Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e203432383331.roa
File:                     322e35382e38362e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          Ga9fSUVi9MuY7PSZ+TJisDhWnGoWEZ4TH7+EN9QxZpk=
Subject key identifier:   41:82:AB:BC:54:0F:38:0B:7C:1E:5F:7E:E8:EA:32:B4:82:73:06:CE
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       7482C0B5398E19E5775EBB74CCEDD19B8F73B13F
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e203432383331.roa
Signing time:             Mon 03 Nov 2025 16:16:09 +0000
ROA not before:           Mon 03 Nov 2025 16:11:09 +0000
ROA not after:            Mon 02 Nov 2026 16:16:09 +0000
asID:                     42831
IP address blocks:        2.58.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:58:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:82:c0:b5:39:8e:19:e5:77:5e:bb:74:cc:ed:d1:9b:8f:73:b1:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov  3 16:11:09 2025 GMT
            Not After : Nov  2 16:16:09 2026 GMT
        Subject: CN=4182ABBC540F380B7C1E5F7EE8EA32B4827306CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3d:88:19:98:9c:b6:c4:fe:d8:b0:00:34:bc:
                    a5:32:6a:bc:7c:58:d4:8a:7c:b9:b3:74:c5:5f:7d:
                    2a:56:cc:b0:bb:5b:ad:a9:8f:63:32:c0:f5:a8:f7:
                    c2:42:c0:e5:06:ce:28:5e:e1:8c:cf:e8:c8:a9:ca:
                    c8:f0:02:a8:b4:c4:00:fc:34:2f:aa:a0:b2:ac:5e:
                    bd:05:eb:4d:c9:cd:fa:1c:79:f0:f7:55:01:9c:c6:
                    a0:95:2a:da:9b:89:d0:cc:95:85:2e:87:9e:d0:6a:
                    c8:3e:10:77:9e:62:80:54:cd:8e:12:f3:4e:4e:5d:
                    90:9f:12:5f:fc:97:03:27:d3:1f:af:26:15:21:78:
                    28:e1:0e:1c:f6:10:ac:88:91:5f:c6:99:0a:29:73:
                    f5:87:d5:96:d2:c2:17:32:42:82:6a:ed:df:d7:cd:
                    91:31:f2:9b:42:02:c8:55:9a:a1:d9:04:8c:ab:30:
                    9e:19:9c:33:a7:e8:b6:5b:3e:3d:4f:e4:f0:69:2a:
                    28:82:72:fc:59:e9:91:ff:60:9a:7a:3c:ff:34:0b:
                    b0:19:45:1e:e7:dc:22:2a:1b:8b:0a:51:25:af:94:
                    49:a8:2f:37:19:d9:71:4f:f3:d3:7b:45:c7:36:be:
                    d4:99:a6:27:b1:76:75:bb:23:5e:24:3b:2b:e5:6f:
                    2e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:82:AB:BC:54:0F:38:0B:7C:1E:5F:7E:E8:EA:32:B4:82:73:06:CE
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38362e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:5c:23:ad:8c:64:be:68:44:18:51:38:fe:d9:2b:48:6b:9d:
         d3:71:f6:29:b6:2f:42:54:cb:b8:0a:f1:3a:e9:b5:c3:9a:ed:
         88:6d:c0:55:a9:de:4c:e2:b9:09:31:45:dc:00:3a:e9:81:9e:
         e9:d2:00:b9:de:d2:29:73:ee:6a:57:3e:ff:b3:fa:89:82:1c:
         96:7d:06:7f:fa:3a:95:c4:62:d3:ef:cd:02:22:cc:bd:be:19:
         ce:80:c3:06:e6:28:57:c1:fb:38:d6:ba:d9:66:eb:5e:22:63:
         3a:35:b6:2a:bd:60:35:c5:8e:b6:4d:48:26:93:f7:39:21:ea:
         f5:9f:d5:d4:f2:04:e7:6b:c8:8c:ee:e3:16:53:2f:88:f3:b5:
         62:ed:8a:94:f0:14:d9:8b:d1:0b:f8:0f:ed:27:59:c2:cd:16:
         99:8e:b2:eb:8a:ec:ee:ec:bb:9f:1a:ac:02:3e:14:e8:5b:95:
         a6:ba:59:9b:73:18:4b:a6:3f:4c:55:3f:fb:40:e1:1b:9c:45:
         27:09:f6:20:da:fa:79:b2:21:42:88:36:b5:5d:c6:81:b5:2b:
         1b:6e:0d:6d:ec:3c:c0:28:14:73:45:39:e9:58:71:8c:8d:42:
         d0:85:5e:72:ac:74:02:22:77:a4:9d:1b:db:bf:d9:8b:9c:43:
         45:2b:3e:19
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUdILAtTmOGeV3Xrt0zO3Rm49zsT8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTExMDMxNjExMDlaFw0yNjExMDIxNjE2MDlaMDMxMTAvBgNV
BAMTKDQxODJBQkJDNTQwRjM4MEI3QzFFNUY3RUU4RUEzMkI0ODI3MzA2Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/PYgZmJy2xP7YsAA0vKUyarx8
WNSKfLmzdMVffSpWzLC7W62pj2MywPWo98JCwOUGzihe4YzP6MipysjwAqi0xAD8
NC+qoLKsXr0F603JzfocefD3VQGcxqCVKtqbidDMlYUuh57Qasg+EHeeYoBUzY4S
805OXZCfEl/8lwMn0x+vJhUheCjhDhz2EKyIkV/GmQopc/WH1ZbSwhcyQoJq7d/X
zZEx8ptCAshVmqHZBIyrMJ4ZnDOn6LZbPj1P5PBpKiiCcvxZ6ZH/YJp6PP80C7AZ
RR7n3CIqG4sKUSWvlEmoLzcZ2XFP89N7Rcc2vtSZpiexdnW7I14kOyvlby4XAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUQYKrvFQPOAt8Hl9+6OoytIJzBs4wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMyMzgzMzMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpWMA0G
CSqGSIb3DQEBCwUAA4IBAQDDXCOtjGS+aEQYUTj+2StIa53TcfYpti9CVMu4CvE6
6bXDmu2IbcBVqd5M4rkJMUXcADrpgZ7p0gC53tIpc+5qVz7/s/qJghyWfQZ/+jqV
xGLT780CIsy9vhnOgMMG5ihXwfs41rrZZuteImM6NbYqvWA1xY62TUgmk/c5Ier1
n9XU8gTna8iM7uMWUy+I87Vi7YqU8BTZi9EL+A/tJ1nCzRaZjrLriuzu7LufGqwC
PhToW5WmulmbcxhLpj9MVT/7QOEbnEUnCfYg2vp5siFCiDa1XcaBtSsbbg1t7DzA
KBRzRTnpWHGMjULQhV5yrHQCIneknRvbv9mLnENFKz4Z
-----END CERTIFICATE-----