Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35382e33322e302f32322d3234203d3e20323033303631.roa
File:                     322e35382e33322e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          1v80C0A7ibA4e7dWPjHZZ5R1JBYSxj/7YX7zEWkEngc=
Subject key identifier:   87:A6:A5:94:BF:A5:C6:4D:48:06:10:18:E0:92:CE:CD:7D:ED:86:71
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       25D28896DB5F72FDD93400FED32974B8DE10A4CF
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35382e33322e302f32322d3234203d3e20323033303631.roa
Signing time:             Mon 26 Feb 2024 08:52:44 +0000
ROA not before:           Mon 26 Feb 2024 08:47:44 +0000
ROA not after:            Mon 24 Feb 2025 08:52:44 +0000
asID:                     203061
IP address blocks:        2.58.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:d2:88:96:db:5f:72:fd:d9:34:00:fe:d3:29:74:b8:de:10:a4:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:44 2024 GMT
            Not After : Feb 24 08:52:44 2025 GMT
        Subject: CN=87A6A594BFA5C64D48061018E092CECD7DED8671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:5c:24:a1:e4:d7:eb:dc:b5:29:a2:8d:18:9d:
                    15:07:21:28:e8:f1:9d:6e:e3:f1:83:db:a9:65:e3:
                    65:a8:e0:73:d0:fa:be:2b:42:16:10:8b:bd:fb:8e:
                    a0:4e:e2:18:26:6a:5f:4c:f2:65:a2:63:e0:8c:c2:
                    7d:4e:55:c7:38:27:7f:04:08:69:28:ba:62:cc:98:
                    46:c3:d9:0f:e5:b6:93:ff:ab:99:dd:11:b2:ea:d7:
                    41:73:4c:1d:51:d0:d5:6d:37:b7:be:09:00:f3:fc:
                    1a:15:ef:72:fb:ed:ad:37:0b:50:e6:17:63:92:dc:
                    1c:e9:a2:37:26:ae:01:4f:34:82:c0:f3:13:6c:1c:
                    64:35:40:dc:6a:91:00:45:a5:71:19:f4:33:a9:39:
                    cc:5d:34:34:b2:23:f1:58:6d:74:2d:ef:bf:6e:dd:
                    a4:2c:bb:16:a0:85:c9:9d:db:f1:97:a5:4a:c1:b9:
                    c8:36:5c:63:14:c6:b6:33:f5:0f:3c:a2:8f:d9:32:
                    06:cc:2a:9e:c7:d8:d3:82:b1:f0:80:86:c8:b6:40:
                    d4:2b:41:63:29:85:60:e8:6e:ca:db:39:f0:70:dd:
                    1c:ea:a0:56:60:d3:31:c0:9e:df:2f:a4:31:23:f4:
                    6e:96:b4:28:76:88:d9:25:60:e1:e5:e1:91:ba:34:
                    1e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A6:A5:94:BF:A5:C6:4D:48:06:10:18:E0:92:CE:CD:7D:ED:86:71
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35382e33322e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:a8:aa:15:af:f2:4a:0a:36:ca:64:01:b1:c1:e2:f5:79:ed:
         7a:90:20:cb:78:59:e8:4d:bf:be:63:ec:f8:f1:71:46:ee:c9:
         28:d0:55:c7:eb:b9:f3:3b:33:75:dd:23:3c:ad:25:3f:11:7f:
         a1:88:4a:83:cd:f2:60:5b:9e:f7:af:c7:50:4f:56:09:a2:3f:
         03:28:65:65:8f:75:b2:58:bb:87:7f:1e:86:9e:02:99:df:07:
         1b:42:df:83:db:32:5c:e4:86:6d:89:02:e0:65:ed:a4:1b:6b:
         d3:96:a8:a2:e2:7b:3c:bd:90:fb:f2:8f:21:62:32:22:77:f2:
         f8:93:80:f7:48:0d:77:cd:11:70:fa:43:2e:31:f2:86:af:9f:
         a5:57:17:46:74:1f:09:1e:c9:b3:c7:27:85:2c:62:f0:76:0d:
         18:a0:33:37:59:05:ff:d1:bb:eb:67:22:f2:29:98:a6:18:85:
         da:bd:02:8e:f6:fa:76:5a:7a:2e:0f:86:ee:45:65:c5:08:19:
         96:ec:8b:5e:8f:ee:39:75:7e:b9:36:5c:05:57:c5:0a:10:c6:
         2e:0f:89:cf:a9:7f:22:3a:0a:19:5f:e7:16:16:af:36:3e:00:
         fc:db:16:ba:5f:ac:41:b9:62:95:69:cd:48:83:68:31:70:1f:
         fb:8d:71:61
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJdKIlttfcv3ZNAD+0yl0uN4QpM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDRaFw0yNTAyMjQwODUyNDRaMDMxMTAvBgNV
BAMTKDg3QTZBNTk0QkZBNUM2NEQ0ODA2MTAxOEUwOTJDRUNEN0RFRDg2NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeXCSh5Nfr3LUpoo0YnRUHISjo
8Z1u4/GD26ll42Wo4HPQ+r4rQhYQi737jqBO4hgmal9M8mWiY+CMwn1OVcc4J38E
CGkoumLMmEbD2Q/ltpP/q5ndEbLq10FzTB1R0NVtN7e+CQDz/BoV73L77a03C1Dm
F2OS3BzpojcmrgFPNILA8xNsHGQ1QNxqkQBFpXEZ9DOpOcxdNDSyI/FYbXQt779u
3aQsuxaghcmd2/GXpUrBucg2XGMUxrYz9Q88oo/ZMgbMKp7H2NOCsfCAhsi2QNQr
QWMphWDobsrbOfBw3RzqoFZg0zHAnt8vpDEj9G6WtCh2iNklYOHl4ZG6NB51AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUh6allL+lxk1IBhAY4JLOzX3thnEwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzIyZTM1MzgyZTMzMzIyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzMjMwMzMzMDM2MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAICOiAw
DQYJKoZIhvcNAQELBQADggEBAC2oqhWv8koKNspkAbHB4vV57XqQIMt4WehNv75j
7PjxcUbuySjQVcfrufM7M3XdIzytJT8Rf6GISoPN8mBbnvevx1BPVgmiPwMoZWWP
dbJYu4d/HoaeApnfBxtC34PbMlzkhm2JAuBl7aQba9OWqKLiezy9kPvyjyFiMiJ3
8viTgPdIDXfNEXD6Qy4x8oavn6VXF0Z0HwkeybPHJ4UsYvB2DRigMzdZBf/Ru+tn
IvIpmKYYhdq9Ao72+nZaei4Phu5FZcUIGZbsi16P7jl1frk2XAVXxQoQxi4Pic+p
fyI6Chlf5xYWrzY+APzbFrpfrEG5YpVpzUiDaDFwH/uNcWE=
-----END CERTIFICATE-----