Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138342e302f32342d3234203d3e2039333034.roa
File:                     352e3232362e3138342e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          cMIx5Bn7EdafBHie57MB7JmAd+LEFjGGuP+u3+0HsOw=
Subject key identifier:   D9:63:E0:56:51:7E:83:25:1B:7E:7C:EF:6D:30:24:DC:26:EA:19:52
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       72CE4A4F7428BB9C16DE121B03BBE66C8658F510
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138342e302f32342d3234203d3e2039333034.roa
Signing time:             Sat 25 Jan 2025 13:44:03 +0000
ROA not before:           Sat 25 Jan 2025 13:39:03 +0000
ROA not after:            Sat 24 Jan 2026 13:44:03 +0000
asID:                     9304
IP address blocks:        5.226.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:ce:4a:4f:74:28:bb:9c:16:de:12:1b:03:bb:e6:6c:86:58:f5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:03 2025 GMT
            Not After : Jan 24 13:44:03 2026 GMT
        Subject: CN=D963E056517E83251B7E7CEF6D3024DC26EA1952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c6:6b:84:85:d1:7e:94:fa:77:3b:8d:44:f5:
                    7c:78:20:0a:37:76:99:6f:61:d5:d4:57:a7:e7:4f:
                    61:c9:f2:92:a3:71:fc:42:c6:d9:61:e3:c8:56:92:
                    64:39:1e:d7:69:04:e9:9f:11:17:18:0b:4a:d5:20:
                    5f:5c:59:54:30:63:03:45:5b:69:6a:9e:d7:8a:d5:
                    6a:4f:22:c8:af:9f:05:60:dd:52:46:2c:11:44:53:
                    2b:fd:01:69:c3:b6:1d:fb:03:60:6c:cb:57:05:02:
                    04:48:84:4c:0a:48:17:c5:b6:3f:cd:a1:d6:aa:45:
                    b8:2f:e9:57:26:aa:d8:f1:60:a8:b9:65:d4:98:42:
                    7d:ed:e4:ca:51:12:db:3f:03:16:5c:88:ea:af:70:
                    9b:0c:3f:88:e6:e0:ac:1b:20:c8:5c:e9:d8:ad:f4:
                    2b:56:78:c7:a3:2f:b5:c0:a5:5b:29:a8:0b:d6:2e:
                    b8:58:77:d2:48:3b:62:ba:d3:56:78:32:55:6a:95:
                    17:14:81:9c:e8:0e:05:4f:e9:09:e8:f0:98:9e:18:
                    a6:2c:25:18:4e:0b:0a:61:77:16:59:eb:9a:f4:b2:
                    0f:e7:71:8c:4d:00:96:2a:21:53:ae:82:dc:88:a9:
                    a0:65:13:f9:fd:ff:f3:99:5b:a5:7a:1f:f6:a2:f8:
                    00:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:63:E0:56:51:7E:83:25:1B:7E:7C:EF:6D:30:24:DC:26:EA:19:52
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138342e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:0c:8e:b7:cd:65:2c:8c:a6:89:49:21:b5:e7:db:b2:53:92:
         7a:8d:43:e7:24:f8:63:1b:e0:8c:81:ce:1c:fd:2f:0f:5a:d5:
         f4:21:40:5a:ad:9a:0c:15:56:9e:f7:91:64:fd:ed:60:23:84:
         2a:09:2b:2d:37:d6:7a:a8:f9:28:c6:41:3b:66:a5:03:38:4c:
         d7:e4:12:3c:82:84:0b:05:d2:5c:47:51:cb:3a:f4:7a:b8:9f:
         10:bf:07:f9:45:bc:8a:b0:61:56:60:e4:64:3b:3b:ee:06:9a:
         68:61:a3:1c:19:61:44:0a:28:47:97:3f:7f:bb:3c:9e:d2:16:
         83:20:3f:32:5c:44:e9:8e:8e:a1:61:95:38:03:cd:35:b8:d4:
         b4:9a:a4:9b:98:5a:f0:2b:94:df:39:11:9a:1e:c1:60:05:a9:
         af:4b:99:7e:70:73:d9:c4:26:7f:b1:35:5b:e6:8f:ab:ba:b9:
         2a:94:49:c0:3f:59:7b:17:79:35:ee:f0:2c:a1:9a:60:6e:42:
         b2:fc:db:fe:35:8a:85:cc:9e:84:54:fe:0d:04:7b:fb:40:49:
         83:ca:42:39:46:17:f4:78:65:51:7e:11:1d:8b:da:8f:a8:43:
         e8:b9:4e:eb:88:d5:90:84:6c:0d:1e:f9:89:02:c4:59:dc:44:
         84:5c:75:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcs5KT3Qou5wW3hIbA7vmbIZY9RAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDNaFw0yNjAxMjQxMzQ0MDNaMDMxMTAvBgNV
BAMTKEQ5NjNFMDU2NTE3RTgzMjUxQjdFN0NFRjZEMzAyNERDMjZFQTE5NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQxmuEhdF+lPp3O41E9Xx4IAo3
dplvYdXUV6fnT2HJ8pKjcfxCxtlh48hWkmQ5HtdpBOmfERcYC0rVIF9cWVQwYwNF
W2lqnteK1WpPIsivnwVg3VJGLBFEUyv9AWnDth37A2Bsy1cFAgRIhEwKSBfFtj/N
odaqRbgv6VcmqtjxYKi5ZdSYQn3t5MpREts/AxZciOqvcJsMP4jm4KwbIMhc6dit
9CtWeMejL7XApVspqAvWLrhYd9JIO2K601Z4MlVqlRcUgZzoDgVP6Qno8JieGKYs
JRhOCwphdxZZ65r0sg/ncYxNAJYqIVOugtyIqaBlE/n9//OZW6V6H/ai+ADtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU2WPgVlF+gyUbfnzvbTAk3CbqGVIwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF4rgw
DQYJKoZIhvcNAQELBQADggEBADAMjrfNZSyMpolJIbXn27JTknqNQ+ck+GMb4IyB
zhz9Lw9a1fQhQFqtmgwVVp73kWT97WAjhCoJKy031nqo+SjGQTtmpQM4TNfkEjyC
hAsF0lxHUcs69Hq4nxC/B/lFvIqwYVZg5GQ7O+4GmmhhoxwZYUQKKEeXP3+7PJ7S
FoMgPzJcROmOjqFhlTgDzTW41LSapJuYWvArlN85EZoewWAFqa9LmX5wc9nEJn+x
NVvmj6u6uSqUScA/WXsXeTXu8CyhmmBuQrL82/41ioXMnoRU/g0Ee/tASYPKQjlG
F/R4ZVF+ER2L2o+oQ+i5TuuI1ZCEbA0e+YkCxFncRIRcdbU=
-----END CERTIFICATE-----