Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137372e302f32342d3234203d3e203433323630.roa
File:                     352e3138312e3137372e302f32342d3234203d3e203433323630.roa (raw, json)
Hash identifier:          tpJ/TSBOVT7lgJQtkocRyvyqHuRbD+ZeL/QiLlF7kEk=
Subject key identifier:   93:67:AF:73:D2:69:CC:D6:DE:D2:8F:DF:E2:9E:19:AC:5D:39:4D:FC
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       447280383FC6BDCBC0790FE4C23343F32D536F5F
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137372e302f32342d3234203d3e203433323630.roa
Signing time:             Sat 16 Sep 2023 22:23:51 +0000
ROA not before:           Sat 16 Sep 2023 22:18:51 +0000
ROA not after:            Sat 14 Sep 2024 22:23:51 +0000
asID:                     43260
IP address blocks:        5.181.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:72:80:38:3f:c6:bd:cb:c0:79:0f:e4:c2:33:43:f3:2d:53:6f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Sep 16 22:18:51 2023 GMT
            Not After : Sep 14 22:23:51 2024 GMT
        Subject: CN=9367AF73D269CCD6DED28FDFE29E19AC5D394DFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cd:d7:aa:15:c2:ba:00:ef:76:02:c9:5b:d7:
                    f3:b6:d0:ce:8f:78:be:e7:0d:28:d5:3c:ac:9e:b9:
                    01:92:b7:64:3f:ab:b6:61:d5:14:10:ee:79:a6:46:
                    4a:8f:59:48:55:ca:d1:43:96:23:10:8b:f9:ce:65:
                    61:85:4e:d0:db:1c:f3:26:d4:c4:29:7e:a1:dc:81:
                    60:51:7f:46:ba:84:85:7a:6a:0f:a0:ed:7c:1b:dc:
                    26:98:07:e0:bc:57:8c:26:a1:ef:aa:b3:ec:fe:4d:
                    84:23:d2:ec:e8:25:68:20:c2:9d:23:a2:b2:4e:72:
                    13:5d:fd:ae:bd:e4:50:81:e5:25:16:2d:f5:05:62:
                    be:54:23:8e:cb:3c:1d:47:33:db:5e:f5:30:6c:56:
                    91:b6:6c:29:79:e0:f8:54:ad:d3:45:bd:cd:4a:ca:
                    81:3c:1d:79:a0:e1:79:33:e6:f1:e1:66:43:fb:2d:
                    c9:8f:47:4b:4d:47:3d:a1:69:33:fa:27:56:1a:73:
                    ab:5e:aa:86:0d:a8:8d:74:dd:da:ab:f1:80:a1:58:
                    45:82:51:a6:eb:95:ee:c3:0e:8c:4c:7b:24:19:ce:
                    dd:15:20:2b:1d:82:bd:86:1c:61:f0:66:a9:38:b4:
                    25:09:de:86:95:6e:d3:8c:67:cb:c8:2b:78:8e:dd:
                    4a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:67:AF:73:D2:69:CC:D6:DE:D2:8F:DF:E2:9E:19:AC:5D:39:4D:FC
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137372e302f32342d3234203d3e203433323630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:fb:47:f3:57:66:81:01:3e:8f:89:4b:32:3a:e1:1f:57:79:
         eb:96:d9:04:60:af:82:4e:b2:69:dc:2c:20:70:e3:70:1c:b4:
         31:9d:a2:1a:4e:66:13:ee:46:2b:1e:c6:b3:c1:d2:c6:ee:63:
         06:58:1a:9b:d8:18:dd:b0:a4:a5:cb:2a:5b:76:cb:50:06:90:
         ee:91:73:13:a4:c2:96:7a:09:fd:e4:26:f5:2f:c7:23:48:4e:
         73:8e:ac:25:79:ce:56:95:97:aa:e6:52:3b:f5:ce:64:59:1f:
         48:08:5f:1f:43:5f:d2:69:23:df:45:1b:b6:27:fc:5e:1f:72:
         17:f9:79:7a:19:d2:57:da:5a:b1:fa:73:60:08:56:29:d2:49:
         b6:51:fa:3e:40:1d:dd:0a:e5:53:07:64:f0:3f:ee:03:ab:b5:
         78:67:00:81:91:31:0f:2c:f7:af:96:f9:6d:c8:50:ed:7d:b4:
         d8:dc:3c:b3:d2:2b:f4:5a:db:33:6e:88:ec:4d:6e:fe:22:e3:
         7c:4e:43:06:8a:83:12:ca:2d:09:71:58:33:8f:8e:4e:5d:9b:
         37:25:72:0c:2a:13:20:54:1e:c3:4e:ed:a8:07:2d:75:42:62:
         6c:dc:30:a0:3b:5f:5e:4d:02:ec:23:50:13:ac:f7:0d:0c:4f:
         cc:50:f0:36
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURHKAOD/GvcvAeQ/kwjND8y1Tb18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzA5MTYyMjE4NTFaFw0yNDA5MTQyMjIzNTFaMDMxMTAvBgNV
BAMTKDkzNjdBRjczRDI2OUNDRDZERUQyOEZERkUyOUUxOUFDNUQzOTRERkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzdeqFcK6AO92Aslb1/O20M6P
eL7nDSjVPKyeuQGSt2Q/q7Zh1RQQ7nmmRkqPWUhVytFDliMQi/nOZWGFTtDbHPMm
1MQpfqHcgWBRf0a6hIV6ag+g7Xwb3CaYB+C8V4wmoe+qs+z+TYQj0uzoJWggwp0j
orJOchNd/a695FCB5SUWLfUFYr5UI47LPB1HM9te9TBsVpG2bCl54PhUrdNFvc1K
yoE8HXmg4Xkz5vHhZkP7LcmPR0tNRz2haTP6J1Yac6teqoYNqI103dqr8YChWEWC
Uabrle7DDoxMeyQZzt0VICsdgr2GHGHwZqk4tCUJ3oaVbtOMZ8vIK3iO3UqzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUk2evc9JpzNbe0o/f4p4ZrF05TfwwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzUyZTMxMzgzMTJlMzEzNzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMzMyMzYzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW1
sTANBgkqhkiG9w0BAQsFAAOCAQEAFPtH81dmgQE+j4lLMjrhH1d565bZBGCvgk6y
adwsIHDjcBy0MZ2iGk5mE+5GKx7Gs8HSxu5jBlgam9gY3bCkpcsqW3bLUAaQ7pFz
E6TClnoJ/eQm9S/HI0hOc46sJXnOVpWXquZSO/XOZFkfSAhfH0Nf0mkj30Ubtif8
Xh9yF/l5ehnSV9pasfpzYAhWKdJJtlH6PkAd3QrlUwdk8D/uA6u1eGcAgZExDyz3
r5b5bchQ7X202Nw8s9Ir9FrbM26I7E1u/iLjfE5DBoqDEsotCXFYM4+OTl2bNyVy
DCoTIFQew07tqActdUJibNwwoDtfXk0C7CNQE6z3DQxPzFDwNg==
-----END CERTIFICATE-----