Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3139302e302f32342d3234203d3e203235313938.roa
File:                     352e3232362e3139302e302f32342d3234203d3e203235313938.roa (raw, json)
Hash identifier:          JZMn9YaEF5iym3uIllwY3Nycz6z4GiTDDJ22S9W+2G0=
Subject key identifier:   C9:7B:50:62:9D:22:E3:DA:6C:01:A6:A2:D7:27:97:C5:49:BB:A2:A4
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       39A938A03FF3F21B111F282A119163261349387D
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3139302e302f32342d3234203d3e203235313938.roa
Signing time:             Sun 26 Jan 2025 09:59:39 +0000
ROA not before:           Sun 26 Jan 2025 09:54:39 +0000
ROA not after:            Sun 25 Jan 2026 09:59:39 +0000
asID:                     25198
IP address blocks:        5.226.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:a9:38:a0:3f:f3:f2:1b:11:1f:28:2a:11:91:63:26:13:49:38:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 26 09:54:39 2025 GMT
            Not After : Jan 25 09:59:39 2026 GMT
        Subject: CN=C97B50629D22E3DA6C01A6A2D72797C549BBA2A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:99:d5:a1:4b:7b:4e:87:91:65:26:2a:42:49:
                    95:65:48:fe:d5:fd:10:51:9d:2a:af:a8:65:de:0c:
                    b8:24:be:5b:5f:64:1a:23:6a:62:08:8b:5f:cc:b2:
                    e2:34:93:79:a1:1d:dd:76:b7:5c:a0:cf:c4:23:49:
                    43:d7:f2:42:e4:a7:74:10:b2:cf:78:e0:dc:95:d8:
                    80:0a:90:f4:78:79:8b:34:c1:1d:d5:93:57:d9:c9:
                    25:1c:69:03:a8:01:8d:b9:32:8f:23:17:8f:1b:35:
                    5f:a3:eb:c8:df:6b:c8:c9:6f:5c:42:e2:a2:69:2e:
                    54:4d:1b:11:b6:13:58:d4:de:f7:be:c0:d0:4c:ce:
                    08:50:45:00:3e:c0:fd:ef:2d:32:06:d1:70:82:46:
                    3b:95:84:d5:90:c5:84:d3:04:85:3d:06:0c:1e:89:
                    c9:41:9a:ca:96:ac:d0:26:b3:43:04:d9:1b:30:b7:
                    a6:01:13:e2:4d:b4:51:cd:66:4e:e8:d7:c4:bc:8d:
                    64:7b:9b:27:d6:99:db:a5:63:ba:54:8d:c0:1b:66:
                    da:ad:84:ba:1b:77:c3:b7:55:e5:8d:82:73:ba:0a:
                    4b:08:29:4a:86:9c:07:16:93:84:b5:39:08:52:02:
                    b8:28:fb:f8:1d:bb:1e:e4:4f:e1:a2:af:32:2c:22:
                    67:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:7B:50:62:9D:22:E3:DA:6C:01:A6:A2:D7:27:97:C5:49:BB:A2:A4
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3139302e302f32342d3234203d3e203235313938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:a1:27:9d:3c:48:c0:5c:b8:e8:22:33:e1:39:e0:93:a6:44:
         e9:45:be:88:8a:c5:39:a1:7e:47:c2:7e:6a:e4:20:9f:24:69:
         b3:b6:b5:18:f8:0d:5b:ab:7b:d3:78:56:8d:13:0a:b1:fc:fe:
         63:d2:87:dd:8b:5b:2f:23:a3:ae:37:47:86:07:d6:c1:4a:a5:
         ea:8a:26:c6:58:26:ef:73:15:1f:da:f8:1d:ae:2b:61:fb:45:
         d2:d0:5b:12:1b:e9:da:43:1f:51:f4:38:d0:73:aa:4f:65:23:
         79:91:33:f1:ac:65:fe:0f:38:70:e0:50:be:c6:13:f0:ac:2d:
         b5:44:c5:52:c8:30:7a:a4:c7:93:a4:92:22:a6:e0:05:02:8c:
         8a:9a:15:b9:cb:e8:c0:90:9a:e5:69:c8:cb:8f:21:c6:f3:bc:
         ba:5c:d7:19:6b:dc:c2:99:ae:ce:25:e8:91:2c:27:df:7f:c4:
         68:74:6d:ed:c9:ce:77:b8:0a:97:ff:e1:0d:ff:f0:b9:99:d6:
         cf:3c:4f:bd:60:f1:39:b0:ff:27:e0:be:57:83:46:12:d4:ae:
         69:d7:4c:e6:6f:75:56:56:cd:a8:67:be:4a:7f:7b:35:0f:cb:
         36:ca:af:0c:98:71:70:cd:64:89:4a:d3:8a:e3:5f:56:38:e3:
         94:8c:19:16
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOak4oD/z8hsRHygqEZFjJhNJOH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjYwOTU0MzlaFw0yNjAxMjUwOTU5MzlaMDMxMTAvBgNV
BAMTKEM5N0I1MDYyOUQyMkUzREE2QzAxQTZBMkQ3Mjc5N0M1NDlCQkEyQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCamdWhS3tOh5FlJipCSZVlSP7V
/RBRnSqvqGXeDLgkvltfZBojamIIi1/MsuI0k3mhHd12t1ygz8QjSUPX8kLkp3QQ
ss944NyV2IAKkPR4eYs0wR3Vk1fZySUcaQOoAY25Mo8jF48bNV+j68jfa8jJb1xC
4qJpLlRNGxG2E1jU3ve+wNBMzghQRQA+wP3vLTIG0XCCRjuVhNWQxYTTBIU9Bgwe
iclBmsqWrNAms0ME2Rswt6YBE+JNtFHNZk7o18S8jWR7myfWmdulY7pUjcAbZtqt
hLobd8O3VeWNgnO6CksIKUqGnAcWk4S1OQhSArgo+/gdux7kT+GirzIsImdrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyXtQYp0i49psAaai1yeXxUm7oqQwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzOTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNTMxMzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXi
vjANBgkqhkiG9w0BAQsFAAOCAQEAW6EnnTxIwFy46CIz4Tngk6ZE6UW+iIrFOaF+
R8J+auQgnyRps7a1GPgNW6t703hWjRMKsfz+Y9KH3YtbLyOjrjdHhgfWwUql6oom
xlgm73MVH9r4Ha4rYftF0tBbEhvp2kMfUfQ40HOqT2UjeZEz8axl/g84cOBQvsYT
8KwttUTFUsgweqTHk6SSIqbgBQKMipoVucvowJCa5WnIy48hxvO8ulzXGWvcwpmu
ziXokSwn33/EaHRt7cnOd7gKl//hDf/wuZnWzzxPvWDxObD/J+C+V4NGEtSuaddM
5m91VlbNqGe+Sn97NQ/LNsqvDJhxcM1kiUrTiuNfVjjjlIwZFg==
-----END CERTIFICATE-----