Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138362e302f32342d3234203d3e203633303233.roa
File:                     352e3232362e3138362e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          kysMqqfL+cxQFiZ9hx+MYhVVLOWVsGxNP3RzuLn0/y4=
Subject key identifier:   C9:05:FE:3B:09:86:03:47:6D:E7:8B:52:22:EF:C5:3C:23:02:72:D7
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       1598E56078DEBC22AE24A0EBF2D5C4B9ECE0F34C
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138362e302f32342d3234203d3e203633303233.roa
Signing time:             Sun 29 Jun 2025 13:37:05 +0000
ROA not before:           Sun 29 Jun 2025 13:32:05 +0000
ROA not after:            Sun 28 Jun 2026 13:37:05 +0000
asID:                     63023
IP address blocks:        5.226.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 05:05:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:98:e5:60:78:de:bc:22:ae:24:a0:eb:f2:d5:c4:b9:ec:e0:f3:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jun 29 13:32:05 2025 GMT
            Not After : Jun 28 13:37:05 2026 GMT
        Subject: CN=C905FE3B098603476DE78B5222EFC53C230272D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:43:b9:6b:40:ef:b8:55:8b:48:5d:cc:f4:d1:
                    87:ad:58:53:0b:9b:10:87:6f:bb:8e:7d:8d:4d:e4:
                    6e:da:5b:f7:8e:30:16:39:6d:64:97:3d:98:45:8e:
                    17:0f:fc:26:b6:f5:12:28:ca:f0:5e:b2:c3:cd:c1:
                    48:55:32:bc:42:1d:f7:4e:29:03:5f:39:41:62:fe:
                    d9:4a:1b:d4:fb:00:b8:7e:c6:77:34:02:e3:6c:0c:
                    3b:0f:8c:93:81:59:b2:b8:71:71:90:2c:cd:64:97:
                    57:c5:bb:75:3d:b5:9c:c0:fa:57:66:29:37:13:2a:
                    2a:95:8e:30:bf:be:c9:01:76:70:e5:2c:76:6b:31:
                    86:aa:ca:20:2c:7b:3e:24:42:dc:9a:29:75:9f:7e:
                    42:6e:8a:5f:a1:d8:a5:fb:0d:60:32:9d:46:2a:9b:
                    0b:94:71:bd:c7:9f:8f:ff:c6:fd:25:6d:d6:b4:c5:
                    8a:67:9e:0f:05:8f:01:81:a6:ce:6b:cb:eb:ee:99:
                    b2:bf:29:e0:a6:ef:24:50:2d:21:14:21:60:84:c7:
                    63:f7:bd:26:0b:de:cf:55:a8:06:d0:2d:6a:d0:ba:
                    7b:44:8d:f2:98:5d:df:8a:11:b1:30:5e:a4:c3:37:
                    92:8f:80:9f:47:79:17:b7:ee:49:76:e0:06:4b:33:
                    d7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:05:FE:3B:09:86:03:47:6D:E7:8B:52:22:EF:C5:3C:23:02:72:D7
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138362e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:6f:b9:03:70:de:e6:32:cb:75:5b:16:08:be:92:21:e6:c5:
         ea:e3:7c:5f:b6:56:a8:82:ec:1b:58:1c:75:c9:29:56:ee:bc:
         1f:64:6a:2a:e2:93:69:5f:93:43:01:47:8e:eb:5c:16:84:27:
         26:b5:5b:9e:9a:4f:5b:0e:bf:20:c4:57:a5:b7:60:c3:f9:0f:
         31:98:72:70:0e:54:a6:a5:49:98:6c:f4:fa:41:8f:9a:d2:70:
         bc:04:a6:75:b3:9c:bb:e6:a3:d1:85:bd:1b:9e:9d:c5:fa:58:
         80:db:02:db:58:d6:29:76:cc:a6:05:01:99:aa:f8:af:a4:d8:
         b3:7e:ad:e1:e8:97:72:24:17:06:ee:a3:c6:b6:56:55:1e:87:
         f6:9a:57:5a:7f:f7:44:9c:82:2d:23:9c:d0:c6:94:f3:a1:15:
         4f:6c:24:95:ae:4f:f7:3f:e9:79:8b:17:a5:fd:c4:aa:7c:f2:
         5c:5b:ba:9a:d7:1f:33:a8:b0:6e:15:62:4e:5f:0e:41:17:36:
         d7:a6:11:23:e3:84:d2:40:56:41:2b:54:05:e4:ce:b6:6b:12:
         a0:9d:cb:58:61:85:49:f7:65:b7:d6:d7:60:ed:bd:97:86:ce:
         4c:0f:fa:9c:af:c9:90:aa:03:a3:88:3c:33:6e:2e:99:e3:47:
         0c:31:39:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFZjlYHjevCKuJKDr8tXEuezg80wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTA2MjkxMzMyMDVaFw0yNjA2MjgxMzM3MDVaMDMxMTAvBgNV
BAMTKEM5MDVGRTNCMDk4NjAzNDc2REU3OEI1MjIyRUZDNTNDMjMwMjcyRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Q7lrQO+4VYtIXcz00YetWFML
mxCHb7uOfY1N5G7aW/eOMBY5bWSXPZhFjhcP/Ca29RIoyvBessPNwUhVMrxCHfdO
KQNfOUFi/tlKG9T7ALh+xnc0AuNsDDsPjJOBWbK4cXGQLM1kl1fFu3U9tZzA+ldm
KTcTKiqVjjC/vskBdnDlLHZrMYaqyiAsez4kQtyaKXWffkJuil+h2KX7DWAynUYq
mwuUcb3Hn4//xv0lbda0xYpnng8FjwGBps5ry+vumbK/KeCm7yRQLSEUIWCEx2P3
vSYL3s9VqAbQLWrQuntEjfKYXd+KEbEwXqTDN5KPgJ9HeRe37kl24AZLM9crAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyQX+OwmGA0dt54tSIu/FPCMCctcwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzMwMzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXi
ujANBgkqhkiG9w0BAQsFAAOCAQEAiG+5A3De5jLLdVsWCL6SIebF6uN8X7ZWqILs
G1gcdckpVu68H2RqKuKTaV+TQwFHjutcFoQnJrVbnppPWw6/IMRXpbdgw/kPMZhy
cA5UpqVJmGz0+kGPmtJwvASmdbOcu+aj0YW9G56dxfpYgNsC21jWKXbMpgUBmar4
r6TYs36t4eiXciQXBu6jxrZWVR6H9ppXWn/3RJyCLSOc0MaU86EVT2wkla5P9z/p
eYsXpf3EqnzyXFu6mtcfM6iwbhViTl8OQRc216YRI+OE0kBWQStUBeTOtmsSoJ3L
WGGFSfdlt9bXYO29l4bOTA/6nK/JkKoDo4g8M24umeNHDDE5PA==
-----END CERTIFICATE-----