Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37382e302f32342d3234203d3e20313336373837.roa
File:                     352e3130342e37382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          pA34R//qZ5XqgM5O49kfj1tyHoa0rvv7aOdRRD4lfjE=
Subject key identifier:   C8:60:CB:F3:FF:BA:C5:65:10:45:F2:57:DF:F8:E1:D9:AD:1A:56:0B
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       2F32C5CF186D381211696254D3CEE7F8042B931E
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37382e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 04 Mar 2024 19:44:33 +0000
ROA not before:           Mon 04 Mar 2024 19:39:33 +0000
ROA not after:            Mon 03 Mar 2025 19:44:33 +0000
asID:                     136787
IP address blocks:        5.104.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:32:c5:cf:18:6d:38:12:11:69:62:54:d3:ce:e7:f8:04:2b:93:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar  4 19:39:33 2024 GMT
            Not After : Mar  3 19:44:33 2025 GMT
        Subject: CN=C860CBF3FFBAC5651045F257DFF8E1D9AD1A560B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:fa:a3:a4:b5:52:a2:e6:11:49:5e:55:2e:74:
                    3c:68:ba:04:dc:31:ea:21:87:a4:27:d5:09:0f:7c:
                    fa:4e:4c:4f:f8:cc:c0:9d:04:9a:97:89:d5:af:50:
                    d3:0c:9c:bb:63:dd:e3:41:73:2f:df:59:76:2b:e0:
                    e3:04:6e:95:2d:94:10:cb:02:82:70:27:9c:f6:20:
                    fd:f7:59:c0:7d:7a:0c:77:c5:b8:66:67:af:63:9a:
                    1d:2a:4a:70:4a:9a:94:95:df:e8:5d:cb:f7:ad:53:
                    56:e9:72:a5:59:79:cc:6d:36:6c:5c:8e:55:2f:d5:
                    77:b7:0b:2c:9e:95:ca:b2:48:8e:36:74:72:82:d2:
                    c6:b9:83:70:7b:29:f2:1a:d8:2e:22:c3:c0:59:47:
                    05:c5:a4:a0:e1:dc:80:1a:db:f4:fa:a7:35:6b:e8:
                    fb:ea:8b:7d:a0:69:25:ff:a4:fb:0a:8f:17:00:3d:
                    ca:99:ce:d7:f4:3b:02:1f:2e:57:5d:60:96:2e:34:
                    dd:51:83:81:32:05:bf:2c:c3:91:42:c5:0b:78:fd:
                    79:7a:ba:ea:cd:11:ce:72:3a:17:91:de:59:3f:41:
                    de:f8:95:f9:c5:0a:7c:54:f4:8d:ba:f3:86:d6:de:
                    2f:cb:e3:e6:4c:3c:f3:30:8f:d2:df:87:45:0a:41:
                    1d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:60:CB:F3:FF:BA:C5:65:10:45:F2:57:DF:F8:E1:D9:AD:1A:56:0B
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3130342e37382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:1c:5c:91:30:f4:ad:d0:0d:07:3e:3b:ca:32:e2:b2:e9:12:
         a6:5d:62:29:82:4c:e1:97:26:2c:1b:3a:98:c2:44:93:2c:9c:
         02:14:01:8d:17:74:85:40:3e:8c:cb:dc:91:92:65:be:40:5a:
         a1:1a:1b:65:45:96:ed:aa:94:40:fb:6f:88:06:33:27:73:79:
         21:94:6c:74:bc:df:a7:75:a7:12:61:2a:a0:cb:54:69:f2:ba:
         d3:9a:eb:e3:d9:f5:3a:06:d7:13:db:c7:ae:29:72:e6:d4:00:
         3c:4f:d2:00:40:cf:31:d6:4d:2e:36:66:7c:0c:b2:e8:2c:c8:
         77:b3:a5:08:7b:79:30:77:48:54:bc:02:1c:1f:2d:7b:4f:b4:
         42:0f:b5:7d:e3:89:a1:44:e7:a0:05:f1:51:e3:c6:d3:d2:93:
         69:bf:1d:9e:2d:fb:78:77:14:f4:16:c4:20:8e:2e:5a:ca:3c:
         4b:f3:e4:b5:21:7b:3e:ca:05:2a:1c:ea:98:5b:db:2f:6d:bc:
         ce:27:96:da:ad:3a:7a:7d:ed:60:d2:3d:a7:33:ab:26:fa:6a:
         04:eb:34:64:f2:77:4d:e3:f9:56:f1:a3:39:73:8e:5a:16:4c:
         a4:a7:44:48:cf:16:f9:28:41:e3:77:e1:bf:83:23:f9:b5:6a:
         dd:3e:0d:5b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULzLFzxhtOBIRaWJU087n+AQrkx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMDQxOTM5MzNaFw0yNTAzMDMxOTQ0MzNaMDMxMTAvBgNV
BAMTKEM4NjBDQkYzRkZCQUM1NjUxMDQ1RjI1N0RGRjhFMUQ5QUQxQTU2MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj+qOktVKi5hFJXlUudDxougTc
Meohh6Qn1QkPfPpOTE/4zMCdBJqXidWvUNMMnLtj3eNBcy/fWXYr4OMEbpUtlBDL
AoJwJ5z2IP33WcB9egx3xbhmZ69jmh0qSnBKmpSV3+hdy/etU1bpcqVZecxtNmxc
jlUv1Xe3CyyelcqySI42dHKC0sa5g3B7KfIa2C4iw8BZRwXFpKDh3IAa2/T6pzVr
6Pvqi32gaSX/pPsKjxcAPcqZztf0OwIfLlddYJYuNN1Rg4EyBb8sw5FCxQt4/Xl6
uurNEc5yOheR3lk/Qd74lfnFCnxU9I2684bW3i/L4+ZMPPMwj9Lfh0UKQR0XAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyGDL8/+6xWUQRfJX3/jh2a0aVgswHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzAzNDJlMzczODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAVo
TjANBgkqhkiG9w0BAQsFAAOCAQEAUxxckTD0rdANBz47yjLisukSpl1iKYJM4Zcm
LBs6mMJEkyycAhQBjRd0hUA+jMvckZJlvkBaoRobZUWW7aqUQPtviAYzJ3N5IZRs
dLzfp3WnEmEqoMtUafK605rr49n1OgbXE9vHrily5tQAPE/SAEDPMdZNLjZmfAyy
6CzId7OlCHt5MHdIVLwCHB8te0+0Qg+1feOJoUTnoAXxUePG09KTab8dni37eHcU
9BbEII4uWso8S/PktSF7PsoFKhzqmFvbL228zieW2q06en3tYNI9pzOrJvpqBOs0
ZPJ3TeP5VvGjOXOOWhZMpKdESM8W+ShB43fhv4Mj+bVq3T4NWw==
-----END CERTIFICATE-----