Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/322e35382e38332e302f32342d3332203d3e203531313637.roa
File:                     322e35382e38332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          ARfwF0amG1PKbDW6M4/oophKw1GkA+0+T0luv4uK4Cc=
Subject key identifier:   2E:A0:FF:67:A3:FE:FA:C4:28:C4:49:91:38:AA:1B:42:BB:FB:F1:1F
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       6014395B4EF6DE2FF777868B49FBBBFDAC13FAA2
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/322e35382e38332e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 20 Dec 2024 15:23:26 +0000
ROA not before:           Fri 20 Dec 2024 15:18:26 +0000
ROA not after:            Fri 19 Dec 2025 15:23:26 +0000
asID:                     51167
IP address blocks:        2.58.83.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 14:31:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:14:39:5b:4e:f6:de:2f:f7:77:86:8b:49:fb:bb:fd:ac:13:fa:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Dec 20 15:18:26 2024 GMT
            Not After : Dec 19 15:23:26 2025 GMT
        Subject: CN=2EA0FF67A3FEFAC428C4499138AA1B42BBFBF11F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:98:87:51:02:a4:97:bb:f1:01:48:7b:8b:31:
                    b3:81:13:37:d5:a1:7c:e9:9e:83:0e:3f:ba:c8:b0:
                    08:27:0d:58:e6:b0:4f:a2:5e:45:79:d9:00:9f:e9:
                    e7:b1:c8:69:fd:f6:db:b2:c6:90:1c:d8:fd:c3:3e:
                    62:7d:fc:46:1e:75:9a:7f:43:ef:80:99:40:6e:eb:
                    2b:31:33:25:bd:53:30:85:ed:4b:62:76:e8:e5:ed:
                    c5:d4:f3:e7:15:61:61:4a:43:55:23:3a:77:34:ba:
                    4a:7a:c4:db:85:df:36:0f:63:ce:c8:4e:10:ba:c7:
                    ea:c7:a0:65:5a:03:55:72:1b:10:64:e7:dc:44:b2:
                    e0:c0:67:8b:67:5c:c0:e8:25:5f:c6:e8:db:f4:17:
                    05:91:ba:20:02:8f:e1:9f:ae:d2:e3:b7:79:11:f2:
                    11:84:9c:91:2d:fb:fd:8d:3b:07:9b:d1:5e:11:25:
                    af:5b:c5:82:44:31:08:f8:6b:d7:79:0f:f8:8e:1a:
                    7a:d8:82:d7:fd:de:e1:ae:c3:3d:fc:4d:a2:29:4a:
                    0d:50:8f:d9:7c:b7:68:52:28:03:e3:3c:dc:9f:31:
                    bc:eb:2f:43:52:bb:4e:b0:1e:bf:94:bc:35:18:3c:
                    aa:04:0e:b4:39:e9:cf:f3:e6:56:35:54:14:92:11:
                    78:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A0:FF:67:A3:FE:FA:C4:28:C4:49:91:38:AA:1B:42:BB:FB:F1:1F
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/322e35382e38332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:f0:18:0b:1d:fe:5b:e6:1a:02:d2:ff:c4:00:87:d8:4c:07:
         4e:6f:9f:88:06:4a:42:af:83:96:0e:37:53:d4:39:99:78:85:
         88:ab:da:12:01:ff:47:c4:da:6e:94:23:04:d0:85:f4:79:3b:
         15:66:ae:91:87:1b:b8:82:95:23:06:7e:2b:31:16:91:32:d9:
         62:9e:1a:24:35:3c:35:11:ff:dc:a5:72:b8:ce:df:82:d8:34:
         30:14:96:28:f6:3c:7e:69:b1:13:d3:ec:7e:eb:95:2c:8f:f9:
         72:19:9c:73:cd:f0:e0:ee:8b:96:c3:71:5d:d2:2c:62:ac:f6:
         ab:c2:f9:3d:18:de:98:d7:11:8a:a5:59:19:01:da:ba:ae:db:
         8a:f8:89:7c:b8:35:aa:b8:83:39:f5:c6:1c:a7:53:f7:07:67:
         67:f9:99:df:45:bd:67:5a:e2:7f:6c:14:4d:a4:69:7c:51:d0:
         39:d9:66:d6:bb:32:ab:ab:0e:75:f4:49:1b:f1:9e:62:35:ae:
         12:a6:e6:bb:74:ad:9c:00:dd:fa:ad:5a:c7:25:e2:65:13:ed:
         97:59:f4:95:55:70:ee:30:94:43:3e:6a:90:53:d0:56:15:4c:
         0d:7c:85:80:59:f9:cb:55:23:9e:3a:d2:91:e8:55:7e:3f:9d:
         51:ae:a8:89
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUYBQ5W0723i/3d4aLSfu7/awT+qIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDEyMjAxNTE4MjZaFw0yNTEyMTkxNTIzMjZaMDMxMTAvBgNV
BAMTKDJFQTBGRjY3QTNGRUZBQzQyOEM0NDk5MTM4QUExQjQyQkJGQkYxMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCymIdRAqSXu/EBSHuLMbOBEzfV
oXzpnoMOP7rIsAgnDVjmsE+iXkV52QCf6eexyGn99tuyxpAc2P3DPmJ9/EYedZp/
Q++AmUBu6ysxMyW9UzCF7Utidujl7cXU8+cVYWFKQ1UjOnc0ukp6xNuF3zYPY87I
ThC6x+rHoGVaA1VyGxBk59xEsuDAZ4tnXMDoJV/G6Nv0FwWRuiACj+GfrtLjt3kR
8hGEnJEt+/2NOweb0V4RJa9bxYJEMQj4a9d5D/iOGnrYgtf93uGuwz38TaIpSg1Q
j9l8t2hSKAPjPNyfMbzrL0NSu06wHr+UvDUYPKoEDrQ56c/z5lY1VBSSEXiVAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQULqD/Z6P++sQoxEmROKobQrv78R8wHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMjJlMzUzODJlMzgz
MzJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAC
OlMwDQYJKoZIhvcNAQELBQADggEBAFnwGAsd/lvmGgLS/8QAh9hMB05vn4gGSkKv
g5YON1PUOZl4hYir2hIB/0fE2m6UIwTQhfR5OxVmrpGHG7iClSMGfisxFpEy2WKe
GiQ1PDUR/9ylcrjO34LYNDAUlij2PH5psRPT7H7rlSyP+XIZnHPN8ODui5bDcV3S
LGKs9qvC+T0Y3pjXEYqlWRkB2rqu24r4iXy4Naq4gzn1xhynU/cHZ2f5md9FvWda
4n9sFE2kaXxR0DnZZta7MqurDnX0SRvxnmI1rhKm5rt0rZwA3fqtWscl4mUT7ZdZ
9JVVcO4wlEM+apBT0FYVTA18hYBZ+ctVI5460pHoVX4/nVGuqIk=
-----END CERTIFICATE-----