Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138362e302f32342d3234203d3e203239303636.roa
File:                     352e3138312e3138362e302f32342d3234203d3e203239303636.roa (raw, json)
Hash identifier:          tKVnXhH1kpZHyKZXv6mNpNrZ1SqDN/10Wk/ujXsHAKA=
Subject key identifier:   0E:A2:26:15:0C:AB:10:D0:B7:95:88:A0:63:C1:94:2D:9C:7E:7B:48
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       06F5D165E46DCC339247FA7DBF015D335D1BA4C0
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138362e302f32342d3234203d3e203239303636.roa
Signing time:             Thu 08 Feb 2024 04:05:12 +0000
ROA not before:           Thu 08 Feb 2024 04:00:12 +0000
ROA not after:            Thu 06 Feb 2025 04:05:12 +0000
asID:                     29066
IP address blocks:        5.181.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f5:d1:65:e4:6d:cc:33:92:47:fa:7d:bf:01:5d:33:5d:1b:a4:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Feb  8 04:00:12 2024 GMT
            Not After : Feb  6 04:05:12 2025 GMT
        Subject: CN=0EA226150CAB10D0B79588A063C1942D9C7E7B48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c0:c7:a7:15:00:0d:5a:d6:97:a1:16:76:e2:
                    d4:fc:fa:d6:50:5c:c0:23:44:1a:69:1f:0b:dc:ba:
                    82:4e:84:46:12:09:ce:c0:d0:ec:ff:52:79:dd:0a:
                    eb:05:ef:1f:d2:b2:c9:42:99:52:6c:84:c0:d9:fa:
                    05:c2:59:0f:ca:4f:91:e0:25:be:4d:0e:f7:de:2f:
                    93:79:4f:58:c5:13:b9:96:e5:23:3f:86:66:a2:33:
                    87:b7:1f:e0:1a:92:af:e3:bd:62:49:8d:27:c3:ef:
                    d8:d7:dc:37:1f:c6:c3:87:06:0b:a0:25:ed:8e:8c:
                    1a:d1:ac:75:de:b5:be:a6:00:e1:64:b4:28:53:38:
                    7b:d9:97:b7:0e:22:39:81:cc:96:3e:eb:8d:b2:64:
                    92:cf:e7:42:c7:82:7b:87:8e:78:5d:d8:ba:54:e5:
                    51:3e:4c:8d:41:90:45:79:04:8e:21:8c:ef:7c:0b:
                    f0:05:19:ae:8c:e7:38:ad:a4:cc:b2:8b:12:b9:80:
                    0c:9f:04:da:06:7d:b6:c5:53:a3:02:ee:77:08:d9:
                    fb:2d:e4:74:38:80:6e:0f:f5:58:72:f2:9a:df:0e:
                    59:7b:62:1c:ad:f3:ac:6f:3a:d0:67:5b:e0:d8:36:
                    ee:03:22:8b:b0:9e:29:7b:7a:6b:40:f0:27:29:63:
                    bc:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A2:26:15:0C:AB:10:D0:B7:95:88:A0:63:C1:94:2D:9C:7E:7B:48
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138362e302f32342d3234203d3e203239303636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:63:e9:60:bc:be:e3:5e:7d:dd:da:8d:15:e8:21:a7:8e:65:
         69:7c:cd:e1:14:2a:59:c6:ba:14:54:39:82:73:c4:fc:1f:bd:
         cc:48:46:f1:f7:26:f5:e3:52:8f:3a:47:c8:3c:46:43:68:64:
         ba:79:c0:f8:dc:58:32:6d:12:16:f7:57:0a:91:47:c0:71:c7:
         91:97:7e:76:fb:4e:44:c5:31:1f:8d:54:ef:e3:ff:ac:dc:77:
         a3:88:7a:08:1c:db:72:6c:67:ff:69:a7:1a:84:0d:2f:9c:0b:
         3d:49:62:e2:fd:06:74:d4:b7:80:9f:dd:14:e0:5c:a6:1f:07:
         2f:3d:99:a3:fc:c6:4d:3e:9a:c4:f1:85:5c:7f:66:7d:9c:9b:
         ea:c9:15:dd:78:89:20:d1:03:26:7f:c5:d8:ac:c8:3e:54:2e:
         ba:1f:0d:a1:3a:b7:22:18:79:c4:65:df:fa:d4:85:60:86:39:
         8b:b8:95:09:8b:72:bd:6a:b6:6a:93:39:5f:25:8b:84:08:f3:
         7d:2b:d4:90:6c:78:ec:51:94:8b:65:7d:39:36:8c:fe:86:6d:
         c2:05:f6:7b:f2:e2:ba:00:d6:cb:77:ea:db:56:36:52:e3:ac:
         6e:7c:a0:40:ca:3f:32:74:7c:7d:b2:a4:3f:8f:94:77:81:1c:
         f6:00:5c:c3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBvXRZeRtzDOSR/p9vwFdM10bpMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDAyMDgwNDAwMTJaFw0yNTAyMDYwNDA1MTJaMDMxMTAvBgNV
BAMTKDBFQTIyNjE1MENBQjEwRDBCNzk1ODhBMDYzQzE5NDJEOUM3RTdCNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTwMenFQANWtaXoRZ24tT8+tZQ
XMAjRBppHwvcuoJOhEYSCc7A0Oz/UnndCusF7x/SsslCmVJshMDZ+gXCWQ/KT5Hg
Jb5NDvfeL5N5T1jFE7mW5SM/hmaiM4e3H+Aakq/jvWJJjSfD79jX3DcfxsOHBgug
Je2OjBrRrHXetb6mAOFktChTOHvZl7cOIjmBzJY+642yZJLP50LHgnuHjnhd2LpU
5VE+TI1BkEV5BI4hjO98C/AFGa6M5zitpMyyixK5gAyfBNoGfbbFU6MC7ncI2fst
5HQ4gG4P9Vhy8prfDll7Yhyt86xvOtBnW+DYNu4DIouwnil7emtA8CcpY7yNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDqImFQyrENC3lYigY8GULZx+e0gwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzUyZTMxMzgzMTJlMzEzODM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMwMzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW1
ujANBgkqhkiG9w0BAQsFAAOCAQEAYGPpYLy+41593dqNFeghp45laXzN4RQqWca6
FFQ5gnPE/B+9zEhG8fcm9eNSjzpHyDxGQ2hkunnA+NxYMm0SFvdXCpFHwHHHkZd+
dvtORMUxH41U7+P/rNx3o4h6CBzbcmxn/2mnGoQNL5wLPUli4v0GdNS3gJ/dFOBc
ph8HLz2Zo/zGTT6axPGFXH9mfZyb6skV3XiJINEDJn/F2KzIPlQuuh8NoTq3Ihh5
xGXf+tSFYIY5i7iVCYtyvWq2apM5XyWLhAjzfSvUkGx47FGUi2V9OTaM/oZtwgX2
e/LiugDWy3fq21Y2UuOsbnygQMo/MnR8fbKkP4+Ud4Ec9gBcww==
-----END CERTIFICATE-----