Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e2039323332.roa
File:                     352e3232362e3138372e302f32342d3234203d3e2039323332.roa (raw, json)
Hash identifier:          L10rHUQX4TGH4LKEy8+xW98uNY8br3AyCv26QQGltu4=
Subject key identifier:   17:52:78:AB:B2:E5:7F:08:7D:A8:8B:C4:EA:B5:D3:CB:A3:85:70:8C
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       0EDDE8C19388609EFCD31606969AE8BA6C5B0321
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e2039323332.roa
Signing time:             Tue 04 Feb 2025 11:40:42 +0000
ROA not before:           Tue 04 Feb 2025 11:35:42 +0000
ROA not after:            Tue 03 Feb 2026 11:40:42 +0000
asID:                     9232
IP address blocks:        5.226.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:54:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:dd:e8:c1:93:88:60:9e:fc:d3:16:06:96:9a:e8:ba:6c:5b:03:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Feb  4 11:35:42 2025 GMT
            Not After : Feb  3 11:40:42 2026 GMT
        Subject: CN=175278ABB2E57F087DA88BC4EAB5D3CBA385708C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:44:10:fc:0d:5f:f5:27:73:56:80:8e:b7:2d:
                    f5:27:fb:1b:6b:51:92:e2:cf:70:4a:09:ec:db:d7:
                    84:5a:8b:b1:61:60:de:94:4e:d2:48:7d:53:64:70:
                    3b:8b:09:a9:8a:4c:44:5f:b2:b1:69:7e:f2:d1:03:
                    ae:aa:c6:6f:4d:38:6a:88:39:9a:2a:f5:92:fe:70:
                    1c:f7:64:39:72:13:97:fe:e0:41:7e:64:30:cd:5a:
                    e3:88:bc:62:79:22:ae:13:71:69:cf:98:d8:84:ca:
                    c7:df:42:a9:87:ba:dd:bc:fb:b9:b5:33:2d:7f:76:
                    5e:35:2c:f4:20:cc:10:c6:1c:60:4a:80:0b:c7:e1:
                    92:9e:6e:29:5b:7c:11:14:e0:17:01:c8:72:26:a1:
                    8f:95:eb:74:94:ad:b8:b0:04:b1:28:d3:81:e4:af:
                    46:22:7d:37:62:72:a7:bb:c9:9e:7e:4e:6c:a6:5d:
                    a1:4b:b3:da:63:c8:f6:95:47:8e:0c:7f:a7:95:71:
                    9f:76:e5:d4:ed:2f:62:8c:8a:90:d3:98:f4:3e:7d:
                    b9:5e:67:5c:44:8d:39:e8:95:c0:a7:b8:3f:5b:bb:
                    30:d7:40:0e:93:3a:c6:50:ab:eb:0e:65:72:a1:3c:
                    b6:47:7d:dd:7b:5e:d7:74:df:ec:78:d8:d5:e6:da:
                    a4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:52:78:AB:B2:E5:7F:08:7D:A8:8B:C4:EA:B5:D3:CB:A3:85:70:8C
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e2039323332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:bd:b1:b3:00:d4:86:62:d2:d7:c8:9b:5b:bc:d8:f7:0b:ca:
         f2:e5:8f:19:03:34:ef:95:40:97:c4:17:5c:14:3a:14:bb:0f:
         aa:2d:0b:2c:84:1b:ce:22:a0:cc:7f:74:08:b9:41:53:88:f4:
         a6:f5:b8:80:18:83:03:44:f1:85:bb:d6:60:88:73:5b:9b:48:
         62:0d:e6:6c:b0:38:8f:89:f4:ad:1c:1d:f2:ef:a6:90:04:7b:
         fb:40:8e:8f:9b:90:f8:a4:9c:5c:0f:9a:c1:d1:5a:7e:0b:66:
         6a:f7:e6:6b:99:d3:20:11:3f:66:99:e6:59:b5:d1:2c:90:bb:
         8d:ab:79:77:57:b8:c0:03:29:6d:cf:18:09:39:c6:1c:d5:33:
         f8:2f:f7:36:1c:f3:07:b9:0c:cf:b0:c9:33:5f:ef:41:7a:e7:
         af:fd:46:61:6a:8f:39:83:02:a4:9e:ad:8e:bb:31:94:58:56:
         a0:6d:29:44:70:2f:8c:d8:92:b9:8d:6c:8c:d1:94:7f:88:4b:
         59:f8:bf:b3:ee:3f:f9:17:95:24:56:39:46:ae:23:e0:44:7e:
         7c:61:7a:32:f0:97:90:84:22:c2:09:52:51:d9:8e:c2:39:68:
         53:99:ce:3d:d3:34:04:b4:47:d0:fe:72:bf:6b:0c:2e:77:7e:
         a4:13:c9:aa
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDt3owZOIYJ780xYGlproumxbAyEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAyMDQxMTM1NDJaFw0yNjAyMDMxMTQwNDJaMDMxMTAvBgNV
BAMTKDE3NTI3OEFCQjJFNTdGMDg3REE4OEJDNEVBQjVEM0NCQTM4NTcwOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxRBD8DV/1J3NWgI63LfUn+xtr
UZLiz3BKCezb14Rai7FhYN6UTtJIfVNkcDuLCamKTERfsrFpfvLRA66qxm9NOGqI
OZoq9ZL+cBz3ZDlyE5f+4EF+ZDDNWuOIvGJ5Iq4TcWnPmNiEysffQqmHut28+7m1
My1/dl41LPQgzBDGHGBKgAvH4ZKebilbfBEU4BcByHImoY+V63SUrbiwBLEo04Hk
r0YifTdicqe7yZ5+TmymXaFLs9pjyPaVR44Mf6eVcZ925dTtL2KMipDTmPQ+fble
Z1xEjTnolcCnuD9buzDXQA6TOsZQq+sOZXKhPLZHfd17Xtd03+x42NXm2qTVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUF1J4q7Llfwh9qIvE6rXTy6OFcIwwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMjMzMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF4rsw
DQYJKoZIhvcNAQELBQADggEBAIq9sbMA1IZi0tfIm1u82PcLyvLljxkDNO+VQJfE
F1wUOhS7D6otCyyEG84ioMx/dAi5QVOI9Kb1uIAYgwNE8YW71mCIc1ubSGIN5myw
OI+J9K0cHfLvppAEe/tAjo+bkPiknFwPmsHRWn4LZmr35muZ0yARP2aZ5lm10SyQ
u42reXdXuMADKW3PGAk5xhzVM/gv9zYc8we5DM+wyTNf70F656/9RmFqjzmDAqSe
rY67MZRYVqBtKURwL4zYkrmNbIzRlH+IS1n4v7PuP/kXlSRWOUauI+BEfnxhejLw
l5CEIsIJUlHZjsI5aFOZzj3TNAS0R9D+cr9rDC53fqQTyao=
-----END CERTIFICATE-----