Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
File:                     322e35382e38342e302f32342d3234203d3e20323136323231.roa (raw, json)
Hash identifier:          HDA68mLG6MRopGu3U6pdcLVz81PI4pAevW0Vz54vlJI=
Subject key identifier:   BF:C9:9E:F9:3F:02:8B:8E:76:5F:3E:B1:F6:8D:D4:1B:FE:5D:BE:DD
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       72BFA0B75A07568E73606FC314F74387A3B29400
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa
Signing time:             Thu 16 Apr 2026 15:47:05 +0000
ROA not before:           Thu 16 Apr 2026 15:42:05 +0000
ROA not after:            Thu 15 Apr 2027 15:47:05 +0000
asID:                     216221
IP address blocks:        2.58.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:20:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:bf:a0:b7:5a:07:56:8e:73:60:6f:c3:14:f7:43:87:a3:b2:94:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Apr 16 15:42:05 2026 GMT
            Not After : Apr 15 15:47:05 2027 GMT
        Subject: CN=BFC99EF93F028B8E765F3EB1F68DD41BFE5DBEDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:38:da:60:f9:51:e5:c6:74:82:d5:8d:90:f8:
                    0a:08:21:e6:ca:a6:ab:46:e0:b5:0a:9b:2c:0f:c0:
                    33:85:e1:2c:59:e4:20:b4:4e:d0:bc:3c:54:cd:d3:
                    63:85:0b:f7:b5:35:28:1a:8b:4f:5e:a0:82:3e:c3:
                    6c:45:7b:04:06:06:ee:20:40:3f:b8:97:52:c4:7c:
                    26:53:e4:c8:67:72:15:1a:b9:f1:62:80:61:26:c7:
                    3c:4e:e7:3c:22:25:08:44:65:89:e8:4e:4e:22:c5:
                    61:c4:5c:51:b4:45:5f:6b:89:9c:62:39:cb:92:24:
                    0e:f0:60:91:9b:5d:36:7c:d2:ad:e4:26:f8:d0:f1:
                    6c:e9:97:22:a4:22:ca:f3:a4:9a:42:65:05:87:c0:
                    23:4b:47:9c:e3:12:63:7a:c7:2f:be:19:f7:a3:f4:
                    78:2c:96:35:c3:ed:dd:b2:80:fb:32:9c:ca:ea:e8:
                    24:e4:11:4c:29:3c:b8:24:0b:a1:b8:0f:c3:52:9c:
                    19:8a:1b:50:ac:3a:5b:d1:b0:be:94:71:15:2c:9b:
                    c0:6b:eb:f5:26:02:42:8e:e2:18:22:00:10:20:86:
                    f2:ea:9b:64:09:57:b0:7c:02:23:b0:f1:fa:31:58:
                    f6:ec:b9:97:04:59:c5:65:ec:83:5c:99:dc:73:9d:
                    59:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:C9:9E:F9:3F:02:8B:8E:76:5F:3E:B1:F6:8D:D4:1B:FE:5D:BE:DD
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38342e302f32342d3234203d3e20323136323231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:e4:10:33:85:7b:68:fc:f9:b0:60:54:81:9e:68:37:ed:a3:
         f9:d8:86:3d:ab:9b:23:72:40:4e:90:ca:b7:f6:86:a6:45:52:
         5b:46:5e:0c:a1:62:e9:26:4a:47:08:bd:c5:0b:e4:31:0c:df:
         08:b5:d5:b0:ea:fb:ef:f7:e2:f7:75:7c:71:3c:61:97:e6:18:
         fb:40:6f:dc:96:bf:ba:06:0c:98:55:d1:e0:c3:be:c4:02:04:
         8d:11:e5:97:32:6d:ac:0c:78:13:98:64:bc:59:a8:81:1a:37:
         de:c7:e7:a3:3d:21:e7:e6:32:f4:b8:d3:e9:13:24:05:68:5f:
         7e:0e:72:9f:1c:8c:4c:b9:51:6d:f1:12:bc:f8:d7:c1:6c:b8:
         cb:41:30:7a:ae:bd:bc:41:23:32:9d:38:32:ca:8e:52:45:1c:
         57:e9:d9:70:f4:45:89:44:4b:24:21:a4:43:04:03:d6:f8:e0:
         89:f3:b1:e9:22:0e:38:d3:b5:5e:1d:fb:27:87:65:e5:4a:77:
         1f:63:be:f2:5b:b9:f9:81:97:28:a3:98:81:eb:e0:8e:b8:2d:
         43:e0:5a:15:bc:f1:96:68:fa:90:8c:b1:7c:5e:e4:22:dc:b4:
         cc:ae:0c:f4:04:93:98:e7:b9:19:f4:54:b2:75:97:66:fb:81:
         cf:20:b5:d4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcr+gt1oHVo5zYG/DFPdDh6OylAAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA0MTYxNTQyMDVaFw0yNzA0MTUxNTQ3MDVaMDMxMTAvBgNV
BAMTKEJGQzk5RUY5M0YwMjhCOEU3NjVGM0VCMUY2OERENDFCRkU1REJFREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQONpg+VHlxnSC1Y2Q+AoIIebK
pqtG4LUKmywPwDOF4SxZ5CC0TtC8PFTN02OFC/e1NSgai09eoII+w2xFewQGBu4g
QD+4l1LEfCZT5MhnchUaufFigGEmxzxO5zwiJQhEZYnoTk4ixWHEXFG0RV9riZxi
OcuSJA7wYJGbXTZ80q3kJvjQ8WzplyKkIsrzpJpCZQWHwCNLR5zjEmN6xy++Gfej
9HgsljXD7d2ygPsynMrq6CTkEUwpPLgkC6G4D8NSnBmKG1CsOlvRsL6UcRUsm8Br
6/UmAkKO4hgiABAghvLqm2QJV7B8AiOw8foxWPbsuZcEWcVl7INcmdxznVnRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUv8me+T8Ci452Xz6x9o3UG/5dvt0wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlQw
DQYJKoZIhvcNAQELBQADggEBAMbkEDOFe2j8+bBgVIGeaDfto/nYhj2rmyNyQE6Q
yrf2hqZFUltGXgyhYukmSkcIvcUL5DEM3wi11bDq++/34vd1fHE8YZfmGPtAb9yW
v7oGDJhV0eDDvsQCBI0R5ZcybawMeBOYZLxZqIEaN97H56M9IefmMvS40+kTJAVo
X34Ocp8cjEy5UW3xErz418FsuMtBMHquvbxBIzKdODLKjlJFHFfp2XD0RYlESyQh
pEMEA9b44InzsekiDjjTtV4d+yeHZeVKdx9jvvJbufmBlyijmIHr4I64LUPgWhW8
8ZZo+pCMsXxe5CLctMyuDPQEk5jnuRn0VLJ1l2b7gc8gtdQ=
-----END CERTIFICATE-----