Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
File:                     322e35382e38372e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          QRi10MpDgznqI8bS46L6NDrdFiSyx4Dn/3yW/JjyzZ0=
Subject key identifier:   9A:49:0D:F5:11:AD:BD:8C:A4:4B:9C:9A:1A:89:1E:1E:E7:95:01:F2
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       335BD780B09982233311B71E913DAD8CB6EE5731
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa
Signing time:             Mon 30 Jun 2025 06:02:45 +0000
ROA not before:           Mon 30 Jun 2025 05:57:45 +0000
ROA not after:            Mon 29 Jun 2026 06:02:45 +0000
asID:                     152672
IP address blocks:        2.58.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 22:26:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:5b:d7:80:b0:99:82:23:33:11:b7:1e:91:3d:ad:8c:b6:ee:57:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun 30 05:57:45 2025 GMT
            Not After : Jun 29 06:02:45 2026 GMT
        Subject: CN=9A490DF511ADBD8CA44B9C9A1A891E1EE79501F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7f:f5:37:17:b1:6d:ce:37:65:51:1c:67:80:
                    5c:b6:fb:b8:4f:06:96:f5:78:0b:9d:d7:68:cc:1a:
                    35:e4:cb:ca:d5:86:08:c5:9d:c6:e2:02:e1:a3:1f:
                    2e:f2:57:02:ab:a3:47:b2:0f:13:82:e4:fc:13:15:
                    c1:2c:79:94:c8:24:c0:b0:b4:30:48:57:49:dc:ea:
                    c9:9d:6b:b0:87:fb:f1:85:f9:be:a6:e5:e0:a7:2c:
                    c2:73:2e:03:5d:1a:e4:21:01:77:30:ce:5e:07:64:
                    c9:11:72:c8:ba:92:11:aa:f3:d3:80:ce:d9:e4:23:
                    b6:72:7d:3f:33:9c:5a:51:f6:07:e6:35:38:d9:cd:
                    b0:6a:00:38:3e:9e:d6:24:4c:aa:65:69:56:3e:82:
                    ef:bb:88:63:c3:55:42:c3:f0:0d:d4:87:70:06:9b:
                    1f:37:97:e3:4c:e8:81:b4:0a:f1:16:b6:43:01:26:
                    98:ac:68:d3:2d:b3:ea:cc:95:65:24:14:1f:97:fa:
                    05:7c:61:35:9d:3e:52:57:9d:65:ff:e2:2d:d4:31:
                    e6:e3:81:28:f9:b2:cd:b5:48:4c:c8:a2:99:f8:a4:
                    23:88:c0:39:c5:c7:0e:bd:06:41:48:4d:46:5c:96:
                    5c:01:bf:60:74:62:29:44:a7:a0:68:4c:f2:a4:ee:
                    a0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:49:0D:F5:11:AD:BD:8C:A4:4B:9C:9A:1A:89:1E:1E:E7:95:01:F2
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:de:9f:ff:95:f4:d4:12:02:76:fe:2f:f0:74:73:fb:ac:9a:
         ea:b1:79:e5:44:a6:47:37:35:45:e4:28:f4:7f:a4:73:09:39:
         9b:ac:d2:31:51:e5:af:15:c3:45:65:50:45:7b:18:1d:22:2a:
         93:58:a3:d7:a0:64:20:56:03:33:19:0f:46:69:36:d5:68:e5:
         a7:08:3b:68:53:d3:37:d7:1d:4c:3b:3b:c5:2f:5e:d5:cd:77:
         7f:5e:03:ff:f4:d0:82:c5:ff:68:84:7f:91:be:c6:97:49:06:
         ae:95:6e:2c:23:64:84:41:38:48:e8:d8:98:b7:09:29:b0:6b:
         c0:d6:7e:53:f6:bc:72:c8:23:a4:7b:f1:cc:52:1f:e4:77:c2:
         e8:a2:2a:52:1d:a1:62:06:8a:c4:a8:7b:5c:a7:74:a1:55:26:
         4f:1f:d4:75:70:47:62:77:06:dc:d1:80:d2:87:63:80:02:9c:
         2c:9e:b2:c5:90:be:e1:a0:a6:1d:77:eb:84:cd:4f:5a:fe:4d:
         e5:1e:e9:af:2f:1a:76:7a:5f:af:f6:bf:c1:6a:fe:62:ec:d1:
         58:84:1d:be:01:17:ba:72:69:66:ff:ea:43:42:6b:a3:00:08:
         6a:c0:ac:e2:3a:53:7e:66:32:fd:5d:3b:6b:e1:f5:b1:d8:fb:
         2b:a5:eb:f7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUM1vXgLCZgiMzEbcekT2tjLbuVzEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA2MzAwNTU3NDVaFw0yNjA2MjkwNjAyNDVaMDMxMTAvBgNV
BAMTKDlBNDkwREY1MTFBREJEOENBNDRCOUM5QTFBODkxRTFFRTc5NTAxRjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHf/U3F7FtzjdlURxngFy2+7hP
Bpb1eAud12jMGjXky8rVhgjFncbiAuGjHy7yVwKro0eyDxOC5PwTFcEseZTIJMCw
tDBIV0nc6smda7CH+/GF+b6m5eCnLMJzLgNdGuQhAXcwzl4HZMkRcsi6khGq89OA
ztnkI7ZyfT8znFpR9gfmNTjZzbBqADg+ntYkTKplaVY+gu+7iGPDVULD8A3Uh3AG
mx83l+NM6IG0CvEWtkMBJpisaNMts+rMlWUkFB+X+gV8YTWdPlJXnWX/4i3UMebj
gSj5ss21SEzIopn4pCOIwDnFxw69BkFITUZcllwBv2B0YilEp6BoTPKk7qBrAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmkkN9RGtvYykS5yaGokeHueVAfIwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBACPen/+V9NQSAnb+L/B0c/usmuqxeeVEpkc3NUXk
KPR/pHMJOZus0jFR5a8Vw0VlUEV7GB0iKpNYo9egZCBWAzMZD0ZpNtVo5acIO2hT
0zfXHUw7O8UvXtXNd39eA//00ILF/2iEf5G+xpdJBq6VbiwjZIRBOEjo2Ji3CSmw
a8DWflP2vHLII6R78cxSH+R3wuiiKlIdoWIGisSoe1yndKFVJk8f1HVwR2J3BtzR
gNKHY4ACnCyessWQvuGgph1364TNT1r+TeUe6a8vGnZ6X6/2v8Fq/mLs0ViEHb4B
F7pyaWb/6kNCa6MACGrArOI6U35mMv1dO2vh9bHY+yul6/c=
-----END CERTIFICATE-----