Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3135312e302e302f31362d3136203d3e203432363839.roa
File:                     352e3135312e302e302f31362d3136203d3e203432363839.roa (raw, json)
Hash identifier:          eXG0GSzrdQJ/AYdgbR8qBW1eQ26j67oxDShQEKCvZ7A=
Subject key identifier:   3B:A0:34:47:FF:15:AF:28:CE:40:D7:10:C7:65:AE:48:18:48:C2:66
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       67CB7A68647FD6ADD1E2FFC1C53926361B67D1CD
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3135312e302e302f31362d3136203d3e203432363839.roa
Signing time:             Tue 19 Mar 2024 10:15:44 +0000
ROA not before:           Tue 19 Mar 2024 10:10:44 +0000
ROA not after:            Tue 18 Mar 2025 10:15:44 +0000
asID:                     42689
IP address blocks:        5.151.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 17:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:cb:7a:68:64:7f:d6:ad:d1:e2:ff:c1:c5:39:26:36:1b:67:d1:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Mar 19 10:10:44 2024 GMT
            Not After : Mar 18 10:15:44 2025 GMT
        Subject: CN=3BA03447FF15AF28CE40D710C765AE481848C266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:be:54:aa:df:3e:fb:71:2b:8b:d8:60:da:a3:
                    d7:5f:8a:28:d7:f4:89:3c:f7:a8:a0:7d:68:0f:ff:
                    8e:75:69:33:9d:cd:71:71:ca:87:61:13:8d:b6:16:
                    92:37:51:27:fd:24:6a:7e:a3:00:d7:e4:4a:32:3d:
                    70:59:e1:7a:a5:ac:27:a6:64:10:87:1c:74:39:52:
                    01:78:b0:c0:4e:9b:63:88:c8:bf:fa:8b:d4:5b:a2:
                    5f:a5:3f:96:cb:5e:34:86:e6:d7:94:fe:2e:74:d9:
                    39:e6:51:29:37:a8:0c:7f:ad:47:52:0b:04:3e:7a:
                    3a:c4:50:f8:83:e5:da:de:3a:75:45:72:d2:b8:7c:
                    f1:35:9a:88:4c:5c:62:e9:cb:c1:36:4f:db:4b:d5:
                    6c:24:fd:e7:12:d0:02:6a:f7:fc:98:4a:fc:e9:89:
                    c9:fe:29:50:e3:70:26:f4:9c:b0:e3:91:88:74:8a:
                    d6:4e:37:cd:91:1a:01:09:d1:d7:70:b6:bb:e6:32:
                    a3:a6:36:a0:a7:3f:29:c9:48:ef:d9:b7:b1:0d:8c:
                    5e:3c:a2:21:d7:cb:7e:de:95:9b:e6:f2:dc:2b:bc:
                    4a:32:92:41:a6:8f:20:7e:65:70:d1:2c:9c:08:2f:
                    6e:da:5a:96:b5:2a:6b:b3:d1:ee:02:e5:44:93:04:
                    28:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A0:34:47:FF:15:AF:28:CE:40:D7:10:C7:65:AE:48:18:48:C2:66
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3135312e302e302f31362d3136203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:1d:6d:c5:21:27:0d:f7:08:ba:c1:ce:16:63:9b:dd:e1:11:
         b2:9b:38:9e:ae:f5:cb:81:aa:4f:f2:a5:4e:50:4f:70:92:3e:
         01:8d:2e:eb:e2:e9:6a:54:5f:4e:c8:1c:7e:0b:97:1d:8b:e7:
         b9:f0:b5:d4:68:5f:e1:f4:8c:7b:d7:ca:52:01:1b:ce:6f:f2:
         80:88:a2:e3:5d:1a:e3:e6:25:bd:1d:55:81:8d:bf:00:b4:50:
         b6:4a:96:66:39:b0:38:d0:6f:fc:64:ec:d7:0b:11:0c:ea:79:
         01:a1:a8:91:1f:43:db:e0:d5:73:30:77:80:c5:3d:65:92:b0:
         b6:35:1f:2e:26:02:cc:ba:fb:4d:a6:a7:31:21:b8:8d:fd:37:
         0d:25:92:ae:b1:09:7a:a7:d4:dd:d4:bf:a7:cb:a4:d5:60:3b:
         36:b6:b0:2a:0e:c0:fa:8c:d1:88:f5:ef:ac:18:d2:41:0a:eb:
         e2:16:15:1b:89:bd:57:41:ac:8b:09:20:0f:e1:0c:ec:49:03:
         db:05:f2:90:d4:d0:e2:ba:90:63:b8:51:bc:15:d0:d2:e5:e1:
         01:c2:51:08:25:46:f8:fb:27:4a:b0:f5:1e:41:ac:6b:ae:cf:
         0c:57:fe:64:04:bb:d9:80:dd:7c:08:38:56:14:65:c7:f3:53:
         36:e5:b8:e2
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUZ8t6aGR/1q3R4v/BxTkmNhtn0c0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDAzMTkxMDEwNDRaFw0yNTAzMTgxMDE1NDRaMDMxMTAvBgNV
BAMTKDNCQTAzNDQ3RkYxNUFGMjhDRTQwRDcxMEM3NjVBRTQ4MTg0OEMyNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvlSq3z77cSuL2GDao9dfiijX
9Ik896igfWgP/451aTOdzXFxyodhE422FpI3USf9JGp+owDX5EoyPXBZ4XqlrCem
ZBCHHHQ5UgF4sMBOm2OIyL/6i9Rbol+lP5bLXjSG5teU/i502TnmUSk3qAx/rUdS
CwQ+ejrEUPiD5dreOnVFctK4fPE1mohMXGLpy8E2T9tL1Wwk/ecS0AJq9/yYSvzp
icn+KVDjcCb0nLDjkYh0itZON82RGgEJ0ddwtrvmMqOmNqCnPynJSO/Zt7ENjF48
oiHXy37elZvm8twrvEoykkGmjyB+ZXDRLJwIL27aWpa1Kmuz0e4C5USTBCiTAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUO6A0R/8VryjOQNcQx2WuSBhIwmYwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzUyZTMxMzUzMTJlMzAyZTMw
MmYzMTM2MmQzMTM2MjAzZDNlMjAzNDMyMzYzODM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMABZcwDQYJ
KoZIhvcNAQELBQADggEBADAdbcUhJw33CLrBzhZjm93hEbKbOJ6u9cuBqk/ypU5Q
T3CSPgGNLuvi6WpUX07IHH4Llx2L57nwtdRoX+H0jHvXylIBG85v8oCIouNdGuPm
Jb0dVYGNvwC0ULZKlmY5sDjQb/xk7NcLEQzqeQGhqJEfQ9vg1XMwd4DFPWWSsLY1
Hy4mAsy6+02mpzEhuI39Nw0lkq6xCXqn1N3Uv6fLpNVgOza2sCoOwPqM0Yj176wY
0kEK6+IWFRuJvVdBrIsJIA/hDOxJA9sF8pDU0OK6kGO4UbwV0NLl4QHCUQglRvj7
J0qw9R5BrGuuzwxX/mQEu9mA3XwIOFYUZcfzUzbluOI=
-----END CERTIFICATE-----