Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
File:                     322e35382e38372e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          kUgTE2a4CKsPHl9bLrfZ/Gta+XZ5VP70TULFsMrpKIE=
Subject key identifier:   11:42:F8:DA:83:18:BB:48:95:D5:2A:D8:3E:38:A7:53:99:46:67:76
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       521D9BB049E3A6103DACC7E3EA06E1101D7328BF
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa
Signing time:             Thu 08 May 2025 16:54:07 +0000
ROA not before:           Thu 08 May 2025 16:49:07 +0000
ROA not after:            Thu 07 May 2026 16:54:07 +0000
asID:                     142111
IP address blocks:        2.58.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:1d:9b:b0:49:e3:a6:10:3d:ac:c7:e3:ea:06:e1:10:1d:73:28:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:07 2025 GMT
            Not After : May  7 16:54:07 2026 GMT
        Subject: CN=1142F8DA8318BB4895D52AD83E38A75399466776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c8:e4:7d:d0:43:c2:95:ac:b8:06:ff:8c:c9:
                    d5:a6:8d:3a:21:b2:69:98:b1:a1:38:83:7e:98:6e:
                    9d:a8:c8:69:1b:7a:0a:a7:13:85:17:fa:50:61:14:
                    81:3a:3c:fa:0b:46:7a:ce:42:cf:0e:df:cf:37:58:
                    76:e6:f0:dc:8e:1f:84:12:62:ed:f2:7f:24:7e:ad:
                    af:27:3e:d5:1b:07:5a:e5:19:66:92:93:3f:77:b6:
                    d9:a1:c3:9f:74:7d:2a:90:07:a7:96:53:fa:b5:90:
                    31:96:ec:bf:3e:57:dd:35:60:15:df:e5:c4:30:f1:
                    60:a9:e3:c7:34:a8:87:31:4a:81:54:5c:b5:ad:f9:
                    aa:a1:56:7e:c3:18:b2:9a:44:88:9b:cc:f2:2b:ae:
                    06:3e:df:cc:a2:69:94:89:f4:32:3e:7f:17:5d:0b:
                    d0:cf:56:fe:f6:37:4c:6f:ff:99:9f:5e:e0:77:b1:
                    38:ba:f0:aa:03:aa:54:d2:98:48:be:01:8f:0e:93:
                    18:15:f5:01:fd:0c:57:75:05:89:7c:3d:d5:5d:7b:
                    b6:fd:89:c4:e5:23:40:cb:19:f2:c2:50:78:77:18:
                    96:45:08:01:44:52:58:87:0e:f7:c3:57:c9:36:e5:
                    70:83:e5:c9:45:50:6c:4f:93:81:19:83:bf:3f:d9:
                    ba:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:42:F8:DA:83:18:BB:48:95:D5:2A:D8:3E:38:A7:53:99:46:67:76
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:3a:55:1a:04:70:9f:07:00:a2:4b:50:9c:b9:85:9d:68:29:
         07:0c:b3:1b:a2:8e:4b:bb:87:17:56:59:71:33:c2:fd:9e:df:
         49:7a:a9:70:5a:c1:36:12:53:77:89:f5:65:06:2a:0b:4c:29:
         c0:68:13:1f:b8:ab:61:b8:1c:11:68:e3:c2:2c:47:c4:77:81:
         23:37:a0:86:24:6d:e2:79:29:17:82:e3:79:35:5d:18:f7:c4:
         57:b2:2a:07:1b:3c:cf:05:e7:10:32:4f:d3:39:63:62:65:b2:
         27:da:09:b0:39:10:b9:d8:00:6a:78:be:e5:a0:a1:3e:05:32:
         6f:b8:84:dd:fa:97:a5:7a:ef:ff:a4:e3:8c:77:a8:c3:c3:40:
         3b:8f:0a:2e:3f:56:42:7a:61:a1:ce:b7:70:56:a6:fc:9a:fe:
         27:86:4e:77:88:fc:7d:95:6b:d6:6f:7c:52:f1:11:30:48:da:
         e9:1d:02:b8:4d:a8:38:8f:cd:b5:ae:c3:39:03:64:81:18:58:
         a0:38:6c:a3:d7:93:2f:38:e2:a0:af:f2:88:4a:a0:b4:6b:fc:
         54:9b:0d:2f:22:a1:6a:99:df:db:ef:7f:9c:23:e8:0b:46:38:
         ba:17:7e:c8:cb:b9:7a:d9:dc:10:6e:eb:39:0c:03:92:86:79:
         2f:ad:fd:32
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUh2bsEnjphA9rMfj6gbhEB1zKL8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDdaFw0yNjA1MDcxNjU0MDdaMDMxMTAvBgNV
BAMTKDExNDJGOERBODMxOEJCNDg5NUQ1MkFEODNFMzhBNzUzOTk0NjY3NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1yOR90EPClay4Bv+MydWmjToh
smmYsaE4g36Ybp2oyGkbegqnE4UX+lBhFIE6PPoLRnrOQs8O3883WHbm8NyOH4QS
Yu3yfyR+ra8nPtUbB1rlGWaSkz93ttmhw590fSqQB6eWU/q1kDGW7L8+V901YBXf
5cQw8WCp48c0qIcxSoFUXLWt+aqhVn7DGLKaRIibzPIrrgY+38yiaZSJ9DI+fxdd
C9DPVv72N0xv/5mfXuB3sTi68KoDqlTSmEi+AY8OkxgV9QH9DFd1BYl8PdVde7b9
icTlI0DLGfLCUHh3GJZFCAFEUliHDvfDV8k25XCD5clFUGxPk4EZg78/2brvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEUL42oMYu0iV1SrYPjinU5lGZ3YwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAFo6VRoEcJ8HAKJLUJy5hZ1oKQcMsxuijku7hxdW
WXEzwv2e30l6qXBawTYSU3eJ9WUGKgtMKcBoEx+4q2G4HBFo48IsR8R3gSM3oIYk
beJ5KReC43k1XRj3xFeyKgcbPM8F5xAyT9M5Y2JlsifaCbA5ELnYAGp4vuWgoT4F
Mm+4hN36l6V67/+k44x3qMPDQDuPCi4/VkJ6YaHOt3BWpvya/ieGTneI/H2Va9Zv
fFLxETBI2ukdArhNqDiPzbWuwzkDZIEYWKA4bKPXky844qCv8ohKoLRr/FSbDS8i
oWqZ39vvf5wj6AtGOLoXfsjLuXrZ3BBu6zkMA5KGeS+t/TI=
-----END CERTIFICATE-----