Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138352e302f32342d3234203d3e2034363337.roa
File:                     352e3232362e3138352e302f32342d3234203d3e2034363337.roa (raw, json)
Hash identifier:          xGDSj9rMMdhGkci1rj9QS/c2p6IRznTgPF56svMZjZY=
Subject key identifier:   BA:1C:69:E3:8D:DD:3A:06:FE:D4:4D:11:DE:6E:8D:5A:D8:9D:82:D4
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       6C21E81819E841D80051CD1D6AE1395B5E157D9B
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138352e302f32342d3234203d3e2034363337.roa
Signing time:             Sat 25 Jan 2025 13:46:18 +0000
ROA not before:           Sat 25 Jan 2025 13:41:18 +0000
ROA not after:            Sat 24 Jan 2026 13:46:18 +0000
asID:                     4637
IP address blocks:        5.226.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:21:e8:18:19:e8:41:d8:00:51:cd:1d:6a:e1:39:5b:5e:15:7d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:41:18 2025 GMT
            Not After : Jan 24 13:46:18 2026 GMT
        Subject: CN=BA1C69E38DDD3A06FED44D11DE6E8D5AD89D82D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:81:bb:c7:9d:a2:69:78:18:4e:73:8d:cd:2d:
                    82:14:5e:ec:b8:63:68:37:be:34:77:16:16:a0:28:
                    12:fb:e8:3c:0a:c4:13:96:82:41:89:d6:4d:c6:3b:
                    6e:45:9f:f6:e6:0e:39:a2:0e:60:85:ac:41:9f:32:
                    5b:c6:8d:31:37:cd:1c:e9:6b:80:c3:f5:32:6a:33:
                    d1:82:9b:cf:3f:6c:b7:d8:fb:27:f5:98:84:05:01:
                    ef:5c:51:87:ea:c4:dd:dd:f5:88:2c:92:75:32:e4:
                    b9:82:e7:9e:62:2f:8a:ae:c4:e4:a3:7b:63:a2:d8:
                    7c:9e:f7:95:70:cc:6d:8b:93:e0:07:cc:e4:83:94:
                    10:fa:3e:06:bc:03:75:7d:8f:7f:07:92:55:58:6e:
                    3d:25:f2:f1:65:09:4d:a4:55:70:eb:db:02:ee:b8:
                    30:41:e6:79:36:91:10:63:14:2c:35:83:c7:b0:02:
                    45:83:9e:00:ce:7f:49:fa:58:3f:28:f9:3c:78:95:
                    fc:6c:a2:b9:3c:70:a1:eb:22:48:1a:4f:71:43:dc:
                    01:bd:ae:82:87:cf:8f:e6:f0:e0:16:75:2a:a6:1c:
                    72:45:4a:d8:50:f6:5b:7f:74:43:12:f5:a9:b1:a6:
                    0f:2a:de:e0:67:9e:38:86:90:a1:a8:1d:55:f2:f8:
                    fc:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1C:69:E3:8D:DD:3A:06:FE:D4:4D:11:DE:6E:8D:5A:D8:9D:82:D4
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138352e302f32342d3234203d3e2034363337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e6:3c:f1:56:04:7e:eb:c7:b0:72:c3:94:51:6d:f5:95:ca:
         5b:75:75:20:66:2f:2b:7b:90:32:61:26:4d:f8:de:bd:2b:84:
         e7:da:24:52:1b:64:b6:84:71:66:f2:24:6f:7f:ab:06:93:f9:
         f6:0a:7d:06:74:eb:f1:54:9c:ea:4a:eb:b1:b9:67:f0:b4:d1:
         d3:7b:53:91:d0:04:0b:6c:a5:5d:19:20:76:08:a7:18:de:c7:
         31:bd:5a:b0:44:8c:aa:6f:95:85:d0:ac:76:e6:05:18:e9:64:
         81:50:1f:cc:0b:36:74:99:3e:b8:f5:88:22:b4:fd:ef:6f:15:
         61:8f:19:6e:97:33:f6:9e:3d:f4:68:e6:90:16:c6:a0:0e:23:
         f0:a2:d7:f5:59:4f:7d:58:81:3a:e0:4e:fc:7c:6c:ab:e5:12:
         24:68:7a:57:d8:72:39:2c:96:7c:c8:86:97:b7:aa:d2:78:31:
         c6:f1:1f:7b:29:8a:3e:d6:39:24:ce:df:91:9b:0c:fd:ea:b7:
         b8:fd:3f:cf:f7:fe:ff:b3:d5:1e:b2:61:ce:ab:86:32:59:13:
         7d:c6:0b:f6:b4:1e:ea:58:db:c8:ca:67:1b:3d:e0:d6:7d:82:
         7a:c8:f5:e1:e5:09:11:1a:b8:7f:0f:31:88:9a:e9:0f:e4:5d:
         54:2a:52:d3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbCHoGBnoQdgAUc0dauE5W14VfZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzQxMThaFw0yNjAxMjQxMzQ2MThaMDMxMTAvBgNV
BAMTKEJBMUM2OUUzOERERDNBMDZGRUQ0NEQxMURFNkU4RDVBRDg5RDgyRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcgbvHnaJpeBhOc43NLYIUXuy4
Y2g3vjR3FhagKBL76DwKxBOWgkGJ1k3GO25Fn/bmDjmiDmCFrEGfMlvGjTE3zRzp
a4DD9TJqM9GCm88/bLfY+yf1mIQFAe9cUYfqxN3d9YgsknUy5LmC555iL4quxOSj
e2Oi2Hye95VwzG2Lk+AHzOSDlBD6Pga8A3V9j38HklVYbj0l8vFlCU2kVXDr2wLu
uDBB5nk2kRBjFCw1g8ewAkWDngDOf0n6WD8o+Tx4lfxsork8cKHrIkgaT3FD3AG9
roKHz4/m8OAWdSqmHHJFSthQ9lt/dEMS9amxpg8q3uBnnjiGkKGoHVXy+PzVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUuhxp443dOgb+1E0R3m6NWtidgtQwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNjMzMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF4rkw
DQYJKoZIhvcNAQELBQADggEBADzmPPFWBH7rx7Byw5RRbfWVylt1dSBmLyt7kDJh
Jk343r0rhOfaJFIbZLaEcWbyJG9/qwaT+fYKfQZ06/FUnOpK67G5Z/C00dN7U5HQ
BAtspV0ZIHYIpxjexzG9WrBEjKpvlYXQrHbmBRjpZIFQH8wLNnSZPrj1iCK0/e9v
FWGPGW6XM/aePfRo5pAWxqAOI/Ci1/VZT31YgTrgTvx8bKvlEiRoelfYcjkslnzI
hpe3qtJ4McbxH3spij7WOSTO35GbDP3qt7j9P8/3/v+z1R6yYc6rhjJZE33GC/a0
HupY28jKZxs94NZ9gnrI9eHlCREauH8PMYia6Q/kXVQqUtM=
-----END CERTIFICATE-----