Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137382e302f32342d3234203d3e203230343733.roa
File:                     352e3138312e3137382e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          GSOKhL5BSjIACEW+QUchy9LBLXuEasc9BFDwYUULqnA=
Subject key identifier:   0F:5B:67:85:D7:81:F9:F4:77:29:08:7D:63:96:8A:E4:6C:5C:A8:1C
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       27D4FD3143887B8FFAA9E8CD9696C452BB961454
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137382e302f32342d3234203d3e203230343733.roa
Signing time:             Fri 18 Oct 2024 13:24:28 +0000
ROA not before:           Fri 18 Oct 2024 13:19:28 +0000
ROA not after:            Fri 17 Oct 2025 13:24:28 +0000
asID:                     20473
IP address blocks:        5.181.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:d4:fd:31:43:88:7b:8f:fa:a9:e8:cd:96:96:c4:52:bb:96:14:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Oct 18 13:19:28 2024 GMT
            Not After : Oct 17 13:24:28 2025 GMT
        Subject: CN=0F5B6785D781F9F47729087D63968AE46C5CA81C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:23:35:76:9e:d3:31:ef:3f:bf:21:7c:7d:f1:
                    8a:79:f4:9e:37:c1:8a:a1:b0:ba:9d:e7:47:6c:1f:
                    75:f1:88:2c:cd:ae:dc:50:90:84:2b:0b:f1:17:e4:
                    2e:3b:5d:c2:78:82:c6:0e:b0:56:da:62:7e:ca:d9:
                    19:75:34:59:3f:7e:37:9f:1e:f4:01:9e:21:60:fb:
                    71:87:fe:5c:a5:5b:2c:21:3e:00:93:d3:9c:43:99:
                    d4:f2:69:3c:9b:ff:ae:54:de:de:aa:98:3b:e1:7d:
                    c4:54:36:8b:83:87:2c:2a:69:53:c5:d6:f8:7d:35:
                    0d:1d:d9:29:be:9b:d7:6a:f7:df:ba:39:54:9f:5c:
                    15:02:e9:e9:e3:30:bf:83:8c:cb:10:d7:6d:a1:0f:
                    82:91:e7:3b:33:8a:a9:53:96:2c:25:f8:0a:6e:52:
                    c2:12:65:db:2e:e6:42:b4:bb:85:7c:66:87:76:2e:
                    aa:0b:be:cf:85:e7:18:ab:b8:d8:4c:57:bf:89:a5:
                    42:de:af:0b:30:80:8e:e3:4a:08:81:b4:8b:b2:63:
                    16:48:4c:47:a8:77:e7:2f:a3:56:11:bd:96:e9:1a:
                    d5:da:e5:72:45:fe:9a:41:25:32:05:1f:0f:aa:c0:
                    07:3c:4f:7c:8a:a3:21:f0:05:bd:b3:84:14:dd:20:
                    da:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:5B:67:85:D7:81:F9:F4:77:29:08:7D:63:96:8A:E4:6C:5C:A8:1C
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137382e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:2d:fe:e9:e1:85:65:b5:b6:a4:34:ab:47:78:65:a1:1b:5d:
         38:fa:c0:22:6a:92:e1:9d:87:87:89:c2:42:2e:c0:bb:4e:a2:
         6f:49:2a:f1:d8:7c:f4:9a:32:81:ec:c4:18:db:31:af:54:d9:
         f0:58:87:d9:04:8c:ba:3e:ba:69:d1:37:79:bc:1d:da:dc:45:
         25:11:62:4b:e7:a5:4d:82:a1:7e:a9:ef:62:b1:a1:46:00:df:
         4c:5f:fd:4e:a9:ce:57:70:d1:b8:55:a6:a3:7d:84:5b:f6:05:
         86:d6:55:e0:95:9d:d8:ce:5d:4d:06:16:f8:b0:7d:d6:92:f5:
         b7:b0:c0:d7:98:7c:03:9f:2c:b4:c4:7b:31:a6:2f:be:a8:55:
         df:bb:70:a9:44:0c:ef:5b:8f:ae:7e:c8:fe:47:73:07:f8:63:
         be:ca:a2:fc:f1:7c:8f:95:29:e0:2f:22:3a:a4:4f:b3:60:06:
         71:89:3c:20:dc:a3:52:90:dd:d4:9b:e3:62:54:f8:56:42:56:
         30:76:03:10:f0:20:d0:da:6c:09:a8:5e:2e:aa:bd:5d:7c:e2:
         4c:05:6a:07:3e:ff:0a:e0:93:d1:91:6d:9a:3b:12:e6:8a:dd:
         f8:49:5c:b4:25:1d:f6:80:b5:8d:4e:b0:fe:68:41:59:a5:f6:
         aa:90:88:8c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ9T9MUOIe4/6qejNlpbEUruWFFQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDEwMTgxMzE5MjhaFw0yNTEwMTcxMzI0MjhaMDMxMTAvBgNV
BAMTKDBGNUI2Nzg1RDc4MUY5RjQ3NzI5MDg3RDYzOTY4QUU0NkM1Q0E4MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyIzV2ntMx7z+/IXx98Yp59J43
wYqhsLqd50dsH3XxiCzNrtxQkIQrC/EX5C47XcJ4gsYOsFbaYn7K2Rl1NFk/fjef
HvQBniFg+3GH/lylWywhPgCT05xDmdTyaTyb/65U3t6qmDvhfcRUNouDhywqaVPF
1vh9NQ0d2Sm+m9dq99+6OVSfXBUC6enjML+DjMsQ122hD4KR5zsziqlTliwl+Apu
UsISZdsu5kK0u4V8Zod2LqoLvs+F5xiruNhMV7+JpULerwswgI7jSgiBtIuyYxZI
TEeod+cvo1YRvZbpGtXa5XJF/ppBJTIFHw+qwAc8T3yKoyHwBb2zhBTdINqTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUD1tnhdeB+fR3KQh9Y5aK5GxcqBwwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzUyZTMxMzgzMTJlMzEzNzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW1
sjANBgkqhkiG9w0BAQsFAAOCAQEAcy3+6eGFZbW2pDSrR3hloRtdOPrAImqS4Z2H
h4nCQi7Au06ib0kq8dh89JoygezEGNsxr1TZ8FiH2QSMuj66adE3ebwd2txFJRFi
S+elTYKhfqnvYrGhRgDfTF/9TqnOV3DRuFWmo32EW/YFhtZV4JWd2M5dTQYW+LB9
1pL1t7DA15h8A58stMR7MaYvvqhV37twqUQM71uPrn7I/kdzB/hjvsqi/PF8j5Up
4C8iOqRPs2AGcYk8INyjUpDd1JvjYlT4VkJWMHYDEPAg0NpsCaheLqq9XXziTAVq
Bz7/CuCT0ZFtmjsS5ord+ElctCUd9oC1jU6w/mhBWaX2qpCIjA==
-----END CERTIFICATE-----