Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35382e33322e302f32322d3234203d3e20323033303631.roa
File:                     322e35382e33322e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          ZZyvSmXX3mIx2m0xY8/tkvK8GduRtocqIGfK9yDQCDM=
Subject key identifier:   A3:6B:1A:76:B5:9E:CF:9F:12:5E:63:D5:59:F3:49:DB:E0:CD:23:68
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1097C2CBA70278D220F881C3A723C249C421AD58
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35382e33322e302f32322d3234203d3e20323033303631.roa
Signing time:             Mon 27 Jan 2025 09:44:49 +0000
ROA not before:           Mon 27 Jan 2025 09:39:49 +0000
ROA not after:            Mon 26 Jan 2026 09:44:49 +0000
asID:                     203061
IP address blocks:        2.58.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:97:c2:cb:a7:02:78:d2:20:f8:81:c3:a7:23:c2:49:c4:21:ad:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:49 2025 GMT
            Not After : Jan 26 09:44:49 2026 GMT
        Subject: CN=A36B1A76B59ECF9F125E63D559F349DBE0CD2368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:56:fa:50:03:e1:03:d3:11:00:36:09:b6:c0:
                    1c:ac:1f:1d:dd:2a:49:04:b7:bd:5e:d8:25:95:b0:
                    d8:d5:8e:85:39:b3:9c:2b:8f:b5:bd:71:bc:63:e1:
                    d3:90:4b:b8:c9:e7:58:68:69:ca:0e:f2:96:1a:86:
                    69:fa:48:d2:87:22:88:2a:f4:92:58:b4:51:67:8a:
                    84:7c:f7:6a:b6:e6:50:f1:50:e0:9f:c5:00:86:b3:
                    aa:e6:d4:05:88:38:ce:c0:ca:e5:e8:19:43:c2:d1:
                    89:2f:4c:45:44:33:7f:5d:7d:8e:b6:e6:f8:8d:ba:
                    4e:38:70:8b:2f:a9:fe:77:3a:2d:01:21:70:20:4b:
                    3b:c9:92:94:4b:8b:83:0c:5a:98:40:f8:f4:34:8c:
                    fc:33:51:d2:d8:6e:cc:2c:ce:ff:c2:df:ec:a4:3f:
                    e7:d6:7c:9c:c2:fc:cb:45:95:4c:70:76:ca:1c:34:
                    91:00:4f:4a:c4:19:0c:cb:b1:64:cc:f4:21:85:6a:
                    d6:e6:60:19:05:08:93:22:88:15:a6:83:a4:17:0e:
                    28:30:b3:59:84:55:6e:02:c7:4d:43:17:45:4a:e7:
                    57:17:aa:44:a8:df:9e:5c:ad:68:70:d5:bc:3f:76:
                    7c:d6:f9:49:32:32:ca:9c:d5:54:8c:3f:f7:59:92:
                    20:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:6B:1A:76:B5:9E:CF:9F:12:5E:63:D5:59:F3:49:DB:E0:CD:23:68
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/322e35382e33322e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:fc:da:5e:5b:f6:f8:78:c5:ad:2b:8f:6d:8d:2f:06:25:0f:
         6c:17:07:5c:34:40:7c:96:90:37:b5:da:65:75:b8:0c:d8:46:
         5b:c7:8e:e6:93:84:7b:b6:d9:b2:e0:ba:a0:c7:94:3b:07:05:
         68:d7:79:e9:83:e6:35:4e:5a:58:2e:b7:95:10:fc:a9:8f:98:
         ee:6b:5d:0e:85:c5:a0:c0:a2:9e:b5:c4:e9:af:86:e8:db:d3:
         ad:dc:f5:73:11:6e:ca:87:49:15:60:f6:58:dc:b9:cb:06:fa:
         5a:12:96:b6:84:fd:e5:ff:df:0a:e0:bb:3d:7c:8c:51:f3:c9:
         45:e8:a5:bf:ae:5f:2e:db:92:67:f1:28:62:28:6d:93:c6:f4:
         d2:77:85:fa:8c:2e:3f:a7:13:22:87:80:dd:42:e6:09:af:31:
         5f:9a:a7:a1:4c:ae:7f:c6:df:67:7c:79:59:02:2c:39:27:61:
         dd:ce:17:af:43:90:0f:9a:5c:47:35:41:88:8a:65:47:7b:da:
         f0:37:ae:8f:d6:02:f1:0e:28:09:bb:15:89:e3:67:9e:b8:e6:
         2b:70:93:6c:4d:56:e1:5d:74:b4:9e:77:2d:f5:6f:aa:23:a3:
         c0:a4:92:e3:bd:8e:78:86:83:95:9d:d5:c2:c5:34:02:b2:d1:
         db:81:92:b6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUEJfCy6cCeNIg+IHDpyPCScQhrVgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDlaFw0yNjAxMjYwOTQ0NDlaMDMxMTAvBgNV
BAMTKEEzNkIxQTc2QjU5RUNGOUYxMjVFNjNENTU5RjM0OURCRTBDRDIzNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIVvpQA+ED0xEANgm2wBysHx3d
KkkEt71e2CWVsNjVjoU5s5wrj7W9cbxj4dOQS7jJ51hoacoO8pYahmn6SNKHIogq
9JJYtFFnioR892q25lDxUOCfxQCGs6rm1AWIOM7AyuXoGUPC0YkvTEVEM39dfY62
5viNuk44cIsvqf53Oi0BIXAgSzvJkpRLi4MMWphA+PQ0jPwzUdLYbswszv/C3+yk
P+fWfJzC/MtFlUxwdsocNJEAT0rEGQzLsWTM9CGFatbmYBkFCJMiiBWmg6QXDigw
s1mEVW4Cx01DF0VK51cXqkSo355crWhw1bw/dnzW+UkyMsqc1VSMP/dZkiC7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUo2sadrWez58SXmPVWfNJ2+DNI2gwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzIyZTM1MzgyZTMzMzIyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzMjMwMzMzMDM2MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAICOiAw
DQYJKoZIhvcNAQELBQADggEBADT82l5b9vh4xa0rj22NLwYlD2wXB1w0QHyWkDe1
2mV1uAzYRlvHjuaThHu22bLguqDHlDsHBWjXeemD5jVOWlgut5UQ/KmPmO5rXQ6F
xaDAop61xOmvhujb063c9XMRbsqHSRVg9ljcucsG+loSlraE/eX/3wrguz18jFHz
yUXopb+uXy7bkmfxKGIobZPG9NJ3hfqMLj+nEyKHgN1C5gmvMV+ap6FMrn/G32d8
eVkCLDknYd3OF69DkA+aXEc1QYiKZUd72vA3ro/WAvEOKAm7FYnjZ5645itwk2xN
VuFddLSedy31b6ojo8CkkuO9jniGg5Wd1cLFNAKy0duBkrY=
-----END CERTIFICATE-----