Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3137392e3130302e302f32342d3234203d3e2035343133.roa
File:                     352e3137392e3130302e302f32342d3234203d3e2035343133.roa (raw, json)
Hash identifier:          LblQWKvpSld2o+uz7XnSzhi3Y8fAlyaRsk8MSQ3EInc=
Subject key identifier:   D4:7A:61:51:CC:99:E8:18:4A:A5:A4:25:C6:34:13:71:24:D0:9F:8A
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       57E429A8580A7FD0F3F0D2672D9EBE8541F769E7
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3137392e3130302e302f32342d3234203d3e2035343133.roa
Signing time:             Thu 11 Apr 2024 08:40:02 +0000
ROA not before:           Thu 11 Apr 2024 08:35:02 +0000
ROA not after:            Thu 10 Apr 2025 08:40:02 +0000
asID:                     5413
IP address blocks:        5.179.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:e4:29:a8:58:0a:7f:d0:f3:f0:d2:67:2d:9e:be:85:41:f7:69:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Apr 11 08:35:02 2024 GMT
            Not After : Apr 10 08:40:02 2025 GMT
        Subject: CN=D47A6151CC99E8184AA5A425C634137124D09F8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b7:a6:b3:58:d7:f7:1c:76:5c:43:02:bb:e0:
                    91:f5:e8:df:45:78:ab:9a:c8:6f:3f:89:54:5b:b3:
                    51:fd:b7:2a:86:13:77:b3:91:3b:c2:aa:c6:b0:97:
                    b5:e6:00:f4:53:61:19:4d:80:67:33:87:19:87:d3:
                    27:e3:ce:21:60:67:c8:32:73:84:fc:44:72:46:92:
                    93:fb:c6:c5:60:5c:65:e5:34:37:28:cf:a8:6f:d5:
                    c2:97:ce:6b:1c:2d:ad:3a:3e:8e:cc:7c:ab:1f:c5:
                    72:cf:70:a5:9e:94:64:d8:6a:76:4e:4e:d8:60:89:
                    9a:b8:ba:db:10:55:50:e3:10:28:76:00:f7:93:37:
                    a4:f4:01:ae:8d:14:a9:42:5d:a9:3e:a3:6d:34:3d:
                    97:65:ea:02:9d:d4:e0:00:69:a6:0c:0a:e6:68:9c:
                    83:10:85:cc:f9:59:cc:d0:e9:5e:d5:c2:59:d1:c2:
                    9f:a1:92:18:67:83:01:4f:14:8c:5c:a0:5f:58:15:
                    0e:1d:07:b1:32:d4:d6:29:eb:d7:b4:dc:e2:ae:90:
                    23:4d:67:e7:ef:cc:1d:4f:d9:05:43:4e:dd:1a:0b:
                    81:75:84:cd:6f:d3:f9:9c:1f:61:91:b5:3a:c9:6a:
                    00:17:12:e1:39:a9:4c:25:2e:d2:de:2c:92:48:5e:
                    38:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7A:61:51:CC:99:E8:18:4A:A5:A4:25:C6:34:13:71:24:D0:9F:8A
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3137392e3130302e302f32342d3234203d3e2035343133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.179.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:6e:0e:87:b5:ef:c0:04:f2:2a:cf:25:9c:69:9c:1e:34:46:
         8e:cb:53:c2:02:9a:f4:e2:72:aa:d0:19:91:ec:47:8d:cb:a7:
         da:01:79:2e:6c:37:f4:f0:6c:a1:5c:2a:6c:74:6b:06:35:90:
         f2:b7:04:45:48:c3:05:b5:5a:35:6b:42:ef:8f:45:11:86:74:
         48:dc:7e:a4:2b:e6:3a:4b:41:57:f7:d4:11:00:82:5e:fc:34:
         86:45:9d:6c:fc:cb:ba:a4:f2:9c:99:87:55:79:3d:0e:dd:f6:
         b6:79:00:3b:94:20:ad:c3:cd:85:55:4a:ac:a7:64:45:77:bd:
         81:17:d8:d3:21:6f:51:9d:a7:af:e1:ed:9c:b2:dc:e6:41:1b:
         6a:9e:5a:aa:ae:0c:d0:13:9a:fc:ea:a3:4b:69:fd:43:f5:e9:
         d2:d7:a3:f3:3b:3e:21:04:d3:54:33:7b:b8:48:59:6b:c9:f0:
         3c:21:69:4a:71:11:7f:10:18:cd:6e:b8:73:94:2e:25:15:76:
         b3:60:ef:2e:a2:61:7a:5c:3e:8f:b9:a9:41:22:bf:29:2d:5b:
         e4:d7:4e:f9:a8:58:eb:b2:bd:3a:0b:3f:e2:65:f2:0e:c2:79:
         f1:c9:c0:81:95:b7:18:55:2e:f3:9f:5f:99:dd:bc:b7:80:a2:
         71:b2:c6:bd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUV+QpqFgKf9Dz8NJnLZ6+hUH3aecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDA0MTEwODM1MDJaFw0yNTA0MTAwODQwMDJaMDMxMTAvBgNV
BAMTKEQ0N0E2MTUxQ0M5OUU4MTg0QUE1QTQyNUM2MzQxMzcxMjREMDlGOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPt6azWNf3HHZcQwK74JH16N9F
eKuayG8/iVRbs1H9tyqGE3ezkTvCqsawl7XmAPRTYRlNgGczhxmH0yfjziFgZ8gy
c4T8RHJGkpP7xsVgXGXlNDcoz6hv1cKXzmscLa06Po7MfKsfxXLPcKWelGTYanZO
TthgiZq4utsQVVDjECh2APeTN6T0Aa6NFKlCXak+o200PZdl6gKd1OAAaaYMCuZo
nIMQhcz5WczQ6V7VwlnRwp+hkhhngwFPFIxcoF9YFQ4dB7Ey1NYp69e03OKukCNN
Z+fvzB1P2QVDTt0aC4F1hM1v0/mcH2GRtTrJagAXEuE5qUwlLtLeLJJIXjjHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1HphUcyZ6BhKpaQlxjQTcSTQn4owHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzUyZTMxMzczOTJlMzEzMDMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMxMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFs2Qw
DQYJKoZIhvcNAQELBQADggEBAC5uDoe178AE8irPJZxpnB40Ro7LU8ICmvTicqrQ
GZHsR43Lp9oBeS5sN/TwbKFcKmx0awY1kPK3BEVIwwW1WjVrQu+PRRGGdEjcfqQr
5jpLQVf31BEAgl78NIZFnWz8y7qk8pyZh1V5PQ7d9rZ5ADuUIK3DzYVVSqynZEV3
vYEX2NMhb1Gdp6/h7Zyy3OZBG2qeWqquDNATmvzqo0tp/UP16dLXo/M7PiEE01Qz
e7hIWWvJ8DwhaUpxEX8QGM1uuHOULiUVdrNg7y6iYXpcPo+5qUEivyktW+TXTvmo
WOuyvToLP+Jl8g7CefHJwIGVtxhVLvOfX5ndvLeAonGyxr0=
-----END CERTIFICATE-----