Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
File:                     322e35382e38372e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          WbpHdVV0xVpCwUnLgF8nsd0yyKBCVPm0rur/cIPX9FI=
Subject key identifier:   8C:D9:05:00:34:67:AB:8E:3D:AD:E6:18:2A:22:59:EF:0B:9C:C4:7B
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       438FBE24EF9E5A30CB4F920ECFB8797380344CA1
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
Signing time:             Thu 08 May 2025 16:54:08 +0000
ROA not before:           Thu 08 May 2025 16:49:08 +0000
ROA not after:            Thu 07 May 2026 16:54:08 +0000
asID:                     63023
IP address blocks:        2.58.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:8f:be:24:ef:9e:5a:30:cb:4f:92:0e:cf:b8:79:73:80:34:4c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:08 2025 GMT
            Not After : May  7 16:54:08 2026 GMT
        Subject: CN=8CD905003467AB8E3DADE6182A2259EF0B9CC47B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2c:15:f7:9d:95:75:35:e6:ec:ec:f1:b2:84:
                    dc:16:cf:83:8c:ce:ab:96:64:2e:17:31:72:0f:1c:
                    fd:2b:df:53:63:3d:31:97:99:06:b6:f4:f0:07:48:
                    46:42:18:b5:24:6a:24:97:a5:23:38:90:c1:72:40:
                    16:1e:e0:2c:86:e9:2f:2d:c2:ec:8d:39:e3:9c:52:
                    cb:6a:05:f2:2e:a3:cb:6b:ae:62:f4:0b:32:df:fb:
                    45:31:26:64:ea:c1:5f:f9:b0:1b:36:15:26:cf:11:
                    9d:e6:a8:ca:80:4d:b1:ca:70:fb:96:fa:27:ad:d3:
                    12:d1:8d:0f:45:25:7b:d8:70:f6:06:bf:3d:f0:94:
                    72:12:3f:69:5d:65:a6:98:93:cb:f6:0c:21:d0:78:
                    13:14:01:f9:2a:09:70:c3:d8:76:c5:49:32:f8:79:
                    9a:84:81:b6:2b:aa:8c:72:24:28:99:7f:b0:77:e1:
                    c3:d5:73:08:b1:89:08:d4:ec:08:5a:7f:87:da:17:
                    8b:8e:2f:71:15:a3:36:b6:65:35:7f:d7:bf:cf:81:
                    9c:0f:ae:e1:e6:1c:86:86:d4:84:d3:95:f0:c2:c0:
                    8f:58:38:82:77:16:1a:2d:75:5c:7d:d4:d5:69:8d:
                    15:99:e0:89:90:fa:89:9d:21:5a:45:68:2d:a2:7e:
                    f7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D9:05:00:34:67:AB:8E:3D:AD:E6:18:2A:22:59:EF:0B:9C:C4:7B
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f2:77:bc:29:b2:49:cc:08:58:a6:bf:de:3d:50:93:da:32:
         4d:9b:ef:b2:40:c4:ec:da:80:fb:95:82:65:92:e1:41:ab:33:
         4d:de:97:7a:e6:b8:46:14:6a:87:95:2b:38:1f:85:d9:f4:59:
         74:af:27:75:e8:1d:4b:c7:aa:40:d6:f9:22:f6:7d:27:29:c9:
         0d:d7:a8:b2:6b:a2:d9:bd:16:7b:9e:2d:a2:7a:63:ae:9f:4a:
         e8:3b:5d:e7:c9:b0:df:32:a3:c0:fe:41:bf:71:6d:08:9b:91:
         ee:1a:a0:0a:c2:7f:6b:a1:45:a3:ea:0e:ff:94:ac:f0:78:c4:
         9e:d8:06:01:59:6b:45:05:15:a8:64:e2:62:08:b3:90:d5:6a:
         7e:6b:a3:c6:ed:6c:83:f6:a0:64:d5:1b:d3:4f:d8:94:37:cf:
         8c:60:ee:4a:af:d0:e3:8b:ac:df:c1:0b:cc:ab:5c:fb:0a:67:
         f9:d0:e2:ed:56:d2:89:6d:43:66:e4:3f:ab:67:4f:3e:14:fd:
         c4:79:7a:d3:4e:89:af:0b:a1:41:d7:95:c6:84:e0:21:91:ed:
         17:23:68:f9:47:dd:6a:bd:7d:06:89:36:ff:20:63:fc:00:26:
         fa:17:97:13:df:ba:19:72:ac:a8:c5:69:54:b3:1b:c6:bc:db:
         82:91:a9:ba
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQ4++JO+eWjDLT5IOz7h5c4A0TKEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDhaFw0yNjA1MDcxNjU0MDhaMDMxMTAvBgNV
BAMTKDhDRDkwNTAwMzQ2N0FCOEUzREFERTYxODJBMjI1OUVGMEI5Q0M0N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4LBX3nZV1Nebs7PGyhNwWz4OM
zquWZC4XMXIPHP0r31NjPTGXmQa29PAHSEZCGLUkaiSXpSM4kMFyQBYe4CyG6S8t
wuyNOeOcUstqBfIuo8trrmL0CzLf+0UxJmTqwV/5sBs2FSbPEZ3mqMqATbHKcPuW
+iet0xLRjQ9FJXvYcPYGvz3wlHISP2ldZaaYk8v2DCHQeBMUAfkqCXDD2HbFSTL4
eZqEgbYrqoxyJCiZf7B34cPVcwixiQjU7Ahaf4faF4uOL3EVoza2ZTV/17/PgZwP
ruHmHIaG1ITTlfDCwI9YOIJ3FhotdVx91NVpjRWZ4ImQ+omdIVpFaC2ifvctAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUjNkFADRnq449reYYKiJZ7wucxHswHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpXMA0G
CSqGSIb3DQEBCwUAA4IBAQB98ne8KbJJzAhYpr/ePVCT2jJNm++yQMTs2oD7lYJl
kuFBqzNN3pd65rhGFGqHlSs4H4XZ9Fl0ryd16B1Lx6pA1vki9n0nKckN16iya6LZ
vRZ7ni2iemOun0roO13nybDfMqPA/kG/cW0Im5HuGqAKwn9roUWj6g7/lKzweMSe
2AYBWWtFBRWoZOJiCLOQ1Wp+a6PG7WyD9qBk1RvTT9iUN8+MYO5Kr9Dji6zfwQvM
q1z7Cmf50OLtVtKJbUNm5D+rZ08+FP3EeXrTTomvC6FB15XGhOAhke0XI2j5R91q
vX0GiTb/IGP8ACb6F5cT37oZcqyoxWlUsxvGvNuCkam6
-----END CERTIFICATE-----