Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138392e302f32342d3234203d3e20383334.roa
File:                     352e3232362e3138392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          qS9GJUdXG30/eC0XbotWo9y8DUNQIACv2JJet4PnzBk=
Subject key identifier:   E2:DB:44:69:14:BB:3B:89:9F:BF:7F:38:43:C0:E7:B5:A4:7B:C2:C8
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       1EB4077A0E975E10197415B27CF8F7E8ECB8CE47
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138392e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        5.226.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:b4:07:7a:0e:97:5e:10:19:74:15:b2:7c:f8:f7:e8:ec:b8:ce:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=E2DB446914BB3B899FBF7F3843C0E7B5A47BC2C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:98:1f:b6:ae:7f:59:80:26:7e:fa:6c:d8:48:
                    ac:20:3e:72:82:7e:fd:39:96:77:39:8c:af:9d:d8:
                    0c:00:f3:d1:e4:e3:a7:33:99:8b:51:83:7e:c2:b9:
                    73:29:01:72:5b:cf:08:3d:e6:ec:01:13:44:bd:81:
                    3d:f0:86:e0:2b:37:4b:6f:4b:3a:c6:d5:72:ea:c0:
                    0d:0c:6a:e7:78:5f:28:b8:60:9c:dd:51:0e:0a:48:
                    82:4d:4e:69:93:22:70:6b:80:9f:55:de:92:c6:97:
                    1e:e4:7c:e2:1b:c0:ee:7c:47:9f:40:c8:29:19:21:
                    74:b5:ea:80:bd:e2:9f:04:f4:fa:20:fb:cf:b0:b5:
                    b9:2c:9e:80:b2:6b:db:a3:e4:aa:af:13:8c:eb:4e:
                    33:9a:03:e4:68:18:45:74:3d:ab:48:2b:6f:d0:fe:
                    09:04:53:28:41:a1:36:cd:bf:a3:45:7a:ec:26:b2:
                    17:87:f4:8f:e2:00:d6:54:21:eb:de:af:7b:08:74:
                    d0:4c:99:d3:3b:67:43:e8:d1:43:90:91:f4:54:21:
                    9a:47:51:51:53:cb:19:e2:01:1d:32:07:91:92:60:
                    e4:7f:e8:c2:e5:16:af:bc:68:2d:72:2c:e7:72:f7:
                    f5:3c:7a:23:75:25:da:33:db:ca:d4:14:51:a7:9e:
                    92:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DB:44:69:14:BB:3B:89:9F:BF:7F:38:43:C0:E7:B5:A4:7B:C2:C8
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:3f:56:3b:6f:b0:c1:14:62:66:61:86:3b:72:33:44:16:36:
         c3:69:25:49:4f:c0:2b:09:c6:89:56:3a:b8:83:f2:1b:3f:29:
         18:67:0d:7e:99:fa:11:d0:18:77:ab:33:48:f9:72:b4:76:73:
         b8:a8:67:c8:3c:ad:51:00:d9:d3:7b:61:3c:82:87:2d:7b:9f:
         28:80:e6:db:31:f7:c0:1d:e6:9e:a0:4d:f2:9e:95:34:85:f9:
         09:06:18:2e:82:6f:1a:52:84:61:6d:fb:73:40:0b:37:13:eb:
         a3:d6:1f:6a:41:ff:7f:ea:52:03:a3:be:de:aa:55:44:e9:14:
         0a:2c:07:c2:68:58:1f:d5:5e:16:c5:c9:d6:0c:ea:74:79:c3:
         bc:b0:b1:f9:6e:80:bb:34:ca:2a:13:22:a4:3a:a1:e5:ed:2e:
         cc:9c:de:33:d8:93:de:af:7e:02:22:33:36:41:4f:fa:ea:3a:
         0a:d1:5f:29:6d:0b:08:09:f3:84:94:bd:8e:63:51:a5:a2:e1:
         79:81:e9:b2:5c:39:f8:b1:8f:7a:72:2b:d2:6c:94:c8:5a:17:
         34:fe:3f:93:63:c4:74:72:23:78:be:9e:74:4c:81:47:72:57:
         f2:b3:fe:e1:5a:08:cc:c6:89:87:a7:be:98:40:38:86:80:eb:
         1a:27:29:4e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUHrQHeg6XXhAZdBWyfPj36Oy4zkcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKEUyREI0NDY5MTRCQjNCODk5RkJGN0YzODQzQzBFN0I1QTQ3QkMyQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0mB+2rn9ZgCZ++mzYSKwgPnKC
fv05lnc5jK+d2AwA89Hk46czmYtRg37CuXMpAXJbzwg95uwBE0S9gT3whuArN0tv
SzrG1XLqwA0Maud4Xyi4YJzdUQ4KSIJNTmmTInBrgJ9V3pLGlx7kfOIbwO58R59A
yCkZIXS16oC94p8E9Pog+8+wtbksnoCya9uj5KqvE4zrTjOaA+RoGEV0PatIK2/Q
/gkEUyhBoTbNv6NFeuwmsheH9I/iANZUIever3sIdNBMmdM7Z0Po0UOQkfRUIZpH
UVFTyxniAR0yB5GSYOR/6MLlFq+8aC1yLOdy9/U8eiN1Jdoz28rUFFGnnpI9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU4ttEaRS7O4mfv384Q8DntaR7wsgwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABeK9MA0G
CSqGSIb3DQEBCwUAA4IBAQBdP1Y7b7DBFGJmYYY7cjNEFjbDaSVJT8ArCcaJVjq4
g/IbPykYZw1+mfoR0Bh3qzNI+XK0dnO4qGfIPK1RANnTe2E8gocte58ogObbMffA
HeaeoE3ynpU0hfkJBhgugm8aUoRhbftzQAs3E+uj1h9qQf9/6lIDo77eqlVE6RQK
LAfCaFgf1V4WxcnWDOp0ecO8sLH5boC7NMoqEyKkOqHl7S7MnN4z2JPer34CIjM2
QU/66joK0V8pbQsICfOElL2OY1GlouF5gemyXDn4sY96civSbJTIWhc0/j+TY8R0
ciN4vp50TIFHclfys/7hWgjMxomHp76YQDiGgOsaJylO
-----END CERTIFICATE-----