Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37372e302f32342d3234203d3e20313336373837.roa
File:                     352e3130342e37372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          3OEKGDn875FRyPCfqzFA4/56P5XwYpXJjdUBOvghuDg=
Subject key identifier:   A7:38:B4:33:85:4E:0F:79:AD:78:8B:B7:9B:88:8D:9C:0A:F0:8B:FD
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       07EA531734BF1E0C43356DCB529A6616453D4870
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37372e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 04 Mar 2024 19:44:22 +0000
ROA not before:           Mon 04 Mar 2024 19:39:22 +0000
ROA not after:            Mon 03 Mar 2025 19:44:22 +0000
asID:                     136787
IP address blocks:        5.104.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:ea:53:17:34:bf:1e:0c:43:35:6d:cb:52:9a:66:16:45:3d:48:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar  4 19:39:22 2024 GMT
            Not After : Mar  3 19:44:22 2025 GMT
        Subject: CN=A738B433854E0F79AD788BB79B888D9C0AF08BFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:54:42:4b:ec:5f:1e:82:d8:65:fd:e7:d1:29:
                    96:26:e2:c1:ef:68:10:22:27:74:01:ee:33:89:43:
                    d1:df:59:43:8e:60:9a:7f:1a:69:50:52:9b:f8:2d:
                    92:a5:96:ee:3f:3f:92:30:cd:6c:24:c0:cc:40:d6:
                    c3:94:9a:09:d3:69:62:a6:80:2f:e1:58:3e:67:d2:
                    b1:39:6a:57:92:72:b5:be:30:c8:b0:81:15:b2:b2:
                    ea:99:db:95:54:30:3b:9b:be:5a:ea:3d:c9:e7:ac:
                    03:27:8e:8d:1d:65:e9:85:74:94:5d:ba:9c:43:63:
                    36:3e:42:fe:a8:5a:a3:74:dc:2f:ad:58:06:e8:0d:
                    ac:a0:a0:44:12:02:4f:c1:7a:47:96:8d:74:c4:65:
                    63:83:84:83:34:02:9f:a6:a9:67:d0:8f:ee:72:fe:
                    e8:67:c1:94:b7:42:ce:cb:6f:37:fb:ab:8c:a6:12:
                    a4:f7:52:b7:d5:a4:7f:96:12:c4:da:46:99:73:82:
                    3d:89:13:e9:91:2c:56:5a:c8:e8:ba:94:fd:eb:8f:
                    25:76:77:b0:80:8b:cc:97:a8:2f:e9:e1:77:95:b1:
                    03:46:fc:f7:4f:30:54:98:1e:a0:fa:13:5f:5e:ca:
                    12:fd:86:f6:d7:2a:d3:59:a7:12:13:57:0d:59:c5:
                    26:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:38:B4:33:85:4E:0F:79:AD:78:8B:B7:9B:88:8D:9C:0A:F0:8B:FD
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:67:05:1a:9e:d2:e8:f2:d0:f4:66:e1:75:85:4f:0e:73:70:
         e9:8b:48:88:96:50:60:bb:b3:36:b2:db:2e:3b:87:8d:0c:e7:
         2a:54:80:06:6b:9d:d0:97:2e:fc:88:e3:65:3a:58:c1:dd:e0:
         d4:bb:45:96:5f:0d:bc:f6:50:ec:04:a5:c9:a6:93:91:eb:15:
         09:5a:38:80:32:50:7e:f7:f9:7c:48:26:2e:91:c7:ba:5c:cd:
         1e:56:53:2c:7f:1a:5a:bd:9d:50:ac:5d:33:01:dd:04:bf:57:
         11:29:5a:76:59:67:a2:8a:39:1d:28:f8:66:e0:ae:3d:71:6a:
         1d:0e:e7:43:34:95:dd:93:5b:3d:2a:6f:22:c8:ea:11:05:f9:
         ee:07:09:04:b6:7f:3c:9b:a4:4c:64:de:8d:6e:6c:67:f5:ff:
         a5:64:75:01:b2:6f:84:5c:48:d6:d9:86:01:fd:78:39:07:70:
         74:e5:9d:94:35:f5:24:3c:41:11:a4:bd:31:c5:97:95:77:3c:
         8f:53:b6:11:c7:00:0c:3d:4b:0e:29:bf:d2:08:af:ff:ed:f3:
         6e:fa:f7:4e:e4:c2:9e:d8:3a:42:31:89:58:1d:2a:f4:24:ee:
         ae:79:99:3c:39:56:9a:8d:9f:69:de:84:50:ad:67:e1:c4:bc:
         82:ec:b3:d0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUB+pTFzS/HgxDNW3LUppmFkU9SHAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMDQxOTM5MjJaFw0yNTAzMDMxOTQ0MjJaMDMxMTAvBgNV
BAMTKEE3MzhCNDMzODU0RTBGNzlBRDc4OEJCNzlCODg4RDlDMEFGMDhCRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7VEJL7F8egthl/efRKZYm4sHv
aBAiJ3QB7jOJQ9HfWUOOYJp/GmlQUpv4LZKllu4/P5IwzWwkwMxA1sOUmgnTaWKm
gC/hWD5n0rE5aleScrW+MMiwgRWysuqZ25VUMDubvlrqPcnnrAMnjo0dZemFdJRd
upxDYzY+Qv6oWqN03C+tWAboDaygoEQSAk/BekeWjXTEZWODhIM0Ap+mqWfQj+5y
/uhnwZS3Qs7Lbzf7q4ymEqT3UrfVpH+WEsTaRplzgj2JE+mRLFZayOi6lP3rjyV2
d7CAi8yXqC/p4XeVsQNG/PdPMFSYHqD6E19eyhL9hvbXKtNZpxITVw1ZxSYpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpzi0M4VOD3mteIu3m4iNnArwi/0wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzAzNDJlMzczNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAVo
TTANBgkqhkiG9w0BAQsFAAOCAQEAZ2cFGp7S6PLQ9GbhdYVPDnNw6YtIiJZQYLuz
NrLbLjuHjQznKlSABmud0Jcu/IjjZTpYwd3g1LtFll8NvPZQ7ASlyaaTkesVCVo4
gDJQfvf5fEgmLpHHulzNHlZTLH8aWr2dUKxdMwHdBL9XESladllnooo5HSj4ZuCu
PXFqHQ7nQzSV3ZNbPSpvIsjqEQX57gcJBLZ/PJukTGTejW5sZ/X/pWR1AbJvhFxI
1tmGAf14OQdwdOWdlDX1JDxBEaS9McWXlXc8j1O2EccADD1LDim/0giv/+3zbvr3
TuTCntg6QjGJWB0q9CTurnmZPDlWmo2fad6EUK1n4cS8guyz0A==
-----END CERTIFICATE-----