Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e2039333034.roa
File:                     322e35382e38352e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          tirW2IpV28pqP9ZeL9zAVzFPWptjwkyUdF/HXTrgIfQ=
Subject key identifier:   58:B4:76:56:EE:9A:AD:CB:7C:BC:EC:E5:DF:09:70:E1:EF:A9:FE:89
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       3ACD4452555CEE21C0CE2545D5F17C657FF16E4E
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e2039333034.roa
Signing time:             Fri 15 Aug 2025 07:52:32 +0000
ROA not before:           Fri 15 Aug 2025 07:47:32 +0000
ROA not after:            Fri 14 Aug 2026 07:52:32 +0000
asID:                     9304
IP address blocks:        2.58.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:30:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:cd:44:52:55:5c:ee:21:c0:ce:25:45:d5:f1:7c:65:7f:f1:6e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Aug 15 07:47:32 2025 GMT
            Not After : Aug 14 07:52:32 2026 GMT
        Subject: CN=58B47656EE9AADCB7CBCECE5DF0970E1EFA9FE89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:11:99:29:c5:d9:b2:79:65:9e:9d:ad:d9:af:
                    03:40:49:e2:14:20:92:fc:1a:e7:a3:4f:91:5c:86:
                    da:87:e0:c6:67:bb:d1:ea:06:3b:fc:54:33:a1:ba:
                    e0:59:7e:43:fc:f3:8e:d5:f1:ad:83:2a:10:41:a1:
                    20:33:d2:dd:ee:83:50:6b:00:2b:38:01:52:ee:2e:
                    eb:7e:ad:53:59:00:ed:dc:1c:0d:cf:28:e2:4a:64:
                    8c:f0:a0:a4:af:c4:d0:a4:f9:42:10:e7:02:76:b0:
                    6e:1e:27:15:ed:fa:51:20:63:a3:42:31:fb:d3:b6:
                    7e:55:00:75:fe:12:5d:0c:b0:a2:a4:a4:bf:c2:cd:
                    42:26:29:95:89:48:fe:cd:34:a0:c9:d0:fb:58:71:
                    0a:0a:cf:5f:e4:53:9d:18:65:3a:56:51:24:c7:f9:
                    5f:ad:c9:05:28:23:2a:5f:b6:44:1b:15:1a:a0:45:
                    1c:35:3c:13:1c:3d:58:96:03:4b:f9:57:8e:39:e0:
                    e4:39:90:e2:87:3b:0e:13:07:59:e2:4e:f7:20:7a:
                    b9:de:9c:a5:42:93:ea:66:87:24:f9:57:4a:29:c1:
                    57:81:be:ca:b7:38:4d:2f:bf:f7:46:60:c0:eb:cd:
                    e9:7a:4d:4e:67:37:bb:8f:c0:31:43:01:c6:04:af:
                    bb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B4:76:56:EE:9A:AD:CB:7C:BC:EC:E5:DF:09:70:E1:EF:A9:FE:89
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:b3:a1:99:1a:2a:d2:d3:38:21:0c:82:19:f5:6a:b9:e2:a3:
         6b:6d:64:01:56:15:a1:b9:e1:8f:87:3b:35:01:15:19:8f:c6:
         65:c3:78:7b:72:f4:f4:09:a7:aa:a7:ad:c5:6f:c6:3c:7d:b0:
         1c:52:e4:d2:1a:c4:99:9f:2e:bd:3d:69:e1:10:ce:de:66:b9:
         c7:0d:0e:a3:9f:bb:94:1d:3c:f9:fe:e1:65:f3:2c:98:60:7e:
         41:c1:df:30:2d:fa:15:00:4f:02:f2:da:b9:88:11:af:94:8c:
         b8:98:b0:09:dd:2f:19:bb:2a:c7:5c:d5:cc:73:8e:df:c4:c9:
         ca:54:53:8a:80:0d:38:b2:f3:52:ea:89:e1:9b:d4:d4:10:68:
         8f:13:cf:df:93:27:93:f4:3c:34:90:df:68:e8:17:c6:e7:a9:
         b3:b9:ce:97:89:e3:e3:77:80:bf:42:f1:73:b3:10:ff:32:28:
         81:77:bb:b9:8f:c0:cd:a8:15:8f:43:9c:65:36:69:80:f1:1a:
         ea:c7:c0:21:7e:c0:64:33:ff:79:1f:ab:1b:1f:d7:6f:b1:3d:
         ac:65:b8:bc:bd:4d:4b:ed:aa:45:b7:ed:01:0f:85:d5:8d:63:
         cf:25:a7:79:b7:d1:15:ae:96:a8:14:48:17:1d:a2:9f:54:a5:
         5e:73:60:6a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUOs1EUlVc7iHAziVF1fF8ZX/xbk4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA4MTUwNzQ3MzJaFw0yNjA4MTQwNzUyMzJaMDMxMTAvBgNV
BAMTKDU4QjQ3NjU2RUU5QUFEQ0I3Q0JDRUNFNURGMDk3MEUxRUZBOUZFODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCEZkpxdmyeWWena3ZrwNASeIU
IJL8GuejT5FchtqH4MZnu9HqBjv8VDOhuuBZfkP8847V8a2DKhBBoSAz0t3ug1Br
ACs4AVLuLut+rVNZAO3cHA3PKOJKZIzwoKSvxNCk+UIQ5wJ2sG4eJxXt+lEgY6NC
MfvTtn5VAHX+El0MsKKkpL/CzUImKZWJSP7NNKDJ0PtYcQoKz1/kU50YZTpWUSTH
+V+tyQUoIypftkQbFRqgRRw1PBMcPViWA0v5V4454OQ5kOKHOw4TB1niTvcgerne
nKVCk+pmhyT5V0opwVeBvsq3OE0vv/dGYMDrzel6TU5nN7uPwDFDAcYEr7vdAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUWLR2Vu6arct8vOzl3wlw4e+p/okwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI6VTANBgkq
hkiG9w0BAQsFAAOCAQEAm7OhmRoq0tM4IQyCGfVqueKja21kAVYVobnhj4c7NQEV
GY/GZcN4e3L09AmnqqetxW/GPH2wHFLk0hrEmZ8uvT1p4RDO3ma5xw0Oo5+7lB08
+f7hZfMsmGB+QcHfMC36FQBPAvLauYgRr5SMuJiwCd0vGbsqx1zVzHOO38TJylRT
ioANOLLzUuqJ4ZvU1BBojxPP35Mnk/Q8NJDfaOgXxueps7nOl4nj43eAv0Lxc7MQ
/zIogXe7uY/AzagVj0OcZTZpgPEa6sfAIX7AZDP/eR+rGx/Xb7E9rGW4vL1NS+2q
RbftAQ+F1Y1jzyWnebfRFa6WqBRIFx2in1SlXnNgag==
-----END CERTIFICATE-----