Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/322e35382e38302e302f32332d3332203d3e203531313637.roa
File:                     322e35382e38302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          vIuDO4pm503Kb6XBH8mBUbKUNi75xOfD9mqwzzbCgMU=
Subject key identifier:   90:01:A3:BA:9E:A7:B6:E0:E0:C0:A0:6E:86:E2:E8:47:40:87:D7:38
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       6220D60D4CD2598B333D22ABB92641FFBE72061D
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/322e35382e38302e302f32332d3332203d3e203531313637.roa
Signing time:             Thu 30 May 2024 20:39:01 +0000
ROA not before:           Thu 30 May 2024 20:34:01 +0000
ROA not after:            Thu 29 May 2025 20:39:01 +0000
asID:                     51167
IP address blocks:        2.58.80.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:20:d6:0d:4c:d2:59:8b:33:3d:22:ab:b9:26:41:ff:be:72:06:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: May 30 20:34:01 2024 GMT
            Not After : May 29 20:39:01 2025 GMT
        Subject: CN=9001A3BA9EA7B6E0E0C0A06E86E2E8474087D738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:44:d4:ae:e0:d1:a8:5b:7e:01:7f:2c:85:7c:
                    f3:c1:66:d0:00:8a:39:85:c2:56:9d:7a:c0:53:51:
                    8f:92:51:62:c3:7f:c3:bb:84:44:11:51:65:96:c8:
                    b7:8b:fc:b0:ec:1f:70:db:b2:72:67:47:23:9f:11:
                    9f:8c:a6:8d:b4:90:53:bd:70:32:95:66:de:e1:a1:
                    47:30:5b:e6:b5:6d:e4:ad:1f:17:36:47:e0:be:be:
                    88:5f:71:cd:c6:7e:63:19:9d:f2:0c:f4:4f:7c:0a:
                    9f:ed:5a:08:19:19:2c:51:38:67:eb:15:ff:28:ba:
                    2e:ae:2f:ed:25:7e:27:59:33:7c:2f:f0:44:5a:d7:
                    87:14:8f:52:17:e0:ce:60:e4:a8:c6:35:ed:19:5c:
                    80:f1:14:b7:2c:dd:d1:b7:7d:d3:a4:e3:a0:87:3a:
                    8e:e4:31:08:4f:b7:35:f9:4d:25:8e:af:9c:3a:bc:
                    18:b2:d2:e9:b0:5a:08:f0:cd:e3:6e:b5:d0:50:39:
                    37:69:ff:b8:0e:7f:70:99:6f:ba:0d:2e:e7:2f:40:
                    17:7d:9b:2c:f3:93:e0:1b:ee:5c:48:9d:a6:2b:ca:
                    95:59:a8:af:39:cd:d4:c1:65:03:dd:46:9e:a3:91:
                    e3:ae:ce:df:eb:54:1e:69:d6:3e:59:78:2a:ed:9c:
                    25:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:01:A3:BA:9E:A7:B6:E0:E0:C0:A0:6E:86:E2:E8:47:40:87:D7:38
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/322e35382e38302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:92:4a:bb:47:d9:ca:c6:fe:62:d6:48:65:9e:4c:70:45:29:
         b6:84:66:24:f1:99:15:2d:91:36:f4:8d:59:3c:9d:46:93:d7:
         e8:32:cf:7b:40:52:3a:8d:d4:4e:dd:87:4e:02:65:1a:6d:59:
         ff:e3:c2:ae:ee:41:73:e0:c6:bc:31:b9:fa:65:2d:3a:ca:98:
         99:6b:7a:e3:01:cc:eb:54:e6:da:be:35:a1:07:9c:64:15:3c:
         93:52:a9:ae:17:6b:14:0c:a1:64:b6:ee:a4:f3:9a:9c:5b:ba:
         8f:25:fa:55:91:d0:3b:97:9d:d4:df:7d:fb:d3:c8:4d:27:2d:
         9b:3a:50:45:b8:6d:7f:0f:78:a3:49:23:4e:51:27:8e:26:31:
         5d:bc:d2:23:d5:2e:92:4b:e0:ca:43:16:5d:45:61:07:34:9e:
         97:f8:17:ce:3e:66:be:05:4b:b5:72:fc:c1:e7:c3:f5:80:df:
         17:30:69:22:31:fe:3f:af:64:00:48:23:1c:02:66:1d:f3:e5:
         34:23:5d:4e:f7:c7:ae:97:39:8d:27:e0:b6:20:db:11:1f:80:
         65:aa:23:63:7e:d4:b6:16:05:f8:95:e3:d5:f7:27:90:58:c2:
         bf:3d:7e:f9:3f:e9:25:32:5b:87:20:10:84:9c:bc:cd:0c:a2:
         48:d9:c1:18
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYiDWDUzSWYszPSKruSZB/75yBh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA1MzAyMDM0MDFaFw0yNTA1MjkyMDM5MDFaMDMxMTAvBgNV
BAMTKDkwMDFBM0JBOUVBN0I2RTBFMEMwQTA2RTg2RTJFODQ3NDA4N0Q3MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDURNSu4NGoW34BfyyFfPPBZtAA
ijmFwladesBTUY+SUWLDf8O7hEQRUWWWyLeL/LDsH3DbsnJnRyOfEZ+Mpo20kFO9
cDKVZt7hoUcwW+a1beStHxc2R+C+vohfcc3GfmMZnfIM9E98Cp/tWggZGSxROGfr
Ff8oui6uL+0lfidZM3wv8ERa14cUj1IX4M5g5KjGNe0ZXIDxFLcs3dG3fdOk46CH
Oo7kMQhPtzX5TSWOr5w6vBiy0umwWgjwzeNutdBQOTdp/7gOf3CZb7oNLucvQBd9
myzzk+Ab7lxInaYrypVZqK85zdTBZQPdRp6jkeOuzt/rVB5p1j5ZeCrtnCXrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUkAGjup6ntuDgwKBuhuLoR0CH1zgwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzIyZTM1MzgyZTM4MzAyZTMw
MmYzMjMzMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAjpQMA0G
CSqGSIb3DQEBCwUAA4IBAQCakkq7R9nKxv5i1khlnkxwRSm2hGYk8ZkVLZE29I1Z
PJ1Gk9foMs97QFI6jdRO3YdOAmUabVn/48Ku7kFz4Ma8Mbn6ZS06ypiZa3rjAczr
VObavjWhB5xkFTyTUqmuF2sUDKFktu6k85qcW7qPJfpVkdA7l53U333708hNJy2b
OlBFuG1/D3ijSSNOUSeOJjFdvNIj1S6SS+DKQxZdRWEHNJ6X+BfOPma+BUu1cvzB
58P1gN8XMGkiMf4/r2QASCMcAmYd8+U0I11O98eulzmNJ+C2INsRH4BlqiNjftS2
FgX4lePV9yeQWMK/PX75P+klMluHIBCEnLzNDKJI2cEY
-----END CERTIFICATE-----