Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37342e302f32342d3234203d3e20313336373837.roa
File:                     322e35382e37342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          sR9weQzHlqd90K/0YMU7JvaTFXHIAanMg1VSA2rRrUU=
Subject key identifier:   61:9F:15:65:90:CC:B2:41:89:1E:D7:0B:CE:56:47:D5:3C:09:62:3F
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       1415AE8A012534B2FB1B0BB254F785190555DB98
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37342e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 19 Jun 2023 16:34:34 +0000
ROA not before:           Mon 19 Jun 2023 16:29:34 +0000
ROA not after:            Mon 17 Jun 2024 16:34:34 +0000
asID:                     136787
IP address blocks:        2.58.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:15:ae:8a:01:25:34:b2:fb:1b:0b:b2:54:f7:85:19:05:55:db:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Jun 19 16:29:34 2023 GMT
            Not After : Jun 17 16:34:34 2024 GMT
        Subject: CN=619F156590CCB241891ED70BCE5647D53C09623F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:93:b4:49:0f:38:f3:f3:8f:d7:47:6b:54:c3:
                    ce:9d:3c:2b:32:73:cf:6b:a2:97:bc:af:03:d8:1a:
                    70:53:55:19:3d:b7:83:52:ce:8c:89:a7:66:dd:67:
                    f1:54:0b:b9:c8:05:b7:b6:7a:a5:b4:50:f9:2d:0a:
                    92:7a:97:31:62:e2:72:ab:d6:f9:a2:b6:b0:24:38:
                    12:46:5f:3e:03:9a:66:41:83:8b:f7:59:dd:54:3a:
                    f9:d3:01:3c:77:90:ac:dc:bf:f3:4a:e2:3b:dd:24:
                    d9:41:b1:25:2e:25:26:a9:96:19:f1:05:18:08:cf:
                    9e:b6:79:c9:11:cb:c7:f3:65:9c:d5:36:46:9d:f6:
                    a7:e9:46:e8:73:ff:f4:12:12:81:bb:ac:aa:bf:7f:
                    64:ad:a0:4a:87:86:21:4b:69:76:22:a6:49:ea:f4:
                    e5:f3:7b:ce:45:c1:57:2f:ae:e4:af:7a:4c:14:b2:
                    11:ca:a4:c8:0b:40:1a:7b:a0:1c:5d:d8:7b:5a:67:
                    01:29:33:6a:7d:17:5f:2c:93:f9:4c:0f:fd:67:58:
                    8c:ff:71:12:5f:d0:05:93:6a:b7:81:20:af:3c:83:
                    1f:34:21:59:05:b7:31:6a:c5:43:ae:eb:85:c2:ea:
                    c0:53:5c:fb:b1:d4:ca:29:9f:c5:32:9f:77:63:80:
                    34:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:9F:15:65:90:CC:B2:41:89:1E:D7:0B:CE:56:47:D5:3C:09:62:3F
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/322e35382e37342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:86:6d:92:57:57:d0:9d:f5:10:8c:81:65:9d:b4:d7:e5:12:
         8a:bf:2d:fc:f3:63:79:f1:20:b5:68:30:e8:58:d8:08:4c:2f:
         50:cc:a1:c6:a8:e8:d5:01:b9:09:ec:5d:fe:7f:e5:af:9b:2b:
         8c:7a:d4:4a:8d:50:78:2a:56:e7:ad:67:3d:98:67:08:a0:37:
         2c:2e:ab:cc:62:26:8e:9d:3f:0b:a6:e4:bc:3d:57:45:71:b2:
         6a:cc:e6:17:87:39:fa:e8:a9:73:9b:64:4f:fe:c8:10:60:8a:
         54:bf:ab:50:c7:12:ff:39:68:25:31:c9:05:0f:f9:27:98:b0:
         9a:3b:e6:fe:f8:14:22:bc:f3:20:d5:90:95:c0:2d:58:b8:5d:
         cd:1a:51:53:47:c5:b7:bb:55:f8:ba:1d:97:25:0c:e5:d1:b6:
         22:40:a9:41:49:c1:cd:34:dc:31:1c:8c:22:71:a1:3c:24:0d:
         61:03:7d:77:c1:88:47:74:30:2e:00:d6:31:40:42:cb:a3:1a:
         24:55:37:4e:ae:2c:38:07:f4:32:d4:37:8a:fe:20:0b:5f:2f:
         69:a9:22:c3:ec:67:d3:5e:ce:f6:1e:b3:77:ed:3d:72:fa:8c:
         7d:15:b5:f9:c1:9a:95:c3:97:c3:99:3f:1f:e4:28:77:19:3b:
         a4:60:42:7d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFBWuigElNLL7GwuyVPeFGQVV25gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yMzA2MTkxNjI5MzRaFw0yNDA2MTcxNjM0MzRaMDMxMTAvBgNV
BAMTKDYxOUYxNTY1OTBDQ0IyNDE4OTFFRDcwQkNFNTY0N0Q1M0MwOTYyM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgk7RJDzjz84/XR2tUw86dPCsy
c89rope8rwPYGnBTVRk9t4NSzoyJp2bdZ/FUC7nIBbe2eqW0UPktCpJ6lzFi4nKr
1vmitrAkOBJGXz4DmmZBg4v3Wd1UOvnTATx3kKzcv/NK4jvdJNlBsSUuJSaplhnx
BRgIz562eckRy8fzZZzVNkad9qfpRuhz//QSEoG7rKq/f2StoEqHhiFLaXYipknq
9OXze85FwVcvruSvekwUshHKpMgLQBp7oBxd2HtaZwEpM2p9F18sk/lMD/1nWIz/
cRJf0AWTareBIK88gx80IVkFtzFqxUOu64XC6sBTXPux1Mopn8Uyn3djgDTJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUYZ8VZZDMskGJHtcLzlZH1TwJYj8wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzIyZTM1MzgyZTM3MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOkow
DQYJKoZIhvcNAQELBQADggEBADKGbZJXV9Cd9RCMgWWdtNflEoq/LfzzY3nxILVo
MOhY2AhML1DMocao6NUBuQnsXf5/5a+bK4x61EqNUHgqVuetZz2YZwigNywuq8xi
Jo6dPwum5Lw9V0VxsmrM5heHOfroqXObZE/+yBBgilS/q1DHEv85aCUxyQUP+SeY
sJo75v74FCK88yDVkJXALVi4Xc0aUVNHxbe7Vfi6HZclDOXRtiJAqUFJwc003DEc
jCJxoTwkDWEDfXfBiEd0MC4A1jFAQsujGiRVN06uLDgH9DLUN4r+IAtfL2mpIsPs
Z9NezvYes3ftPXL6jH0VtfnBmpXDl8OZPx/kKHcZO6RgQn0=
-----END CERTIFICATE-----