Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138342e302f32342d3234203d3e2034353135.roa
File:                     352e3232362e3138342e302f32342d3234203d3e2034353135.roa (raw, json)
Hash identifier:          WMb2FgLcI0RiBTnKE4amM6xgFASLgNyNaAyyFZRV1sw=
Subject key identifier:   09:1B:55:9C:08:F0:E6:F7:6D:18:D8:2B:C0:33:40:34:3A:F4:BB:76
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       7C1F9E3F7DE954BDB5CAF82DFF9E1A7B8A0C510E
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138342e302f32342d3234203d3e2034353135.roa
Signing time:             Sat 25 Jan 2025 13:45:51 +0000
ROA not before:           Sat 25 Jan 2025 13:40:51 +0000
ROA not after:            Sat 24 Jan 2026 13:45:51 +0000
asID:                     4515
IP address blocks:        5.226.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:1f:9e:3f:7d:e9:54:bd:b5:ca:f8:2d:ff:9e:1a:7b:8a:0c:51:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:40:51 2025 GMT
            Not After : Jan 24 13:45:51 2026 GMT
        Subject: CN=091B559C08F0E6F76D18D82BC03340343AF4BB76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:67:8b:21:b5:c8:9c:f9:83:f6:84:55:09:cc:
                    2d:e5:ed:2f:66:1c:ac:0a:e4:e6:79:fa:f9:77:e7:
                    98:50:53:6e:24:bd:33:64:ae:7f:63:22:ab:8b:48:
                    5a:3c:5d:4b:d6:74:4b:86:55:85:97:ab:93:6c:52:
                    6e:ef:c3:37:50:4e:d1:35:7b:fe:2b:95:2f:4d:21:
                    b1:cb:98:17:d5:50:3f:45:80:c0:54:a4:d1:19:8d:
                    53:90:63:2d:cd:c7:5c:03:e3:a4:4a:ab:b9:50:8a:
                    65:44:f2:fc:70:6a:cb:9b:52:e2:31:2b:bb:88:0b:
                    fb:42:06:42:69:a2:dc:8e:72:c8:7a:62:0c:49:63:
                    0f:23:0c:c0:99:a4:e2:bc:01:d8:16:50:b3:42:70:
                    94:36:d6:d4:fd:e8:19:63:1d:9b:01:3c:65:d2:ba:
                    66:58:ee:38:86:d9:e9:aa:00:b9:32:10:d9:e1:43:
                    0c:68:b3:b3:89:db:0f:5d:1e:d9:85:9b:d5:ba:5a:
                    07:29:57:8c:7c:5e:08:7a:e3:ac:93:35:c0:70:7f:
                    4f:89:df:36:eb:15:08:11:04:6b:82:52:a3:0b:cc:
                    6a:ae:80:0a:7a:8d:58:ec:03:24:b5:76:b4:63:80:
                    88:a9:37:85:67:c7:62:aa:5f:01:3f:cd:ba:d6:cb:
                    9f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1B:55:9C:08:F0:E6:F7:6D:18:D8:2B:C0:33:40:34:3A:F4:BB:76
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138342e302f32342d3234203d3e2034353135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:c5:c4:24:94:45:00:c1:8f:98:47:de:93:d6:3b:2b:ea:d3:
         47:7a:7c:63:d4:6a:77:18:5b:07:fc:d9:1c:93:7b:7e:fb:47:
         10:2b:98:5e:a0:bf:e9:bd:e5:46:f9:aa:e7:14:ec:3c:2c:1f:
         fd:6f:32:dd:76:0a:57:f6:1e:e9:98:eb:59:34:93:c8:d5:ff:
         00:76:e9:71:18:44:45:fd:47:69:6d:35:2e:59:c2:05:d0:b0:
         04:ae:1e:53:92:01:4a:b2:0f:3f:a8:c1:de:b1:56:c2:02:65:
         98:a7:68:28:0e:e1:16:2e:ae:aa:2e:a5:6e:ce:a8:df:a9:ac:
         9f:b8:d1:0f:f3:b4:44:85:15:b6:b2:50:bd:da:5f:40:25:a8:
         b8:90:1b:f1:84:7a:03:de:80:f2:17:e9:0c:83:c8:3b:b4:a8:
         56:19:91:08:49:54:c2:16:f4:77:7e:55:c2:93:05:78:e5:72:
         4f:73:3a:2c:9a:93:6f:02:ff:2e:b5:95:4e:e3:61:cf:eb:8f:
         43:df:f4:50:93:19:2f:98:a6:45:98:cd:53:91:44:e4:ec:d6:
         47:87:b0:3f:a0:49:d2:8f:bc:39:18:13:3a:2f:b6:6b:6a:54:
         ff:ec:6a:8c:4b:58:86:6c:f3:10:7f:2a:1e:00:1e:17:83:df:
         56:f1:52:cc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfB+eP33pVL21yvgt/54ae4oMUQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzQwNTFaFw0yNjAxMjQxMzQ1NTFaMDMxMTAvBgNV
BAMTKDA5MUI1NTlDMDhGMEU2Rjc2RDE4RDgyQkMwMzM0MDM0M0FGNEJCNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Z4shtcic+YP2hFUJzC3l7S9m
HKwK5OZ5+vl355hQU24kvTNkrn9jIquLSFo8XUvWdEuGVYWXq5NsUm7vwzdQTtE1
e/4rlS9NIbHLmBfVUD9FgMBUpNEZjVOQYy3Nx1wD46RKq7lQimVE8vxwasubUuIx
K7uIC/tCBkJpotyOcsh6YgxJYw8jDMCZpOK8AdgWULNCcJQ21tT96BljHZsBPGXS
umZY7jiG2emqALkyENnhQwxos7OJ2w9dHtmFm9W6WgcpV4x8Xgh646yTNcBwf0+J
3zbrFQgRBGuCUqMLzGqugAp6jVjsAyS1drRjgIipN4Vnx2KqXwE/zbrWy58jAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUCRtVnAjw5vdtGNgrwDNANDr0u3YwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNTMxMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF4rgw
DQYJKoZIhvcNAQELBQADggEBAEzFxCSURQDBj5hH3pPWOyvq00d6fGPUancYWwf8
2RyTe377RxArmF6gv+m95Ub5qucU7DwsH/1vMt12Clf2HumY61k0k8jV/wB26XEY
REX9R2ltNS5ZwgXQsASuHlOSAUqyDz+owd6xVsICZZinaCgO4RYurqoupW7OqN+p
rJ+40Q/ztESFFbayUL3aX0AlqLiQG/GEegPegPIX6QyDyDu0qFYZkQhJVMIW9Hd+
VcKTBXjlck9zOiyak28C/y61lU7jYc/rj0Pf9FCTGS+YpkWYzVORROTs1keHsD+g
SdKPvDkYEzovtmtqVP/saoxLWIZs8xB/Kh4AHheD31bxUsw=
-----END CERTIFICATE-----