Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33362e302f32342d3234203d3e20313336373837.roa
File:                     322e35382e33362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          rFDKuPLnHl+if2GSXs3/S+s4Xqd9iu/zhMwMzB3OxUw=
Subject key identifier:   12:1D:76:10:CE:40:CA:CE:B6:7D:AB:B0:75:D1:47:7D:F3:03:55:B0
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       42E13FB95A88FAA188C32694A21C48A7C2A266FE
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33362e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:45 +0000
ROA not before:           Wed 07 Feb 2024 12:28:45 +0000
ROA not after:            Wed 05 Feb 2025 12:33:45 +0000
asID:                     136787
IP address blocks:        2.58.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:e1:3f:b9:5a:88:fa:a1:88:c3:26:94:a2:1c:48:a7:c2:a2:66:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:45 2024 GMT
            Not After : Feb  5 12:33:45 2025 GMT
        Subject: CN=121D7610CE40CACEB67DABB075D1477DF30355B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:37:80:ee:65:c4:e1:6e:da:ba:be:bc:c3:52:
                    6e:67:65:4b:4c:22:22:92:2d:fc:41:0b:a5:de:ff:
                    b1:81:d8:16:c2:82:df:68:45:24:fa:dd:bc:87:4c:
                    35:4a:0d:e0:ab:8c:00:3a:63:90:cf:95:01:2e:9e:
                    86:e3:47:26:88:70:e5:7e:ba:25:05:4a:08:f8:12:
                    93:a1:4b:13:b6:ec:07:89:e1:fa:0d:b7:f0:a8:08:
                    4a:ec:c8:cb:b8:3b:11:d7:18:64:55:e9:4d:8b:df:
                    a2:62:7f:a4:39:55:26:93:4a:f9:9a:51:96:76:96:
                    8c:62:db:9a:49:bd:b5:47:ac:7f:4b:05:bf:69:c0:
                    41:e0:4c:c8:b0:ba:b2:6e:e0:79:3e:46:63:13:a9:
                    b6:b3:e4:ba:19:16:18:5b:67:75:13:d9:fd:12:fc:
                    2d:35:a0:31:28:cf:b1:44:72:6b:90:2d:5e:26:c3:
                    09:f9:12:47:61:5b:85:5e:c8:f3:19:91:e2:7b:c6:
                    fb:6b:da:5c:a0:43:89:e9:f9:43:bc:65:77:33:9e:
                    b7:91:75:c2:5d:b8:50:73:bb:9c:58:a6:ba:fd:58:
                    2d:4c:8c:06:8c:8f:eb:b1:94:4d:3a:63:1f:db:f8:
                    41:91:46:19:75:96:2a:fa:85:34:3b:be:31:50:fa:
                    6f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:1D:76:10:CE:40:CA:CE:B6:7D:AB:B0:75:D1:47:7D:F3:03:55:B0
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:57:41:74:52:5e:b9:59:3b:5b:57:95:cd:e6:25:18:d8:7d:
         d6:46:7b:6a:4e:28:05:aa:ba:6a:74:74:e2:14:6c:84:92:e0:
         eb:48:90:e0:d6:05:38:b2:a2:50:0c:0c:11:a4:b9:47:a0:97:
         27:fc:fa:7d:57:78:1f:aa:d9:4f:cb:ff:c0:d0:9a:24:7c:a1:
         aa:19:64:54:8b:74:9d:00:c7:29:28:b6:40:35:12:5e:a8:7b:
         02:18:f1:2e:93:54:9d:60:a8:07:98:e0:02:1b:46:69:31:0e:
         91:f0:71:e8:2a:2b:5e:d8:e3:b2:5f:78:1b:f8:2f:c6:c2:c0:
         f3:e2:58:0d:f0:c9:4f:a8:3f:3a:a0:27:e7:d7:02:2d:45:20:
         86:cb:fe:a3:93:8c:4f:76:ad:5e:6b:a1:64:ca:bb:70:16:8d:
         01:f1:c2:55:38:35:27:63:08:47:e1:81:02:a2:4f:08:aa:85:
         4e:d6:4c:c2:05:53:e0:ac:42:ae:95:36:9b:c8:08:3f:86:07:
         ca:8f:e9:ec:35:b0:70:10:27:e4:27:0c:f1:4e:d6:34:57:02:
         1b:fb:e2:f3:8f:e4:9b:e3:e5:e8:88:f9:67:61:b4:2a:35:9a:
         ea:6e:2f:bc:13:ce:45:51:ef:8a:20:b9:b4:d8:2d:62:d7:f3:
         77:99:c8:00
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQuE/uVqI+qGIwyaUohxIp8KiZv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4NDVaFw0yNTAyMDUxMjMzNDVaMDMxMTAvBgNV
BAMTKDEyMUQ3NjEwQ0U0MENBQ0VCNjdEQUJCMDc1RDE0NzdERjMwMzU1QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDON4DuZcThbtq6vrzDUm5nZUtM
IiKSLfxBC6Xe/7GB2BbCgt9oRST63byHTDVKDeCrjAA6Y5DPlQEunobjRyaIcOV+
uiUFSgj4EpOhSxO27AeJ4foNt/CoCErsyMu4OxHXGGRV6U2L36Jif6Q5VSaTSvma
UZZ2loxi25pJvbVHrH9LBb9pwEHgTMiwurJu4Hk+RmMTqbaz5LoZFhhbZ3UT2f0S
/C01oDEoz7FEcmuQLV4mwwn5EkdhW4VeyPMZkeJ7xvtr2lygQ4np+UO8ZXcznreR
dcJduFBzu5xYprr9WC1MjAaMj+uxlE06Yx/b+EGRRhl1lir6hTQ7vjFQ+m9rAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEh12EM5Ays62fauwddFHffMDVbAwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzIyZTM1MzgyZTMzMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOiQw
DQYJKoZIhvcNAQELBQADggEBAFNXQXRSXrlZO1tXlc3mJRjYfdZGe2pOKAWqump0
dOIUbISS4OtIkODWBTiyolAMDBGkuUeglyf8+n1XeB+q2U/L/8DQmiR8oaoZZFSL
dJ0AxykotkA1El6oewIY8S6TVJ1gqAeY4AIbRmkxDpHwcegqK17Y47JfeBv4L8bC
wPPiWA3wyU+oPzqgJ+fXAi1FIIbL/qOTjE92rV5roWTKu3AWjQHxwlU4NSdjCEfh
gQKiTwiqhU7WTMIFU+CsQq6VNpvICD+GB8qP6ew1sHAQJ+QnDPFO1jRXAhv74vOP
5Jvj5eiI+WdhtCo1mupuL7wTzkVR74ogubTYLWLX83eZyAA=
-----END CERTIFICATE-----