Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
File:                     322e35382e38372e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          NILbj7OdAD9JBoTlOEPDHLwPbvuQ+cdWqSfd5TYnGJk=
Subject key identifier:   3E:8B:A2:94:4F:5C:C4:D3:12:EC:1A:0E:1A:9C:54:92:B8:0C:FC:50
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       3E9378B4A747DAD42E93456ED4A345E7E934275B
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
Signing time:             Thu 06 Jun 2024 16:24:33 +0000
ROA not before:           Thu 06 Jun 2024 16:19:33 +0000
ROA not after:            Thu 05 Jun 2025 16:24:33 +0000
asID:                     63023
IP address blocks:        2.58.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:93:78:b4:a7:47:da:d4:2e:93:45:6e:d4:a3:45:e7:e9:34:27:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:19:33 2024 GMT
            Not After : Jun  5 16:24:33 2025 GMT
        Subject: CN=3E8BA2944F5CC4D312EC1A0E1A9C5492B80CFC50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:43:a2:81:01:b1:a5:d4:81:78:d5:65:ab:8c:
                    07:ca:a4:97:57:51:c0:f8:74:f0:05:35:f9:7f:dd:
                    78:85:5f:46:67:34:5e:9e:84:6e:ce:7c:6a:8e:67:
                    d9:f6:38:df:aa:74:4b:77:b7:0a:aa:ba:cb:96:e0:
                    93:a3:25:7a:b1:6b:19:31:32:60:4b:6a:e6:8e:5b:
                    ee:1a:d8:3e:91:2b:70:f4:eb:9b:be:91:9d:a9:da:
                    53:07:36:57:fd:72:00:a8:9b:f0:7e:5b:15:f7:83:
                    50:31:20:fb:53:ff:d9:96:b4:8c:ed:46:bc:d9:22:
                    e6:3f:35:92:35:26:25:69:a8:51:22:41:e0:7e:9b:
                    39:92:96:b0:7f:85:eb:cc:da:f4:12:59:61:ec:22:
                    f9:ac:53:ad:97:04:90:95:53:82:9a:36:4b:1d:56:
                    36:e6:e3:c6:26:37:dd:90:3b:c1:89:f9:1e:b9:26:
                    61:86:00:24:24:fb:2b:84:e4:6b:d0:f5:6d:70:d0:
                    e1:e6:85:e5:ff:15:a3:13:74:47:20:f0:5c:f5:27:
                    35:42:60:e0:59:88:8b:66:7a:55:25:24:09:a7:b0:
                    f0:7c:f1:7e:41:76:81:48:25:c1:fd:a5:ac:16:ef:
                    62:af:ac:fe:04:98:c5:4a:7d:1f:6f:7c:3d:f0:5f:
                    90:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8B:A2:94:4F:5C:C4:D3:12:EC:1A:0E:1A:9C:54:92:B8:0C:FC:50
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a1:fa:ea:c1:71:0a:cc:bc:85:af:10:ee:5a:14:82:b8:8f:
         af:29:cb:c5:ee:00:fc:bc:4f:b9:03:c4:c7:ff:f0:c6:cf:c5:
         77:90:ae:54:73:2c:0e:4d:21:d1:a6:e7:76:f7:db:1b:2c:1a:
         15:72:6b:ef:bd:d5:b8:67:60:92:15:46:7e:ce:82:74:73:4b:
         e0:2d:09:6f:f4:58:e4:1a:fc:c5:be:9f:42:81:a8:27:f7:ec:
         4e:36:57:6d:d9:32:c1:7f:13:42:94:d0:d2:08:03:a2:c7:61:
         23:5d:a0:5a:18:b1:4f:d5:cb:cb:b8:9c:a1:03:70:ea:4a:e5:
         2f:57:7d:ab:22:f6:f3:66:8b:6b:17:c6:d5:a5:58:ab:08:4c:
         0d:a8:91:fd:65:25:9f:67:9a:c3:a5:78:2b:51:1f:d6:e1:2f:
         74:66:da:d7:9d:5c:3c:1f:e9:99:40:db:59:2b:db:05:10:c0:
         e4:95:3c:fc:dd:a2:b7:bb:7a:c5:43:c8:c4:9e:6b:0a:fa:f9:
         a5:f4:83:d7:1e:1b:45:95:cb:cf:b9:b3:15:5e:37:50:34:38:
         eb:9c:b1:ac:ad:11:88:36:ea:3d:7f:4e:eb:32:6e:5d:7d:12:
         29:f0:7f:60:1b:cf:fb:ae:14:78:ef:1a:0b:c0:d6:ba:79:f4:
         22:b1:da:31
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUPpN4tKdH2tQuk0Vu1KNF5+k0J1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE5MzNaFw0yNTA2MDUxNjI0MzNaMDMxMTAvBgNV
BAMTKDNFOEJBMjk0NEY1Q0M0RDMxMkVDMUEwRTFBOUM1NDkyQjgwQ0ZDNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJQ6KBAbGl1IF41WWrjAfKpJdX
UcD4dPAFNfl/3XiFX0ZnNF6ehG7OfGqOZ9n2ON+qdEt3twqqusuW4JOjJXqxaxkx
MmBLauaOW+4a2D6RK3D065u+kZ2p2lMHNlf9cgCom/B+WxX3g1AxIPtT/9mWtIzt
RrzZIuY/NZI1JiVpqFEiQeB+mzmSlrB/hevM2vQSWWHsIvmsU62XBJCVU4KaNksd
Vjbm48YmN92QO8GJ+R65JmGGACQk+yuE5GvQ9W1w0OHmheX/FaMTdEcg8Fz1JzVC
YOBZiItmelUlJAmnsPB88X5BdoFIJcH9pawW72KvrP4EmMVKfR9vfD3wX5AZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUPouilE9cxNMS7BoOGpxUkrgM/FAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpXMA0G
CSqGSIb3DQEBCwUAA4IBAQAAofrqwXEKzLyFrxDuWhSCuI+vKcvF7gD8vE+5A8TH
//DGz8V3kK5UcywOTSHRpud299sbLBoVcmvvvdW4Z2CSFUZ+zoJ0c0vgLQlv9Fjk
GvzFvp9Cgagn9+xONldt2TLBfxNClNDSCAOix2EjXaBaGLFP1cvLuJyhA3DqSuUv
V32rIvbzZotrF8bVpVirCEwNqJH9ZSWfZ5rDpXgrUR/W4S90ZtrXnVw8H+mZQNtZ
K9sFEMDklTz83aK3u3rFQ8jEnmsK+vml9IPXHhtFlcvPubMVXjdQNDjrnLGsrRGI
Nuo9f07rMm5dfRIp8H9gG8/7rhR47xoLwNa6efQisdox
-----END CERTIFICATE-----
Generated at Mon Oct 14 17:29:35 2024 by rpki-client on console-ams.rpki-client.org