Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33392e302f32342d3234203d3e20313336373837.roa
File:                     322e35382e33392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          3McygaOW471iSZTQe7JZ9L6qm167T9xjjwWtf8tmaCc=
Subject key identifier:   F8:3B:D5:37:8A:72:03:DC:4E:C9:22:67:8E:8B:50:25:CC:BF:37:28
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       6D281853BF15E6DAA02282462D95CFB3838CA2A4
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33392e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:49 +0000
ROA not before:           Wed 07 Feb 2024 12:28:49 +0000
ROA not after:            Wed 05 Feb 2025 12:33:49 +0000
asID:                     136787
IP address blocks:        2.58.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:28:18:53:bf:15:e6:da:a0:22:82:46:2d:95:cf:b3:83:8c:a2:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:49 2024 GMT
            Not After : Feb  5 12:33:49 2025 GMT
        Subject: CN=F83BD5378A7203DC4EC922678E8B5025CCBF3728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f0:c9:19:ec:66:25:69:25:54:86:67:b6:77:
                    d5:4e:99:84:13:15:0d:67:36:f5:6f:c0:dc:61:a9:
                    45:0c:91:44:4d:73:05:10:94:8f:17:1e:fa:86:92:
                    d3:f8:ec:de:3f:98:11:0d:a0:1c:1e:b6:e1:f3:be:
                    4d:9e:42:01:71:f2:88:4f:c2:cd:4e:5e:c2:5c:a9:
                    dd:f6:46:67:f9:41:ee:2d:e1:a3:43:2f:aa:93:72:
                    7d:bb:65:31:80:54:31:e6:3d:06:c5:f6:33:20:ec:
                    01:16:ee:b4:8a:36:4a:a3:43:dd:c7:b4:ae:fe:aa:
                    78:55:d2:a2:77:e1:6a:32:c6:55:c8:12:74:9b:62:
                    36:c3:a4:ef:f4:6f:2b:2e:9d:94:d4:d7:a2:57:b1:
                    71:5a:7b:a1:d5:c1:ac:42:d0:9f:54:8d:0e:68:84:
                    8b:aa:fb:45:23:70:cf:03:17:43:29:35:4a:6a:81:
                    08:5f:01:a9:fd:95:45:ae:a5:2a:b0:6f:ed:45:54:
                    bb:29:8b:d8:03:de:bb:1a:5a:9b:47:66:b2:57:5a:
                    10:37:e7:06:fe:65:c6:9d:b5:f7:81:aa:b9:22:fd:
                    05:90:30:20:27:25:76:af:ca:9c:0c:85:98:f5:6b:
                    f0:a6:5b:e0:b9:67:80:5d:ed:56:0a:02:71:df:7e:
                    59:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3B:D5:37:8A:72:03:DC:4E:C9:22:67:8E:8B:50:25:CC:BF:37:28
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/322e35382e33392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:5c:c6:95:ef:bc:b0:d1:4e:f0:31:e4:0d:b7:06:e4:a0:37:
         6b:5d:5a:9f:5c:7e:ab:58:e0:67:56:3d:41:d2:52:dd:1a:a6:
         bb:b7:3b:d4:f3:31:3a:2c:fd:70:9e:7e:24:55:54:1e:b8:30:
         55:56:e8:a6:90:ad:99:88:57:56:e3:32:da:3d:d3:65:ce:f6:
         89:93:fe:4f:01:dd:cd:6d:82:95:9c:0f:ed:b5:6c:da:a8:52:
         61:bf:d8:fd:ce:f6:6c:07:c8:a2:7e:e6:c2:16:6d:c1:7b:33:
         75:e8:ad:66:83:63:04:99:fc:6a:2e:a6:50:a9:6a:1e:94:e9:
         ed:f0:f9:e6:97:c0:c1:9d:ed:80:ed:9d:d5:ff:0a:0d:e3:fe:
         90:2e:a3:1d:20:2b:6e:1c:aa:0e:35:fd:2b:ac:b4:a0:5f:89:
         78:39:31:3c:ed:ea:f4:17:9b:dd:06:88:c7:b9:a8:33:b3:1f:
         bb:c2:2a:d0:f5:58:11:fd:8c:14:70:1c:d4:9c:06:6f:d5:34:
         21:c2:c2:12:71:3b:0e:79:91:a0:78:8b:3f:88:72:03:39:89:
         dc:6e:b6:7f:7a:85:e3:aa:1b:5f:67:33:da:d7:a6:fb:d5:11:
         08:e0:67:aa:a1:35:73:f8:41:4a:48:ad:b0:18:c1:e8:ce:43:
         d0:5a:6a:26
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbSgYU78V5tqgIoJGLZXPs4OMoqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4NDlaFw0yNTAyMDUxMjMzNDlaMDMxMTAvBgNV
BAMTKEY4M0JENTM3OEE3MjAzREM0RUM5MjI2NzhFOEI1MDI1Q0NCRjM3MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq8MkZ7GYlaSVUhme2d9VOmYQT
FQ1nNvVvwNxhqUUMkURNcwUQlI8XHvqGktP47N4/mBENoBwetuHzvk2eQgFx8ohP
ws1OXsJcqd32Rmf5Qe4t4aNDL6qTcn27ZTGAVDHmPQbF9jMg7AEW7rSKNkqjQ93H
tK7+qnhV0qJ34WoyxlXIEnSbYjbDpO/0bysunZTU16JXsXFae6HVwaxC0J9UjQ5o
hIuq+0UjcM8DF0MpNUpqgQhfAan9lUWupSqwb+1FVLspi9gD3rsaWptHZrJXWhA3
5wb+ZcadtfeBqrki/QWQMCAnJXavypwMhZj1a/CmW+C5Z4Bd7VYKAnHfflnrAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU+DvVN4pyA9xOySJnjotQJcy/NygwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzIyZTM1MzgyZTMzMzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOicw
DQYJKoZIhvcNAQELBQADggEBAHhcxpXvvLDRTvAx5A23BuSgN2tdWp9cfqtY4GdW
PUHSUt0apru3O9TzMTos/XCefiRVVB64MFVW6KaQrZmIV1bjMto902XO9omT/k8B
3c1tgpWcD+21bNqoUmG/2P3O9mwHyKJ+5sIWbcF7M3XorWaDYwSZ/GouplCpah6U
6e3w+eaXwMGd7YDtndX/Cg3j/pAuox0gK24cqg41/SustKBfiXg5MTzt6vQXm90G
iMe5qDOzH7vCKtD1WBH9jBRwHNScBm/VNCHCwhJxOw55kaB4iz+IcgM5idxutn96
heOqG19nM9rXpvvVEQjgZ6qhNXP4QUpIrbAYwejOQ9BaaiY=
-----END CERTIFICATE-----