Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
File:                     322e35382e38342e302f32342d3234203d3e20323136323231.roa (raw, json)
Hash identifier:          U1S3You+fAZhVhvcdrRdWu8kGCzRG+R0tCv8DlClNys=
Subject key identifier:   D1:86:53:F8:3B:5A:C5:03:45:90:20:76:37:8E:36:E1:18:85:87:91
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       25EBA7880A1F789613EB232785E823B71EAA3DA0
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
Signing time:             Thu 15 May 2025 14:54:08 +0000
ROA not before:           Thu 15 May 2025 14:49:08 +0000
ROA not after:            Thu 14 May 2026 14:54:08 +0000
asID:                     216221
IP address blocks:        2.58.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 15:24:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:eb:a7:88:0a:1f:78:96:13:eb:23:27:85:e8:23:b7:1e:aa:3d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May 15 14:49:08 2025 GMT
            Not After : May 14 14:54:08 2026 GMT
        Subject: CN=D18653F83B5AC50345902076378E36E118858791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f3:b2:10:aa:12:11:ae:d7:d6:56:f8:45:be:
                    e4:63:f4:59:c1:cd:6d:4a:59:73:b1:62:c6:48:53:
                    99:d2:96:22:05:50:4c:6f:bb:14:34:36:79:6b:1b:
                    3f:75:e1:6a:98:89:e9:27:06:42:d7:cd:14:ba:55:
                    2a:f7:04:db:09:a0:31:54:0c:8d:cd:82:7e:1c:4f:
                    f2:5d:12:28:14:49:26:e5:81:52:89:4e:c5:3b:6f:
                    7a:a6:43:1a:80:34:2d:f7:1a:6a:a0:83:0c:c0:68:
                    31:8c:75:6b:d7:c7:a2:8b:f3:9b:1c:6e:44:52:ff:
                    f7:45:a7:52:a7:0f:27:98:fd:65:a6:e2:bc:60:da:
                    b1:b6:d6:2c:3b:11:7e:c9:06:6f:00:b9:c9:4e:ba:
                    cb:36:a0:8a:47:39:66:9e:5a:b5:6f:7a:b8:9b:42:
                    26:d9:66:82:5c:53:28:94:9a:bf:54:6e:48:98:08:
                    2a:ce:f0:60:30:09:59:a0:8a:52:d6:7d:c8:bb:7e:
                    e3:00:dd:f4:54:02:d3:48:c2:0b:77:fa:a4:25:2a:
                    63:90:e8:be:cb:48:30:9b:33:9b:ee:00:a4:94:21:
                    4b:ed:6e:fd:da:3b:08:91:64:6a:39:f6:75:ce:a8:
                    3a:43:5c:0e:42:93:cf:4b:85:5c:85:ba:c1:c0:82:
                    51:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:86:53:F8:3B:5A:C5:03:45:90:20:76:37:8E:36:E1:18:85:87:91
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:7c:59:39:f8:53:77:37:62:a8:bd:c3:c9:71:53:42:16:ea:
         c3:3a:4e:7b:38:82:73:8f:af:c9:d1:f0:c0:ef:fb:44:30:03:
         f2:29:94:e0:06:eb:39:5a:ca:db:09:bf:79:5b:7a:cb:fb:b3:
         d5:eb:c4:54:0e:52:47:a5:15:0d:07:94:da:76:87:9d:df:c3:
         bc:2f:33:62:8d:7e:f8:85:8a:55:ae:35:a6:e4:56:dd:1f:17:
         7e:70:da:41:a2:61:e0:5b:95:60:73:63:2a:34:63:81:ad:65:
         d2:24:3e:c8:8a:6c:3e:02:23:c1:bd:ae:8d:cf:38:8f:50:bf:
         41:b7:85:06:2a:04:e4:db:24:14:7c:4d:3f:ac:05:b1:93:7a:
         cf:e5:bc:43:c1:1c:be:36:60:26:60:8b:a2:e1:11:20:13:2c:
         27:01:92:57:64:ec:f0:6d:bc:3d:6b:6a:8a:97:c2:14:7a:57:
         d0:af:e9:37:71:9c:10:65:33:34:45:95:0d:51:dc:c9:bc:f3:
         a0:5f:3c:a8:3e:18:7b:c2:f6:a7:e6:ae:0d:b2:73:3c:6e:99:
         a3:f5:af:7f:72:02:c3:ab:37:61:89:29:92:be:25:fe:31:3c:
         7d:6d:52:08:56:82:72:cf:12:45:98:fc:51:d3:5a:0d:a1:20:
         da:b1:c5:bc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJeuniAofeJYT6yMnhegjtx6qPaAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MTUxNDQ5MDhaFw0yNjA1MTQxNDU0MDhaMDMxMTAvBgNV
BAMTKEQxODY1M0Y4M0I1QUM1MDM0NTkwMjA3NjM3OEUzNkUxMTg4NTg3OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL87IQqhIRrtfWVvhFvuRj9FnB
zW1KWXOxYsZIU5nSliIFUExvuxQ0NnlrGz914WqYieknBkLXzRS6VSr3BNsJoDFU
DI3Ngn4cT/JdEigUSSblgVKJTsU7b3qmQxqANC33GmqggwzAaDGMdWvXx6KL85sc
bkRS//dFp1KnDyeY/WWm4rxg2rG21iw7EX7JBm8AuclOuss2oIpHOWaeWrVverib
QibZZoJcUyiUmr9UbkiYCCrO8GAwCVmgilLWfci7fuMA3fRUAtNIwgt3+qQlKmOQ
6L7LSDCbM5vuAKSUIUvtbv3aOwiRZGo59nXOqDpDXA5Ck89LhVyFusHAglFDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU0YZT+DtaxQNFkCB2N4424RiFh5EwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlQw
DQYJKoZIhvcNAQELBQADggEBADV8WTn4U3c3Yqi9w8lxU0IW6sM6Tns4gnOPr8nR
8MDv+0QwA/IplOAG6zlaytsJv3lbesv7s9XrxFQOUkelFQ0HlNp2h53fw7wvM2KN
fviFilWuNabkVt0fF35w2kGiYeBblWBzYyo0Y4GtZdIkPsiKbD4CI8G9ro3POI9Q
v0G3hQYqBOTbJBR8TT+sBbGTes/lvEPBHL42YCZgi6LhESATLCcBkldk7PBtvD1r
aoqXwhR6V9Cv6TdxnBBlMzRFlQ1R3Mm886BfPKg+GHvC9qfmrg2yczxumaP1r39y
AsOrN2GJKZK+Jf4xPH1tUghWgnLPEkWY/FHTWg2hINqxxbw=
-----END CERTIFICATE-----