Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37322e302f32342d3234203d3e203632323430.roa
File:                     322e35382e37322e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          dGH7EOuoIOiRIb+p5jTvACJhvW7LfRoL9thv9GwGxrE=
Subject key identifier:   8B:23:B3:CE:3D:32:87:61:45:62:BF:C1:86:AD:F7:D8:7E:A5:BE:50
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       6C87CCEFE80315E785F4D6AE14E04A90FFFDC351
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37322e302f32342d3234203d3e203632323430.roa
Signing time:             Mon 01 Apr 2024 14:03:23 +0000
ROA not before:           Mon 01 Apr 2024 13:58:23 +0000
ROA not after:            Mon 31 Mar 2025 14:03:23 +0000
asID:                     62240
IP address blocks:        2.58.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:87:cc:ef:e8:03:15:e7:85:f4:d6:ae:14:e0:4a:90:ff:fd:c3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:23 2024 GMT
            Not After : Mar 31 14:03:23 2025 GMT
        Subject: CN=8B23B3CE3D3287614562BFC186ADF7D87EA5BE50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:71:b3:4e:e1:d9:79:54:17:10:76:48:52:c0:
                    a9:90:be:85:26:b8:96:9b:0d:6a:7f:4a:4a:fd:9f:
                    cb:24:cb:6b:19:35:ea:a6:6a:93:f5:81:61:f5:b1:
                    03:cb:d6:44:4d:d8:18:db:76:6b:7e:72:0f:c8:aa:
                    84:7f:00:03:f9:ec:88:69:80:3d:72:c4:e9:f8:93:
                    5e:92:d7:20:b0:49:4b:e4:f4:e4:e7:9b:86:a9:4f:
                    18:35:87:64:06:3c:77:66:9b:6c:97:07:b2:3e:2a:
                    ae:ba:44:1b:a9:9a:5c:0e:b8:91:05:5f:e8:7a:0a:
                    a1:e3:42:f9:46:36:96:fd:b8:ef:d4:e1:9d:93:c6:
                    68:e9:45:a5:af:44:44:13:6e:3c:67:4e:78:6c:38:
                    62:b5:27:c5:d1:f5:cc:99:d9:61:37:38:2a:94:35:
                    02:00:45:01:69:81:48:bd:5f:2e:1a:3f:bf:04:3b:
                    82:1c:6e:ad:89:48:c5:76:45:98:d9:a8:17:66:5b:
                    6d:b5:62:ae:ae:75:0b:8c:c8:dd:48:a4:fe:ff:1e:
                    76:6d:cf:1d:b3:2f:21:84:f4:40:20:11:de:34:f8:
                    56:48:d3:52:3a:ab:bd:17:21:1c:47:f6:68:f4:83:
                    c6:10:47:bd:0b:4d:8c:ad:71:83:af:61:76:3e:af:
                    10:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:23:B3:CE:3D:32:87:61:45:62:BF:C1:86:AD:F7:D8:7E:A5:BE:50
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37322e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:e3:4d:c0:1c:7c:0e:d7:f2:cb:32:10:8c:31:54:23:1b:f8:
         fb:b5:93:e0:57:22:a7:36:f4:e0:a5:87:71:83:6b:0e:bb:b1:
         fa:87:c5:ac:38:0a:f5:6f:1a:87:30:53:a4:3b:97:a1:94:c9:
         3f:2a:c6:6c:76:b0:15:ff:98:2b:06:89:59:63:58:3b:27:9b:
         52:ba:08:d6:99:13:de:9f:03:f3:f7:f2:41:7a:8d:6f:b8:69:
         dc:98:63:31:0d:43:ce:2f:6c:20:3e:e1:71:e7:8a:f1:be:0b:
         d2:45:84:ad:66:27:f9:7e:c3:05:b2:bf:3b:26:a8:3b:d8:02:
         36:db:5b:74:57:5e:27:5e:6c:d3:14:9a:a0:28:a8:24:6d:40:
         d0:83:84:20:8f:3a:c9:f6:33:11:4f:fd:16:1d:16:1d:2f:38:
         b0:70:bb:23:7f:31:80:b7:5a:2c:51:2c:d5:ea:8a:b0:5d:7c:
         53:4c:28:b3:b2:69:69:21:b2:0e:52:60:3d:6a:da:67:ec:ca:
         70:84:d9:71:b4:c0:31:7c:3c:8e:1c:6d:ff:f3:c0:4a:5d:6c:
         3c:e9:6e:a8:53:44:d8:25:94:00:7f:8e:3f:c3:a8:99:28:2f:
         67:61:e7:bf:dc:58:a1:b1:af:03:06:f0:98:1c:0a:a0:88:97:
         62:54:73:7a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUbIfM7+gDFeeF9NauFOBKkP/9w1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjNaFw0yNTAzMzExNDAzMjNaMDMxMTAvBgNV
BAMTKDhCMjNCM0NFM0QzMjg3NjE0NTYyQkZDMTg2QURGN0Q4N0VBNUJFNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2cbNO4dl5VBcQdkhSwKmQvoUm
uJabDWp/Skr9n8sky2sZNeqmapP1gWH1sQPL1kRN2Bjbdmt+cg/IqoR/AAP57Ihp
gD1yxOn4k16S1yCwSUvk9OTnm4apTxg1h2QGPHdmm2yXB7I+Kq66RBupmlwOuJEF
X+h6CqHjQvlGNpb9uO/U4Z2TxmjpRaWvREQTbjxnTnhsOGK1J8XR9cyZ2WE3OCqU
NQIARQFpgUi9Xy4aP78EO4Icbq2JSMV2RZjZqBdmW221Yq6udQuMyN1IpP7/HnZt
zx2zLyGE9EAgEd40+FZI01I6q70XIRxH9mj0g8YQR70LTYytcYOvYXY+rxAdAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiyOzzj0yh2FFYr/Bhq332H6lvlAwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzIyZTM1MzgyZTM3MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMyMzIzNDMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpIMA0G
CSqGSIb3DQEBCwUAA4IBAQB7403AHHwO1/LLMhCMMVQjG/j7tZPgVyKnNvTgpYdx
g2sOu7H6h8WsOAr1bxqHMFOkO5ehlMk/KsZsdrAV/5grBolZY1g7J5tSugjWmRPe
nwPz9/JBeo1vuGncmGMxDUPOL2wgPuFx54rxvgvSRYStZif5fsMFsr87Jqg72AI2
21t0V14nXmzTFJqgKKgkbUDQg4QgjzrJ9jMRT/0WHRYdLziwcLsjfzGAt1osUSzV
6oqwXXxTTCizsmlpIbIOUmA9atpn7MpwhNlxtMAxfDyOHG3/88BKXWw86W6oU0TY
JZQAf44/w6iZKC9nYee/3Fihsa8DBvCYHAqgiJdiVHN6
-----END CERTIFICATE-----