Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e203331383938.roa
File:                     352e3232362e3138372e302f32342d3234203d3e203331383938.roa (raw, json)
Hash identifier:          kBpq1LEvwgTf4WM51jxpYydvFyszuazgeravGzXETJo=
Subject key identifier:   43:E8:CC:C8:EC:BC:39:BD:C4:E9:65:1C:46:1F:E4:47:A4:26:29:E4
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       7E1BCEE727FB4B33BEBB78017EF497F0F2030756
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e203331383938.roa
Signing time:             Thu 04 Sep 2025 08:42:50 +0000
ROA not before:           Thu 04 Sep 2025 08:37:50 +0000
ROA not after:            Thu 03 Sep 2026 08:42:50 +0000
asID:                     31898
IP address blocks:        5.226.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 20:07:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:1b:ce:e7:27:fb:4b:33:be:bb:78:01:7e:f4:97:f0:f2:03:07:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Sep  4 08:37:50 2025 GMT
            Not After : Sep  3 08:42:50 2026 GMT
        Subject: CN=43E8CCC8ECBC39BDC4E9651C461FE447A42629E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:93:9a:ad:43:81:42:ba:bc:ee:75:f8:84:32:
                    67:89:4f:36:8c:4d:fa:fc:e4:95:d2:62:83:76:4c:
                    d2:ae:bb:c1:b0:25:04:e9:e3:41:b6:18:ac:b0:5e:
                    06:d2:b0:f4:99:62:f2:64:0d:b0:34:bd:b1:3d:bd:
                    ea:fb:43:a1:1a:e7:77:5a:44:f8:be:c6:7c:6a:5a:
                    25:8a:97:2b:2b:77:4a:21:41:3e:24:84:33:9b:42:
                    1e:85:09:dd:22:ef:0b:d8:d6:88:02:9e:0b:fe:59:
                    e9:8b:76:23:c8:cd:e2:da:fa:61:55:b9:b8:69:b7:
                    26:81:12:f2:a6:04:6c:c1:fb:35:80:40:df:42:11:
                    63:33:49:66:7d:b1:7d:e8:ff:3c:12:96:91:eb:ba:
                    97:53:b5:95:14:5e:02:61:87:2d:35:2e:04:6a:c4:
                    47:6d:3c:90:09:dd:1f:bb:1d:4c:2a:0a:04:51:09:
                    be:df:77:2e:67:9f:31:09:a3:ec:37:99:3c:3d:3d:
                    70:c3:0e:96:29:42:b4:10:46:2f:5d:96:fa:d5:aa:
                    35:73:85:75:3e:9c:60:bc:a2:99:c2:1d:46:bf:1f:
                    7d:bc:81:26:b5:d4:85:c9:1d:2e:71:17:ed:f0:db:
                    90:7a:74:71:29:84:cd:10:11:3e:f2:cf:ce:ee:73:
                    a6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E8:CC:C8:EC:BC:39:BD:C4:E9:65:1C:46:1F:E4:47:A4:26:29:E4
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e203331383938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:5b:dd:9a:04:fa:8c:da:ba:90:d8:bf:94:75:f0:2f:5a:c5:
         ca:da:7a:c8:b4:ba:00:5d:69:4f:37:ee:5a:2b:6f:6d:9e:55:
         5f:e4:15:67:84:18:14:45:a9:db:7b:bd:5d:ec:0a:cd:31:54:
         d1:65:fd:2f:39:34:ac:5a:bb:0f:17:8c:7a:6f:e1:57:4c:b4:
         81:07:26:7d:e2:d3:db:fd:dd:50:c9:e0:20:f0:2d:e8:e7:0b:
         f7:b2:52:c7:c9:71:75:03:32:3d:4f:76:f2:fd:f1:f7:a5:7a:
         7d:24:7b:4a:67:b7:a9:c5:ec:23:e8:b3:7a:d4:7a:e2:85:52:
         1f:ed:dd:f6:78:43:11:d9:65:72:9a:b9:7e:8f:c4:25:a8:ac:
         95:1e:e8:de:0e:ff:61:fa:41:69:fc:bd:61:3c:bf:31:6f:ba:
         57:ef:a9:e8:ff:90:1a:fe:8c:42:96:d8:39:43:22:2b:ca:09:
         ea:4c:02:1f:8d:9b:3f:66:55:ee:00:a6:6f:1b:d1:5a:77:5c:
         22:1a:87:4c:89:db:46:27:2f:21:50:05:ce:ac:58:4e:9d:cc:
         16:a6:b5:d1:ad:2e:50:50:00:ed:48:16:b0:e0:fd:fe:c3:ca:
         69:e6:44:f5:e6:91:e8:fc:55:51:17:f9:f2:18:43:12:5f:fe:
         30:8e:58:2a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfhvO5yf7SzO+u3gBfvSX8PIDB1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTA5MDQwODM3NTBaFw0yNjA5MDMwODQyNTBaMDMxMTAvBgNV
BAMTKDQzRThDQ0M4RUNCQzM5QkRDNEU5NjUxQzQ2MUZFNDQ3QTQyNjI5RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQk5qtQ4FCurzudfiEMmeJTzaM
Tfr85JXSYoN2TNKuu8GwJQTp40G2GKywXgbSsPSZYvJkDbA0vbE9ver7Q6Ea53da
RPi+xnxqWiWKlysrd0ohQT4khDObQh6FCd0i7wvY1ogCngv+WemLdiPIzeLa+mFV
ubhptyaBEvKmBGzB+zWAQN9CEWMzSWZ9sX3o/zwSlpHrupdTtZUUXgJhhy01LgRq
xEdtPJAJ3R+7HUwqCgRRCb7fdy5nnzEJo+w3mTw9PXDDDpYpQrQQRi9dlvrVqjVz
hXU+nGC8opnCHUa/H328gSa11IXJHS5xF+3w25B6dHEphM0QET7yz87uc6YZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQ+jMyOy8Ob3E6WUcRh/kR6QmKeQwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMTM4MzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXi
uzANBgkqhkiG9w0BAQsFAAOCAQEAbVvdmgT6jNq6kNi/lHXwL1rFytp6yLS6AF1p
TzfuWitvbZ5VX+QVZ4QYFEWp23u9XewKzTFU0WX9Lzk0rFq7DxeMem/hV0y0gQcm
feLT2/3dUMngIPAt6OcL97JSx8lxdQMyPU928v3x96V6fSR7Sme3qcXsI+izetR6
4oVSH+3d9nhDEdllcpq5fo/EJaislR7o3g7/YfpBafy9YTy/MW+6V++p6P+QGv6M
QpbYOUMiK8oJ6kwCH42bP2ZV7gCmbxvRWndcIhqHTInbRicvIVAFzqxYTp3MFqa1
0a0uUFAA7UgWsOD9/sPKaeZE9eaR6PxVURf58hhDEl/+MI5YKg==
-----END CERTIFICATE-----