Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/322e35382e38332e302f32342d3332203d3e203531313637.roa
File:                     322e35382e38332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          W9PXopOFXy9OZI26n18fKr5CUOtzGnaRHvAZEqKROpg=
Subject key identifier:   1E:FE:37:B3:B9:6F:A5:D3:4C:89:22:16:3A:08:BD:67:C5:19:30:81
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       739707ED896F5D512F0563BFA44EF89626EBE53E
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/322e35382e38332e302f32342d3332203d3e203531313637.roa
Signing time:             Thu 30 May 2024 20:39:09 +0000
ROA not before:           Thu 30 May 2024 20:34:09 +0000
ROA not after:            Thu 29 May 2025 20:39:09 +0000
asID:                     51167
IP address blocks:        2.58.83.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:97:07:ed:89:6f:5d:51:2f:05:63:bf:a4:4e:f8:96:26:eb:e5:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: May 30 20:34:09 2024 GMT
            Not After : May 29 20:39:09 2025 GMT
        Subject: CN=1EFE37B3B96FA5D34C8922163A08BD67C5193081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:02:a4:4e:88:9d:e3:1a:dd:a9:ff:f3:aa:2b:
                    27:e2:fc:ea:b4:84:d2:24:36:7a:17:71:1d:32:15:
                    1d:d4:15:b1:4e:c4:09:f0:f3:7b:00:8d:ac:ab:a0:
                    9d:3a:47:46:19:5c:76:6b:db:df:44:78:45:df:1a:
                    61:a2:aa:f6:a1:fe:0f:6e:ba:b3:f6:ef:75:b8:d2:
                    c8:37:15:82:20:81:6a:34:3a:f3:db:83:b6:af:9c:
                    43:fc:2b:b4:b2:3b:78:7f:23:ca:f0:7c:29:7b:e4:
                    d5:e2:db:08:94:97:01:5f:6d:b9:ac:8a:ee:41:03:
                    8d:2c:10:55:ad:8e:c1:95:be:40:4e:9b:c4:6d:3a:
                    b0:5a:25:3e:d2:ca:cb:98:1d:11:99:8e:45:f0:02:
                    27:d4:24:9c:51:88:36:68:f8:ce:ce:a4:1b:eb:cf:
                    e8:06:ce:0f:ea:90:7a:05:95:c2:cc:a7:07:8b:3d:
                    a9:bc:ff:b8:ac:a4:3a:02:e5:fd:33:42:84:9c:fd:
                    96:41:f0:6f:cb:64:6f:9c:6b:11:2f:66:5b:91:6a:
                    6e:db:8a:d4:e8:5a:a3:3f:83:a3:a9:0c:55:d0:4d:
                    6e:4c:29:d7:74:aa:43:55:6c:03:b9:8f:ca:6b:57:
                    6c:23:67:52:cb:9a:ab:eb:ea:28:c9:52:7c:ad:0e:
                    65:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:FE:37:B3:B9:6F:A5:D3:4C:89:22:16:3A:08:BD:67:C5:19:30:81
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/322e35382e38332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:c5:02:68:31:33:aa:9c:86:a4:f9:17:dd:75:16:6c:54:8e:
         fa:6b:b0:e1:9a:41:90:4c:d0:8c:e9:86:8b:5b:db:88:f6:41:
         a2:83:2d:d8:8b:65:7e:4e:d1:25:41:de:e0:34:a5:dd:f6:9b:
         16:bc:ed:d7:69:8a:48:1b:04:15:31:3a:ec:81:d9:b0:60:ee:
         78:d6:0e:41:31:71:77:e3:55:aa:bc:e0:45:17:9b:f2:f6:91:
         23:ab:b2:02:61:92:86:7e:27:c5:ac:4e:fa:7e:87:9c:78:60:
         fd:a1:80:32:6e:51:31:43:2c:a2:6d:8b:7a:f6:c7:05:dd:a6:
         a9:f3:4c:6b:97:c1:ca:44:4d:53:3f:09:32:de:be:55:ff:00:
         5c:0a:18:cb:41:7e:9d:8a:bb:76:04:ed:97:48:1c:95:be:ed:
         ce:b9:84:2e:98:f4:49:d9:f8:63:6c:03:0f:04:e2:56:81:12:
         7a:14:13:a9:d8:06:26:78:ba:11:54:4e:c2:73:dd:f8:51:78:
         46:9d:40:36:91:ec:4b:18:19:1d:81:02:af:a5:78:94:4a:37:
         6c:32:5a:93:e2:a1:10:c3:8a:54:e8:9b:f5:0b:b5:d6:d8:73:
         d2:a6:09:b0:e3:87:44:4a:d2:11:6d:f3:e5:07:19:7f:95:d0:
         01:b3:a0:49
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUc5cH7YlvXVEvBWO/pE74libr5T4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA1MzAyMDM0MDlaFw0yNTA1MjkyMDM5MDlaMDMxMTAvBgNV
BAMTKDFFRkUzN0IzQjk2RkE1RDM0Qzg5MjIxNjNBMDhCRDY3QzUxOTMwODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBAqROiJ3jGt2p//OqKyfi/Oq0
hNIkNnoXcR0yFR3UFbFOxAnw83sAjayroJ06R0YZXHZr299EeEXfGmGiqvah/g9u
urP273W40sg3FYIggWo0OvPbg7avnEP8K7SyO3h/I8rwfCl75NXi2wiUlwFfbbms
iu5BA40sEFWtjsGVvkBOm8RtOrBaJT7SysuYHRGZjkXwAifUJJxRiDZo+M7OpBvr
z+gGzg/qkHoFlcLMpweLPam8/7ispDoC5f0zQoSc/ZZB8G/LZG+caxEvZluRam7b
itToWqM/g6OpDFXQTW5MKdd0qkNVbAO5j8prV2wjZ1LLmqvr6ijJUnytDmWtAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUHv43s7lvpdNMiSIWOgi9Z8UZMIEwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzIyZTM1MzgyZTM4MzMyZTMw
MmYzMjM0MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpTMA0G
CSqGSIb3DQEBCwUAA4IBAQBfxQJoMTOqnIak+RfddRZsVI76a7DhmkGQTNCM6YaL
W9uI9kGigy3Yi2V+TtElQd7gNKXd9psWvO3XaYpIGwQVMTrsgdmwYO541g5BMXF3
41WqvOBFF5vy9pEjq7ICYZKGfifFrE76foeceGD9oYAyblExQyyibYt69scF3aap
80xrl8HKRE1TPwky3r5V/wBcChjLQX6dirt2BO2XSByVvu3OuYQumPRJ2fhjbAMP
BOJWgRJ6FBOp2AYmeLoRVE7Cc934UXhGnUA2kexLGBkdgQKvpXiUSjdsMlqT4qEQ
w4pU6Jv1C7XW2HPSpgmw44dEStIRbfPlBxl/ldABs6BJ
-----END CERTIFICATE-----