Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31392e302f32342d3234203d3e203333333837.roa
File:                     352e3138322e31392e302f32342d3234203d3e203333333837.roa (raw, json)
Hash identifier:          elVsSZL8Er18xhWEoe9L1IHqVC/Wy3WkyKkqDRmz69U=
Subject key identifier:   B8:B8:7A:FD:D7:4C:AD:4A:51:32:A9:42:CE:DE:D8:04:4B:2B:9F:DE
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       1B299E1FE3783899155C9112A95DAF477FD5FC0A
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31392e302f32342d3234203d3e203333333837.roa
Signing time:             Fri 22 Mar 2024 08:03:15 +0000
ROA not before:           Fri 22 Mar 2024 07:58:15 +0000
ROA not after:            Fri 21 Mar 2025 08:03:15 +0000
asID:                     33387
IP address blocks:        5.182.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:29:9e:1f:e3:78:38:99:15:5c:91:12:a9:5d:af:47:7f:d5:fc:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar 22 07:58:15 2024 GMT
            Not After : Mar 21 08:03:15 2025 GMT
        Subject: CN=B8B87AFDD74CAD4A5132A942CEDED8044B2B9FDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:63:0a:49:43:8f:a7:7d:60:ee:ce:19:ec:c9:
                    50:0e:5a:66:b9:4e:61:3b:1b:51:63:7a:de:88:e8:
                    25:75:bc:e5:b0:df:e6:9d:48:48:b0:c4:5e:30:98:
                    6e:82:cd:8d:c1:9d:0a:53:51:39:e0:e0:f5:49:c6:
                    0c:49:f4:3a:d1:e2:9b:05:55:f3:1f:96:43:49:04:
                    06:2c:68:ac:45:58:d3:4d:24:9a:ee:fa:b4:48:2d:
                    84:e2:01:63:0b:b6:e1:18:ac:35:81:a5:66:ba:86:
                    81:8a:4b:df:14:cf:e9:74:35:bb:11:18:04:97:17:
                    ae:9f:0b:40:f8:80:1c:c5:c2:ba:cc:7b:ed:b4:b6:
                    22:52:bf:64:fb:eb:d0:c7:14:0d:ab:fc:02:a9:51:
                    89:11:8e:17:b2:4e:78:1a:80:08:3e:c7:42:03:98:
                    ed:08:da:89:5a:cc:7f:f7:ea:00:2d:e8:b6:ae:9e:
                    b9:53:bd:1f:1a:51:9d:da:4a:ac:f3:e6:b1:2b:47:
                    87:4e:d3:1f:60:68:ae:08:8f:45:15:9d:ee:7e:d5:
                    0a:3c:99:2f:8f:94:d5:0f:77:63:1b:de:9b:98:25:
                    a8:e5:15:bd:8d:e3:f6:55:b6:49:0c:67:be:c5:39:
                    76:3e:6e:42:81:56:d7:15:85:86:db:8a:eb:46:82:
                    85:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B8:7A:FD:D7:4C:AD:4A:51:32:A9:42:CE:DE:D8:04:4B:2B:9F:DE
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31392e302f32342d3234203d3e203333333837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b8:62:e5:81:3f:07:82:5e:46:44:bb:35:b8:f3:7e:83:c4:
         49:a2:27:3c:d7:66:9d:35:6a:80:0f:b3:b6:dd:ac:d0:3b:2b:
         4f:1d:cb:a6:4b:f3:c1:1d:99:38:b9:59:e9:44:35:90:7c:6b:
         ae:16:62:7e:48:de:12:e4:90:8d:cd:13:93:2b:22:a3:cf:55:
         75:29:19:21:8a:f2:86:50:22:ee:08:71:80:d1:7a:23:db:71:
         0f:f9:bd:cd:ac:0c:2e:e4:66:ef:4d:03:3d:90:bc:f7:6a:12:
         d0:69:46:1e:2d:f1:4c:e6:8e:1a:e4:95:a5:44:57:f6:d4:07:
         4c:ea:9b:d4:58:71:6f:4a:0c:7a:ff:f3:50:2f:df:be:a3:1d:
         a8:1a:a1:c2:69:c8:a3:71:0e:3e:27:2d:88:19:d6:6b:77:0c:
         d5:11:82:9e:ee:13:86:65:aa:83:5d:38:50:b9:47:a5:66:51:
         98:70:19:07:f8:14:95:62:47:26:66:bf:6b:4c:60:67:a4:12:
         0c:ab:cc:f2:05:96:f3:ab:84:32:18:4e:28:1e:ad:eb:45:45:
         75:a4:38:91:42:f4:81:b1:00:81:fe:94:73:43:9f:e4:df:75:
         d3:d6:0e:98:06:53:16:e0:e0:79:37:67:d6:b9:18:6b:e3:b3:
         86:5e:30:cd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGymeH+N4OJkVXJESqV2vR3/V/AowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMjIwNzU4MTVaFw0yNTAzMjEwODAzMTVaMDMxMTAvBgNV
BAMTKEI4Qjg3QUZERDc0Q0FENEE1MTMyQTk0MkNFREVEODA0NEIyQjlGREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQYwpJQ4+nfWDuzhnsyVAOWma5
TmE7G1Fjet6I6CV1vOWw3+adSEiwxF4wmG6CzY3BnQpTUTng4PVJxgxJ9DrR4psF
VfMflkNJBAYsaKxFWNNNJJru+rRILYTiAWMLtuEYrDWBpWa6hoGKS98Uz+l0NbsR
GASXF66fC0D4gBzFwrrMe+20tiJSv2T769DHFA2r/AKpUYkRjheyTngagAg+x0ID
mO0I2olazH/36gAt6LaunrlTvR8aUZ3aSqzz5rErR4dO0x9gaK4Ij0UVne5+1Qo8
mS+PlNUPd2Mb3puYJajlFb2N4/ZVtkkMZ77FOXY+bkKBVtcVhYbbiutGgoXpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUuLh6/ddMrUpRMqlCzt7YBEsrn94wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMjJlMzEzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzMzMzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFthMw
DQYJKoZIhvcNAQELBQADggEBAIm4YuWBPweCXkZEuzW4836DxEmiJzzXZp01aoAP
s7bdrNA7K08dy6ZL88EdmTi5WelENZB8a64WYn5I3hLkkI3NE5MrIqPPVXUpGSGK
8oZQIu4IcYDReiPbcQ/5vc2sDC7kZu9NAz2QvPdqEtBpRh4t8UzmjhrklaVEV/bU
B0zqm9RYcW9KDHr/81Av376jHagaocJpyKNxDj4nLYgZ1mt3DNURgp7uE4ZlqoNd
OFC5R6VmUZhwGQf4FJViRyZmv2tMYGekEgyrzPIFlvOrhDIYTigeretFRXWkOJFC
9IGxAIH+lHNDn+TfddPWDpgGUxbg4Hk3Z9a5GGvjs4ZeMM0=
-----END CERTIFICATE-----