Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138362e302f32342d3234203d3e2035303635.roa
File:                     352e3232362e3138362e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          oF2kHy0s+EeqI6lqLIx6U+pqHDpvQPMe+7smngOEl4M=
Subject key identifier:   37:9F:44:47:A6:F9:14:7A:7F:29:92:49:E4:93:9B:63:43:C1:22:AF
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       5EA9BB85D310FEB0F24D3E71F6658AF1AAD86DCA
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138362e302f32342d3234203d3e2035303635.roa
Signing time:             Mon 27 Jan 2025 13:04:37 +0000
ROA not before:           Mon 27 Jan 2025 12:59:37 +0000
ROA not after:            Mon 26 Jan 2026 13:04:37 +0000
asID:                     5065
IP address blocks:        5.226.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 13:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:a9:bb:85:d3:10:fe:b0:f2:4d:3e:71:f6:65:8a:f1:aa:d8:6d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 27 12:59:37 2025 GMT
            Not After : Jan 26 13:04:37 2026 GMT
        Subject: CN=379F4447A6F9147A7F299249E4939B6343C122AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:84:82:fc:9f:27:40:b5:a0:3f:30:d7:b3:77:
                    a5:13:9c:04:3f:6b:bf:f3:03:fd:a1:50:eb:b5:6e:
                    b0:ff:2b:3c:fc:a3:e0:d0:a2:3c:b6:a4:60:c7:de:
                    57:a3:39:92:12:52:63:a9:15:ea:4a:c5:31:84:15:
                    c9:75:22:45:08:25:6f:58:3b:a5:de:49:78:7f:dc:
                    15:95:a8:b8:f7:8d:4c:5f:80:b3:da:71:cf:35:72:
                    8f:6e:91:82:7c:3d:fa:b8:33:42:69:5d:01:9f:16:
                    59:29:d1:d1:17:b0:9c:49:e1:38:fd:a3:a5:fe:98:
                    40:46:83:16:8a:ab:cb:43:3e:f1:17:11:e9:5a:12:
                    bf:80:00:fd:e4:68:a5:b4:05:4f:00:71:0d:27:ae:
                    b7:25:0f:1c:2c:8f:23:57:18:b3:a0:0b:04:6b:b1:
                    5f:91:a3:1f:8f:c2:39:4f:48:ae:63:c2:57:b4:5e:
                    0f:d4:52:2f:bd:25:78:f5:b5:d2:34:f1:25:b7:45:
                    62:f6:b3:14:a9:cf:5c:15:93:ed:6c:b7:a6:80:d7:
                    03:e0:2f:ca:43:a5:06:40:8e:a6:41:25:f2:27:39:
                    41:5a:2d:a9:12:97:ca:70:54:9f:e1:d6:86:3f:65:
                    c7:b4:f4:08:1e:7b:87:9b:ba:3e:ec:bd:02:d1:65:
                    3f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:9F:44:47:A6:F9:14:7A:7F:29:92:49:E4:93:9B:63:43:C1:22:AF
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138362e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:2f:d3:f5:f7:52:8d:70:e6:b9:99:24:8a:2d:c2:52:39:2d:
         78:ad:eb:f2:d6:71:09:71:65:8f:4c:93:85:77:6c:b9:25:45:
         2b:a9:69:ed:1a:7c:25:08:7e:22:b1:1d:ed:1c:8a:78:bb:b6:
         b2:8c:5e:79:07:7b:41:48:5c:53:f3:6d:a8:b5:e4:04:6e:12:
         c6:63:e5:21:cd:a2:02:ae:1f:03:26:6d:b2:55:71:24:6b:c6:
         59:fe:be:a2:30:d3:e2:9d:1e:25:ef:b7:a9:0f:cd:cf:a5:27:
         3b:46:ea:22:e0:03:8c:8c:82:28:09:74:5d:ea:18:da:91:d4:
         ae:ad:70:25:45:9a:ff:14:0e:78:db:16:1f:0f:d2:b2:82:9f:
         1c:7a:d4:65:b5:f9:45:a8:82:e1:ed:13:1c:3b:3e:fb:56:95:
         24:c8:18:29:43:db:d9:34:86:b5:4b:29:d3:10:da:c6:61:38:
         30:08:2a:42:9e:69:cd:5e:3f:69:f1:bc:6d:b1:e2:89:af:b1:
         74:9d:10:58:75:16:8a:3d:cd:e5:6d:45:05:83:ce:e0:81:0b:
         e2:b7:87:9f:22:8d:bf:db:ab:15:ba:48:65:2f:7c:50:c0:32:
         5b:65:dd:81:59:51:c5:90:fe:b6:cc:a0:83:90:b1:64:f5:ed:
         c4:86:a1:b1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXqm7hdMQ/rDyTT5x9mWK8arYbcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjcxMjU5MzdaFw0yNjAxMjYxMzA0MzdaMDMxMTAvBgNV
BAMTKDM3OUY0NDQ3QTZGOTE0N0E3RjI5OTI0OUU0OTM5QjYzNDNDMTIyQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKhIL8nydAtaA/MNezd6UTnAQ/
a7/zA/2hUOu1brD/Kzz8o+DQojy2pGDH3lejOZISUmOpFepKxTGEFcl1IkUIJW9Y
O6XeSXh/3BWVqLj3jUxfgLPacc81co9ukYJ8Pfq4M0JpXQGfFlkp0dEXsJxJ4Tj9
o6X+mEBGgxaKq8tDPvEXEelaEr+AAP3kaKW0BU8AcQ0nrrclDxwsjyNXGLOgCwRr
sV+Rox+PwjlPSK5jwle0Xg/UUi+9JXj1tdI08SW3RWL2sxSpz1wVk+1st6aA1wPg
L8pDpQZAjqZBJfInOUFaLakSl8pwVJ/h1oY/Zce09Agee4ebuj7svQLRZT/zAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUN59ER6b5FHp/KZJJ5JObY0PBIq8wHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF4row
DQYJKoZIhvcNAQELBQADggEBAGQv0/X3Uo1w5rmZJIotwlI5LXit6/LWcQlxZY9M
k4V3bLklRSupae0afCUIfiKxHe0cini7trKMXnkHe0FIXFPzbai15ARuEsZj5SHN
ogKuHwMmbbJVcSRrxln+vqIw0+KdHiXvt6kPzc+lJztG6iLgA4yMgigJdF3qGNqR
1K6tcCVFmv8UDnjbFh8P0rKCnxx61GW1+UWoguHtExw7PvtWlSTIGClD29k0hrVL
KdMQ2sZhODAIKkKeac1eP2nxvG2x4omvsXSdEFh1Foo9zeVtRQWDzuCBC+K3h58i
jb/bqxW6SGUvfFDAMltl3YFZUcWQ/rbMoIOQsWT17cSGobE=
-----END CERTIFICATE-----