 16:23:55 +0000
asID:                     152672
IP address blocks:        2.58.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:fd:04:59:5c:d6:74:0e:47:4b:d0:95:f6:24:07:26:92:62:5a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:18:55 2024 GMT
            Not After : Jun  5 16:23:55 2025 GMT
        Subject: CN=52B8AC6F2928286DFB5FF49EEA3B20B861992270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f5:af:ea:7d:21:40:ce:8c:64:14:3c:7f:de:
                    db:b5:2f:e9:59:51:ae:1c:51:ab:9c:51:d5:42:92:
                    44:ad:1e:51:6c:e9:e2:57:2d:a1:ec:0f:2e:c7:e9:
                    a0:21:3d:1a:ef:17:0a:fa:9c:aa:c2:31:7d:4a:64:
                    42:aa:9c:06:2e:17:f5:6a:5f:51:bb:50:01:ad:7b:
                    ff:a3:36:be:04:cc:7b:b1:14:7b:a5:8a:cd:06:e3:
                    d3:5e:03:7c:b6:9d:74:08:a5:95:f8:cd:81:0c:da:
                    2d:ed:01:64:5b:79:f4:4c:86:a3:8e:73:75:8a:63:
                    94:d8:8e:06:03:cc:47:f7:e5:b6:db:b5:40:dc:46:
                    71:b6:06:aa:ea:4b:b6:94:2d:5d:a6:50:1a:86:5b:
                    51:2f:2e:a3:d5:0b:8a:56:a5:a9:58:5a:0d:34:89:
                    0b:ab:c9:9e:04:cb:45:7b:5a:ff:39:be:82:f8:01:
                    1f:6c:fe:87:e9:95:72:f2:b6:a7:2f:01:49:57:6e:
                    28:54:2a:a8:0c:41:69:5c:38:53:53:c0:51:f2:8d:
                    80:a8:69:c8:22:62:28:b1:59:44:ac:54:c6:0c:04:
                    3c:11:7b:f2:59:27:4a:e7:3b:b7:92:25:2a:1f:4d:
                    64:5a:73:f8:29:78:29:84:ef:40:3d:4f:5c:5b:1c:
                    93:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B8:AC:6F:29:28:28:6D:FB:5F:F4:9E:EA:3B:20:B8:61:99:22:70
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:f6:ea:e0:03:97:71:d6:91:1c:3c:93:c8:09:37:b2:1d:ca:
         e4:b1:79:ef:cf:0c:83:f0:fd:80:47:fb:bc:a3:a1:3f:07:81:
         46:a6:c4:34:39:63:84:0c:4a:dd:0f:d5:95:52:be:94:67:90:
         fa:db:95:e2:6a:eb:2c:00:02:7d:c4:83:44:f0:16:b8:b5:f6:
         ae:78:f7:6b:7e:60:e6:06:88:5b:14:ab:1e:8a:d0:8b:52:b5:
         38:f9:ff:b2:e7:4e:bf:93:d7:1a:30:15:10:f7:1f:4a:e6:ce:
         15:25:eb:c2:f1:a2:58:25:82:69:1e:8f:7e:4b:c6:86:25:ac:
         9a:b0:11:63:39:e7:32:c7:e9:91:44:9e:93:4a:e9:15:ab:7b:
         29:35:80:a4:46:f2:aa:3f:b0:9f:31:f8:1f:82:31:5b:09:8f:
         cb:2d:83:8d:54:93:d4:ec:c9:34:3f:92:5f:97:79:7b:f0:36:
         cc:00:16:f3:b7:e4:b0:55:8f:57:0f:4d:40:39:85:3d:84:f6:
         d0:82:34:63:71:25:e0:e0:b4:95:77:af:b4:b9:f9:f4:39:20:
         f0:6a:6e:37:f0:fd:45:80:e8:35:b0:07:d4:e4:2e:d8:8a:8d:
         24:f0:aa:db:f9:73:db:60:82:c8:5b:2d:6c:da:e7:5d:cf:ae:
         81:1f:cf:4a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYf0EWVzWdA5HS9CV9iQHJpJiWhQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE4NTVaFw0yNTA2MDUxNjIzNTVaMDMxMTAvBgNV
BAMTKDUyQjhBQzZGMjkyODI4NkRGQjVGRjQ5RUVBM0IyMEI4NjE5OTIyNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC49a/qfSFAzoxkFDx/3tu1L+lZ
Ua4cUaucUdVCkkStHlFs6eJXLaHsDy7H6aAhPRrvFwr6nKrCMX1KZEKqnAYuF/Vq
X1G7UAGte/+jNr4EzHuxFHulis0G49NeA3y2nXQIpZX4zYEM2i3tAWRbefRMhqOO
c3WKY5TYjgYDzEf35bbbtUDcRnG2BqrqS7aULV2mUBqGW1EvLqPVC4pWpalYWg00
iQuryZ4Ey0V7Wv85voL4AR9s/ofplXLytqcvAUlXbihUKqgMQWlcOFNTwFHyjYCo
acgiYiixWUSsVMYMBDwRe/JZJ0rnO7eSJSofTWRac/gpeCmE70A9T1xbHJNDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUrisbykoKG37X/Se6jsguGGZInAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAIL26uADl3HWkRw8k8gJN7IdyuSxee/PDIPw/YBH
+7yjoT8HgUamxDQ5Y4QMSt0P1ZVSvpRnkPrbleJq6ywAAn3Eg0TwFri19q5492t+
YOYGiFsUqx6K0ItStTj5/7LnTr+T1xowFRD3H0rmzhUl68Lxolglgmkej35LxoYl
rJqwEWM55zLH6ZFEnpNK6RWreyk1gKRG8qo/sJ8x+B+CMVsJj8stg41Uk9TsyTQ/
kl+XeXvwNswAFvO35LBVj1cPTUA5hT2E9tCCNGNxJeDgtJV3r7S5+fQ5IPBqbjfw
/UWA6DWwB9TkLtiKjSTwqtv5c9tggshbLWza513ProEfz0o=
-----END CERTIFICATE-----
Generated at Mon Oct 14 17:29:35 2024 by rpki-client on console-ams.rpki-client.org