Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33382e302f32342d3234203d3e20313336373837.roa
File:                     322e35382e33382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          VMZIZ3VrOtB1NUthlq82V5IklSyuviCkOW0aIrfiQYw=
Subject key identifier:   A2:83:8F:B0:78:8B:1F:37:A5:34:06:AE:81:67:6A:D1:B2:7C:B5:37
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       23AE246BBA758BD01E66FBA20A0BFFA59ABBD44A
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33382e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:48 +0000
ROA not before:           Wed 07 Feb 2024 12:28:48 +0000
ROA not after:            Wed 05 Feb 2025 12:33:48 +0000
asID:                     136787
IP address blocks:        2.58.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:ae:24:6b:ba:75:8b:d0:1e:66:fb:a2:0a:0b:ff:a5:9a:bb:d4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:48 2024 GMT
            Not After : Feb  5 12:33:48 2025 GMT
        Subject: CN=A2838FB0788B1F37A53406AE81676AD1B27CB537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e5:b5:12:89:b0:07:6e:67:fc:1b:b7:df:75:
                    af:a0:7d:f4:c3:41:b6:bf:8a:03:92:73:58:3e:15:
                    ac:8a:6b:e0:0d:78:61:57:b8:87:93:c8:98:ad:29:
                    08:c9:62:04:33:e7:13:15:98:c1:ee:1a:96:94:8c:
                    22:a7:20:d6:09:bb:b2:85:a5:16:67:52:d5:98:c2:
                    d8:7a:a9:2b:da:2a:6e:3f:04:ed:6c:af:f5:5f:c1:
                    91:68:60:94:63:5c:0d:ee:c2:3e:b0:9a:2e:b8:8d:
                    72:33:97:d7:a1:06:8c:40:42:26:db:a6:58:d6:d9:
                    e5:93:49:4c:aa:b3:2e:de:c9:c4:45:25:63:54:11:
                    6b:7a:cd:dc:d5:a0:09:d0:14:fe:1a:8a:ae:d5:14:
                    31:20:38:c7:a1:34:a7:df:5b:60:50:7a:0b:15:6d:
                    66:84:25:11:c7:24:f6:86:a4:39:5e:f0:d7:a4:d7:
                    d5:0a:d0:c2:c2:fe:8b:82:a2:83:b5:ce:09:f0:a4:
                    eb:83:c8:5a:80:4d:c2:c2:0c:84:c2:ba:31:84:f6:
                    9a:c5:7c:7c:b0:72:a0:8b:42:8f:d6:43:a4:bd:76:
                    4b:f1:f5:18:1f:9c:10:3b:a5:05:14:54:57:50:6e:
                    a3:f2:59:d8:66:a1:24:31:68:16:5b:fd:83:b5:89:
                    09:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:83:8F:B0:78:8B:1F:37:A5:34:06:AE:81:67:6A:D1:B2:7C:B5:37
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:8a:a7:d3:6e:82:af:ab:6e:b1:49:c1:d8:53:c3:5f:49:8e:
         9d:d0:59:ff:22:1a:02:f5:de:ba:90:57:27:0d:3d:da:ce:f2:
         6e:14:3f:7d:7b:0d:b4:d0:d2:b4:d9:e7:c5:21:e0:e4:0b:95:
         67:08:ed:11:70:f9:4a:5c:a5:76:57:76:a1:be:fe:34:04:d8:
         40:a1:e5:09:19:ea:ec:e0:4f:9e:81:18:79:a6:53:ae:96:47:
         b3:11:59:39:84:2c:a8:36:67:e4:e8:51:1f:b1:de:a4:b1:86:
         b6:66:b5:88:a0:03:1e:dc:da:74:bb:f1:b2:9d:db:26:b1:01:
         2a:d5:19:41:22:94:47:2d:76:a1:ad:61:47:de:38:8e:32:f9:
         a2:ab:d6:f5:12:e0:e0:13:c0:b6:93:0b:20:fe:1c:9f:5e:2f:
         fa:48:09:21:11:f6:2f:50:3b:f7:80:db:4f:fb:01:da:51:49:
         6f:1f:f8:0e:0d:63:d4:20:60:d2:e5:1e:6b:42:97:ec:38:38:
         70:bf:77:f4:85:2b:11:3e:bb:58:53:2d:5e:7b:58:a5:eb:46:
         15:39:d5:ef:f7:6a:cd:bf:1b:ec:6a:6b:f5:23:3b:fe:c6:e7:
         62:d9:0e:6c:e1:3c:7b:22:17:ec:98:cc:5b:5a:95:d7:ed:cb:
         ad:8b:bf:c5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUI64ka7p1i9AeZvuiCgv/pZq71EowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4NDhaFw0yNTAyMDUxMjMzNDhaMDMxMTAvBgNV
BAMTKEEyODM4RkIwNzg4QjFGMzdBNTM0MDZBRTgxNjc2QUQxQjI3Q0I1MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH5bUSibAHbmf8G7ffda+gffTD
Qba/igOSc1g+FayKa+ANeGFXuIeTyJitKQjJYgQz5xMVmMHuGpaUjCKnINYJu7KF
pRZnUtWYwth6qSvaKm4/BO1sr/VfwZFoYJRjXA3uwj6wmi64jXIzl9ehBoxAQibb
pljW2eWTSUyqsy7eycRFJWNUEWt6zdzVoAnQFP4aiq7VFDEgOMehNKffW2BQegsV
bWaEJRHHJPaGpDle8Nek19UK0MLC/ouCooO1zgnwpOuDyFqATcLCDITCujGE9prF
fHywcqCLQo/WQ6S9dkvx9RgfnBA7pQUUVFdQbqPyWdhmoSQxaBZb/YO1iQmVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUooOPsHiLHzelNAaugWdq0bJ8tTcwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzIyZTM1MzgyZTMzMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOiYw
DQYJKoZIhvcNAQELBQADggEBAE2Kp9Nugq+rbrFJwdhTw19Jjp3QWf8iGgL13rqQ
VycNPdrO8m4UP317DbTQ0rTZ58Uh4OQLlWcI7RFw+UpcpXZXdqG+/jQE2ECh5QkZ
6uzgT56BGHmmU66WR7MRWTmELKg2Z+ToUR+x3qSxhrZmtYigAx7c2nS78bKd2yax
ASrVGUEilEctdqGtYUfeOI4y+aKr1vUS4OATwLaTCyD+HJ9eL/pICSER9i9QO/eA
20/7AdpRSW8f+A4NY9QgYNLlHmtCl+w4OHC/d/SFKxE+u1hTLV57WKXrRhU51e/3
as2/G+xqa/UjO/7G52LZDmzhPHsiF+yYzFtaldfty62Lv8U=
-----END CERTIFICATE-----