Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37362e302f32342d3234203d3e20313331313939.roa
File:                     352e3130342e37362e302f32342d3234203d3e20313331313939.roa (raw, json)
Hash identifier:          B7k24kn8fYba5BZNZjnrwuHZFBvyAfeNYVdcVRZVPPw=
Subject key identifier:   58:04:37:68:11:6E:51:A6:75:5F:EF:6A:72:9C:35:B8:88:29:38:CB
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       06DA59C328C725134BD1EA9DEDFB9D418E6D1BCB
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37362e302f32342d3234203d3e20313331313939.roa
Signing time:             Mon 26 Feb 2024 08:52:57 +0000
ROA not before:           Mon 26 Feb 2024 08:47:57 +0000
ROA not after:            Mon 24 Feb 2025 08:52:57 +0000
asID:                     131199
IP address blocks:        5.104.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:da:59:c3:28:c7:25:13:4b:d1:ea:9d:ed:fb:9d:41:8e:6d:1b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:57 2024 GMT
            Not After : Feb 24 08:52:57 2025 GMT
        Subject: CN=58043768116E51A6755FEF6A729C35B8882938CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:59:e9:fc:29:87:25:df:63:f0:62:1d:51:e5:
                    a0:28:28:c3:7f:43:e3:54:fe:03:f1:b2:ac:e4:a6:
                    5c:bb:9f:0e:1f:fb:c0:ca:97:a5:5e:67:ae:49:74:
                    ae:45:5a:49:68:a2:c5:42:49:1d:d9:4e:74:1f:bd:
                    bb:d2:ae:de:4f:ba:08:9f:92:d6:7b:59:e7:8f:db:
                    94:08:21:71:6b:5e:43:0b:28:99:07:8e:dc:c8:28:
                    1c:c9:12:40:3f:28:b7:02:7b:12:cb:93:ac:c4:3b:
                    23:19:b4:2f:f0:67:e2:ae:ab:b7:47:3b:74:b9:c6:
                    a3:5e:ed:01:d3:98:d2:a5:4a:1b:c3:63:5e:e2:4f:
                    3a:e8:51:14:12:53:1a:37:13:d0:24:ae:37:ad:bb:
                    2b:06:a0:fd:31:c5:3e:bc:df:4f:a9:ac:1b:b4:64:
                    f8:82:f9:df:a9:dc:18:8c:3a:2c:76:5f:ee:08:91:
                    6b:54:f7:3f:ff:8b:ca:16:68:9e:e4:d4:1e:f8:76:
                    f0:61:1b:b8:df:e2:99:45:00:a8:5c:e0:6d:f0:05:
                    b5:ee:c9:e0:5c:53:5d:69:35:68:71:14:74:f8:49:
                    9b:9b:c0:4c:03:07:a0:ac:69:a5:0f:1c:3c:72:d2:
                    76:1e:f4:9f:cc:15:5c:7e:50:6c:85:98:9a:e6:ba:
                    63:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:04:37:68:11:6E:51:A6:75:5F:EF:6A:72:9C:35:B8:88:29:38:CB
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37362e302f32342d3234203d3e20313331313939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e8:e0:35:f2:a2:b9:55:4a:7e:9a:4f:10:36:33:72:8a:09:
         e2:08:1e:f9:d4:35:a6:9a:3d:cd:9c:bd:90:b6:09:26:f5:0d:
         67:bd:aa:1c:94:84:c2:21:f1:07:8a:cf:38:b9:ee:8d:50:0e:
         fc:e0:fe:30:45:f0:36:2c:f6:3c:aa:52:84:68:45:c2:59:35:
         63:41:eb:a3:02:11:ec:35:8f:ef:df:80:20:d1:2c:fa:25:bf:
         cc:d9:0d:76:d5:89:cf:1a:46:2d:72:e4:1b:84:ba:63:cc:95:
         9f:89:14:9b:29:e8:45:93:5f:c3:49:d7:0f:df:55:8b:f2:3b:
         58:b7:84:29:0a:78:3f:67:98:ec:97:73:b7:b3:be:c5:81:33:
         00:b0:26:29:ae:ab:e0:c4:a4:4f:c4:79:39:46:f3:ac:f5:bc:
         7d:e5:b9:65:4a:db:80:7b:0a:d1:f3:45:05:3e:9e:26:a0:d9:
         c1:ea:58:be:3d:4a:e4:93:2f:a7:c2:65:c7:a8:18:9d:18:8c:
         40:63:ea:29:da:e4:cc:d7:27:0a:d5:13:d2:01:19:cb:6f:08:
         eb:88:5d:c5:87:47:e2:fa:59:fe:e1:68:c9:73:a9:3c:4d:42:
         51:24:20:da:57:8d:a6:56:15:b8:bf:9a:c1:2d:32:73:69:27:
         e1:ec:9d:79
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBtpZwyjHJRNL0eqd7fudQY5tG8swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTdaFw0yNTAyMjQwODUyNTdaMDMxMTAvBgNV
BAMTKDU4MDQzNzY4MTE2RTUxQTY3NTVGRUY2QTcyOUMzNUI4ODgyOTM4Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjWen8KYcl32PwYh1R5aAoKMN/
Q+NU/gPxsqzkply7nw4f+8DKl6VeZ65JdK5FWkloosVCSR3ZTnQfvbvSrt5Pugif
ktZ7WeeP25QIIXFrXkMLKJkHjtzIKBzJEkA/KLcCexLLk6zEOyMZtC/wZ+Kuq7dH
O3S5xqNe7QHTmNKlShvDY17iTzroURQSUxo3E9AkrjetuysGoP0xxT6830+prBu0
ZPiC+d+p3BiMOix2X+4IkWtU9z//i8oWaJ7k1B74dvBhG7jf4plFAKhc4G3wBbXu
yeBcU11pNWhxFHT4SZubwEwDB6CsaaUPHDxy0nYe9J/MFVx+UGyFmJrmumOtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWAQ3aBFuUaZ1X+9qcpw1uIgpOMswHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzAzNDJlMzczNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzMTMxMzkzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAVo
TDANBgkqhkiG9w0BAQsFAAOCAQEAjOjgNfKiuVVKfppPEDYzcooJ4gge+dQ1ppo9
zZy9kLYJJvUNZ72qHJSEwiHxB4rPOLnujVAO/OD+MEXwNiz2PKpShGhFwlk1Y0Hr
owIR7DWP79+AINEs+iW/zNkNdtWJzxpGLXLkG4S6Y8yVn4kUmynoRZNfw0nXD99V
i/I7WLeEKQp4P2eY7Jdzt7O+xYEzALAmKa6r4MSkT8R5OUbzrPW8feW5ZUrbgHsK
0fNFBT6eJqDZwepYvj1K5JMvp8Jlx6gYnRiMQGPqKdrkzNcnCtUT0gEZy28I64hd
xYdH4vpZ/uFoyXOpPE1CUSQg2leNplYVuL+awS0yc2kn4eydeQ==
-----END CERTIFICATE-----