Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38372e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          +rWzK8c3I0mUlyc4CB5sYOxWVJDWlQhpAcNTPOGyP7Q=
Subject key identifier:   CC:F1:22:5C:0B:B3:13:B3:9F:71:89:4D:6E:9D:24:2B:18:42:7E:B8
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       6DFAE944509AE181EDDC981EA78F312E9B3BA5D4
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
Signing time:             Thu 08 May 2025 16:54:07 +0000
ROA not before:           Thu 08 May 2025 16:49:07 +0000
ROA not after:            Thu 07 May 2026 16:54:07 +0000
asID:                     152672
IP address blocks:        2.58.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 08:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:fa:e9:44:50:9a:e1:81:ed:dc:98:1e:a7:8f:31:2e:9b:3b:a5:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:07 2025 GMT
            Not After : May  7 16:54:07 2026 GMT
        Subject: CN=CCF1225C0BB313B39F71894D6E9D242B18427EB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0a:0e:6b:af:0a:76:db:bf:13:f9:6a:fa:92:
                    3e:84:14:fc:03:72:7e:af:ed:e8:34:ad:9f:91:3d:
                    ed:f7:83:58:db:6e:52:d6:37:ef:35:72:5d:2c:0b:
                    ea:0a:af:81:05:b6:7e:5d:10:51:d0:87:24:83:4c:
                    4a:ed:27:e4:11:96:28:bf:a8:65:2b:a0:a7:f0:cf:
                    7f:4c:f3:e9:0f:75:5b:e2:0d:bf:f1:2a:3b:f4:6e:
                    da:17:94:0c:0e:4a:24:5b:9f:01:bc:7d:3d:7a:42:
                    b7:84:64:cd:9d:50:86:93:32:ff:59:00:d1:83:11:
                    62:75:19:c0:1d:08:9d:d1:69:c8:9c:49:66:b4:2c:
                    54:14:68:e0:5b:0a:01:fe:30:3c:86:e7:ad:de:94:
                    5f:51:00:46:e7:c0:63:34:90:66:d3:59:18:64:97:
                    de:df:b6:d0:80:64:df:41:a7:bc:7f:99:e5:9a:d9:
                    ab:c0:c2:77:5c:ac:ea:70:5d:c1:97:fb:85:ab:78:
                    32:5a:f7:b7:77:14:b2:74:43:bf:be:b1:f9:0a:b3:
                    30:ef:6a:af:11:74:de:4d:34:90:35:96:a8:f5:c8:
                    16:7d:af:fe:46:47:0a:94:d2:37:af:3e:14:c8:bc:
                    35:f7:69:f1:ad:d5:4e:fd:97:47:c7:cd:e2:77:08:
                    eb:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F1:22:5C:0B:B3:13:B3:9F:71:89:4D:6E:9D:24:2B:18:42:7E:B8
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:ca:a8:25:7a:af:1e:bb:90:89:4c:ab:4c:9f:f4:b2:01:a0:
         13:f4:5f:b6:1e:3c:d3:d7:39:ff:e8:01:87:aa:dd:2f:cb:f4:
         5f:72:1b:4c:b1:96:57:ea:c9:2e:48:31:fb:77:96:3e:68:5d:
         7d:c7:78:1b:c7:21:56:c1:6e:78:19:3f:14:da:14:ad:8e:f6:
         b6:ff:61:d4:4d:b7:f7:e1:d7:4f:28:44:50:73:82:7b:23:7b:
         f3:34:f3:96:40:0d:bb:5c:9f:ff:db:e3:fb:6c:12:19:06:5a:
         33:00:fc:6a:a8:8d:2c:82:21:f2:08:71:97:51:e2:f9:ac:3d:
         4a:cb:3e:6c:ad:cd:ca:0b:ae:3d:5b:d2:0b:34:ca:31:d5:1a:
         cf:bb:41:23:13:a1:dd:41:a0:ef:98:60:6b:db:ec:36:e5:43:
         b9:95:9d:f0:ab:b7:15:07:36:90:ba:fc:45:a1:9b:eb:60:61:
         4f:e5:ee:74:5a:5b:cd:f3:88:b4:1e:57:c7:11:14:71:39:c8:
         dc:40:6b:03:b1:f9:46:fc:72:cf:e1:c3:72:5d:6c:b8:98:f3:
         ac:7e:56:88:89:74:dc:02:ba:1f:46:59:44:71:d8:46:d5:19:
         78:ec:1e:39:7d:44:62:03:62:cb:51:5e:11:dc:b7:8a:ca:6a:
         44:8d:02:1b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbfrpRFCa4YHt3Jgep48xLps7pdQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDdaFw0yNjA1MDcxNjU0MDdaMDMxMTAvBgNV
BAMTKENDRjEyMjVDMEJCMzEzQjM5RjcxODk0RDZFOUQyNDJCMTg0MjdFQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClCg5rrwp2278T+Wr6kj6EFPwD
cn6v7eg0rZ+RPe33g1jbblLWN+81cl0sC+oKr4EFtn5dEFHQhySDTErtJ+QRlii/
qGUroKfwz39M8+kPdVviDb/xKjv0btoXlAwOSiRbnwG8fT16QreEZM2dUIaTMv9Z
ANGDEWJ1GcAdCJ3RacicSWa0LFQUaOBbCgH+MDyG563elF9RAEbnwGM0kGbTWRhk
l97fttCAZN9Bp7x/meWa2avAwndcrOpwXcGX+4WreDJa97d3FLJ0Q7++sfkKszDv
aq8RdN5NNJA1lqj1yBZ9r/5GRwqU0jevPhTIvDX3afGt1U79l0fHzeJ3COsFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUzPEiXAuzE7OfcYlNbp0kKxhCfrgwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAFfKqCV6rx67kIlMq0yf9LIBoBP0X7YePNPXOf/o
AYeq3S/L9F9yG0yxllfqyS5IMft3lj5oXX3HeBvHIVbBbngZPxTaFK2O9rb/YdRN
t/fh108oRFBzgnsje/M085ZADbtcn//b4/tsEhkGWjMA/GqojSyCIfIIcZdR4vms
PUrLPmytzcoLrj1b0gs0yjHVGs+7QSMTod1BoO+YYGvb7DblQ7mVnfCrtxUHNpC6
/EWhm+tgYU/l7nRaW83ziLQeV8cRFHE5yNxAawOx+Ub8cs/hw3JdbLiY86x+VoiJ
dNwCuh9GWURx2EbVGXjsHjl9RGIDYstRXhHct4rKakSNAhs=
-----END CERTIFICATE-----