Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3137392e39392e302f32342d3234203d3e2035343133.roa
File:                     352e3137392e39392e302f32342d3234203d3e2035343133.roa (raw, json)
Hash identifier:          CB5vWDWAPDSZW/v6Vh4OKHqUfU1qsTNhab552U5+rZU=
Subject key identifier:   B8:BF:32:0C:CA:E7:E0:D6:E6:9B:9D:F0:B1:0F:89:12:9F:20:E9:BF
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       34EAC10CECB0B5CAD8A31FCD44758E05A489196D
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3137392e39392e302f32342d3234203d3e2035343133.roa
Signing time:             Thu 11 Apr 2024 08:39:44 +0000
ROA not before:           Thu 11 Apr 2024 08:34:44 +0000
ROA not after:            Thu 10 Apr 2025 08:39:44 +0000
asID:                     5413
IP address blocks:        5.179.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:ea:c1:0c:ec:b0:b5:ca:d8:a3:1f:cd:44:75:8e:05:a4:89:19:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Apr 11 08:34:44 2024 GMT
            Not After : Apr 10 08:39:44 2025 GMT
        Subject: CN=B8BF320CCAE7E0D6E69B9DF0B10F89129F20E9BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ac:bc:7e:c3:d1:06:a1:bf:b0:48:cd:dc:5b:
                    cb:cc:b0:33:43:6b:e5:5f:e8:b1:37:85:dd:db:05:
                    8b:17:31:94:94:10:f8:67:20:5f:dc:8a:90:70:f3:
                    72:db:cc:ea:ba:4c:86:5d:6e:73:a1:59:89:d8:8d:
                    0f:7e:b9:31:61:94:42:8e:2a:6f:51:8f:33:08:5d:
                    f3:17:e7:93:2c:27:97:48:4c:e1:b6:68:52:de:bd:
                    f4:65:a4:ce:39:37:20:48:6e:93:74:44:a3:6b:4b:
                    25:04:b4:8e:5d:96:af:79:f0:7a:c3:3a:23:3f:b2:
                    eb:85:68:b0:02:ec:e9:b5:e1:21:40:a6:ab:76:a0:
                    af:25:38:5f:8f:23:8a:b2:a5:c6:3e:43:85:05:91:
                    6a:b6:4f:bc:87:1e:d0:07:f7:b5:e4:d8:a5:75:3d:
                    19:da:a3:44:84:e1:46:89:05:90:25:0f:f4:12:5a:
                    1a:8f:23:20:db:e7:ba:6c:41:2b:96:07:41:b6:59:
                    f8:ae:40:a2:cf:41:eb:f1:36:d2:51:fc:ba:cd:3f:
                    86:75:9f:ee:74:99:d2:f8:5c:e8:bc:bf:40:a9:d7:
                    84:04:e3:6e:36:48:c3:6b:2c:9b:06:11:ce:08:67:
                    4a:d0:06:95:7a:54:2e:91:76:97:9b:4d:bc:9b:7d:
                    32:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BF:32:0C:CA:E7:E0:D6:E6:9B:9D:F0:B1:0F:89:12:9F:20:E9:BF
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/352e3137392e39392e302f32342d3234203d3e2035343133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.179.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e0:d7:f7:33:27:85:7e:f3:d9:8f:fb:c3:a5:bb:fb:29:04:
         e3:37:9a:96:35:d1:bc:2d:8c:7d:4e:2c:55:e1:aa:7b:22:22:
         f4:a6:bd:59:75:59:ea:6c:bc:47:9e:7e:41:84:3a:73:1c:93:
         01:4e:24:cc:e8:25:ca:6d:ec:0d:10:71:26:aa:5e:06:d3:bd:
         4e:01:35:e0:62:41:76:f8:a4:6e:ff:84:37:d2:2e:44:8c:3c:
         fe:5b:61:8a:2a:5a:05:5e:d6:6c:b7:07:85:b9:78:93:56:1d:
         77:43:f5:ce:b7:52:25:fd:47:f0:b2:0a:34:88:c1:f5:0c:d0:
         16:d7:e0:e3:4a:e8:09:a8:44:42:93:0f:32:45:ef:b3:aa:b0:
         5e:52:48:9f:d7:ac:d0:68:2d:87:14:8d:4f:c9:e8:16:8d:f6:
         74:55:9d:80:15:c8:a6:dc:69:a0:54:a8:54:12:91:47:07:73:
         de:06:a6:0d:56:2f:19:07:d5:fa:e7:73:a6:5d:89:8b:3a:1c:
         27:34:c2:ed:ac:b7:62:64:a7:dc:63:8c:50:01:bf:8b:7f:7e:
         29:ae:15:d6:f6:0d:5e:d3:cf:be:c0:11:08:73:9f:5f:3f:8e:
         ab:73:81:d2:a4:e7:1e:e5:c8:17:32:69:63:27:8f:3f:43:aa:
         48:b0:ed:ed
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUNOrBDOywtcrYox/NRHWOBaSJGW0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDA0MTEwODM0NDRaFw0yNTA0MTAwODM5NDRaMDMxMTAvBgNV
BAMTKEI4QkYzMjBDQ0FFN0UwRDZFNjlCOURGMEIxMEY4OTEyOUYyMEU5QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDErLx+w9EGob+wSM3cW8vMsDND
a+Vf6LE3hd3bBYsXMZSUEPhnIF/cipBw83LbzOq6TIZdbnOhWYnYjQ9+uTFhlEKO
Km9RjzMIXfMX55MsJ5dITOG2aFLevfRlpM45NyBIbpN0RKNrSyUEtI5dlq958HrD
OiM/suuFaLAC7Om14SFApqt2oK8lOF+PI4qypcY+Q4UFkWq2T7yHHtAH97Xk2KV1
PRnao0SE4UaJBZAlD/QSWhqPIyDb57psQSuWB0G2WfiuQKLPQevxNtJR/LrNP4Z1
n+50mdL4XOi8v0Cp14QE4242SMNrLJsGEc4IZ0rQBpV6VC6RdpebTbybfTI9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUuL8yDMrn4Nbmm53wsQ+JEp8g6b8wHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzUyZTMxMzczOTJlMzkzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzQzMTMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbNjMA0G
CSqGSIb3DQEBCwUAA4IBAQAc4Nf3MyeFfvPZj/vDpbv7KQTjN5qWNdG8LYx9TixV
4ap7IiL0pr1ZdVnqbLxHnn5BhDpzHJMBTiTM6CXKbewNEHEmql4G071OATXgYkF2
+KRu/4Q30i5EjDz+W2GKKloFXtZstweFuXiTVh13Q/XOt1Il/Ufwsgo0iMH1DNAW
1+DjSugJqERCkw8yRe+zqrBeUkif16zQaC2HFI1PyegWjfZ0VZ2AFcim3GmgVKhU
EpFHB3PeBqYNVi8ZB9X653OmXYmLOhwnNMLtrLdiZKfcY4xQAb+Lf34prhXW9g1e
08++wBEIc59fP46rc4HSpOce5cgXMmljJ48/Q6pIsO3t
-----END CERTIFICATE-----