Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32332d3233203d3e20383334.roa
File:                     352e3138302e3134382e302f32332d3233203d3e20383334.roa (raw, json)
Hash identifier:          D6iuLu+oraRt5c3JkxYxv7M2psIyYeCG5wyiVu+v0Eg=
Subject key identifier:   B5:89:C7:18:83:60:55:0F:E3:68:36:D6:83:09:91:F0:1D:4F:EB:A3
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       742F41CD177EB196497576F969252992BE146A3E
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32332d3233203d3e20383334.roa
Signing time:             Mon 11 Mar 2024 05:10:27 +0000
ROA not before:           Mon 11 Mar 2024 05:05:27 +0000
ROA not after:            Mon 10 Mar 2025 05:10:27 +0000
asID:                     834
IP address blocks:        5.180.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:2f:41:cd:17:7e:b1:96:49:75:76:f9:69:25:29:92:be:14:6a:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar 11 05:05:27 2024 GMT
            Not After : Mar 10 05:10:27 2025 GMT
        Subject: CN=B589C7188360550FE36836D6830991F01D4FEBA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0f:b2:29:8b:85:43:51:2e:06:69:0a:73:87:
                    7c:d0:54:38:01:42:e5:b2:21:74:4b:e5:6d:a5:ea:
                    43:69:20:bb:01:f4:f2:62:2e:00:a7:9f:cf:d8:74:
                    c4:4d:b1:43:5d:37:37:6d:27:4d:14:ad:8d:16:aa:
                    b8:c2:73:4f:d0:91:15:50:0c:70:3b:54:dc:a9:4d:
                    55:ea:14:fd:b6:6e:f3:b6:8b:34:59:73:d4:fc:da:
                    59:aa:9c:cd:89:c7:f8:f3:d5:e9:76:cc:0c:59:57:
                    d3:e1:f2:75:de:04:89:59:b8:99:bf:be:ff:9e:bb:
                    54:e6:87:44:92:27:3d:40:52:dd:b7:ab:8d:53:50:
                    17:dd:25:99:1b:f9:83:d5:53:57:a9:3c:75:89:48:
                    81:58:22:6c:2f:29:1c:e2:c7:c5:67:83:ed:ad:72:
                    a6:29:d0:52:1a:7b:ce:f8:a7:6d:6f:21:84:dc:a4:
                    be:28:35:f5:2c:5d:e3:f8:43:89:7a:ff:bf:65:76:
                    74:b9:40:ca:8f:f7:46:18:f8:c8:24:b2:b8:f0:21:
                    90:df:a5:8f:07:25:c0:c6:4e:53:7f:32:f2:ec:e3:
                    42:b8:2a:08:97:2a:cb:92:bf:61:9a:6f:45:0c:8d:
                    5f:6d:8f:dc:6f:fa:89:4b:80:81:41:e6:3b:06:fc:
                    1e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:89:C7:18:83:60:55:0F:E3:68:36:D6:83:09:91:F0:1D:4F:EB:A3
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32332d3233203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:55:8b:0d:92:58:59:b8:c3:7b:7a:c6:80:49:3c:e3:80:b1:
         cc:7f:4f:86:db:41:3b:5e:93:e5:da:5f:13:3e:18:38:8c:0c:
         68:e8:50:b5:b4:cd:af:fa:49:03:eb:6d:2a:6a:06:af:82:ba:
         3e:6e:72:ed:81:d1:00:6b:81:fb:51:2c:11:7d:0a:ec:dd:89:
         5c:ff:4e:e6:9c:f9:a7:f7:26:59:72:20:e2:a8:75:ba:70:37:
         43:8e:76:19:d2:62:d3:9a:9f:bb:7f:71:e5:84:7f:5a:42:b3:
         c4:a6:b3:9c:3c:39:c4:04:ae:9a:6c:c3:87:7d:ab:35:45:91:
         b4:32:c9:f2:60:f9:49:b5:af:85:dc:89:93:e5:2d:78:d0:cf:
         ea:a3:66:85:65:74:ae:c8:90:76:c8:1a:67:6f:a0:c7:d7:1c:
         c4:6e:ab:b2:5a:03:34:5c:70:62:d2:7d:27:37:97:94:9f:b3:
         74:39:66:fe:a3:d5:ba:aa:a5:26:96:13:82:93:d7:37:7d:64:
         b5:46:2f:16:ad:19:8b:de:98:45:bf:57:5d:b3:9f:67:da:ee:
         ba:aa:c2:f7:d9:41:2e:06:02:73:f8:2e:6f:87:17:3d:7e:11:
         a9:a3:18:26:c9:71:ac:e6:ca:38:a5:0e:08:61:6f:ff:bf:b8:
         4f:f8:54:93
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUdC9BzRd+sZZJdXb5aSUpkr4Uaj4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMTEwNTA1MjdaFw0yNTAzMTAwNTEwMjdaMDMxMTAvBgNV
BAMTKEI1ODlDNzE4ODM2MDU1MEZFMzY4MzZENjgzMDk5MUYwMUQ0RkVCQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCD7Ipi4VDUS4GaQpzh3zQVDgB
QuWyIXRL5W2l6kNpILsB9PJiLgCnn8/YdMRNsUNdNzdtJ00UrY0WqrjCc0/QkRVQ
DHA7VNypTVXqFP22bvO2izRZc9T82lmqnM2Jx/jz1el2zAxZV9Ph8nXeBIlZuJm/
vv+eu1Tmh0SSJz1AUt23q41TUBfdJZkb+YPVU1epPHWJSIFYImwvKRzix8Vng+2t
cqYp0FIae874p21vIYTcpL4oNfUsXeP4Q4l6/79ldnS5QMqP90YY+MgksrjwIZDf
pY8HJcDGTlN/MvLs40K4KgiXKsuSv2Gab0UMjV9tj9xv+olLgIFB5jsG/B4LAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtYnHGINgVQ/jaDbWgwmR8B1P66MwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMDJlMzEzNDM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbSUMA0G
CSqGSIb3DQEBCwUAA4IBAQApVYsNklhZuMN7esaASTzjgLHMf0+G20E7XpPl2l8T
Phg4jAxo6FC1tM2v+kkD620qagavgro+bnLtgdEAa4H7USwRfQrs3Ylc/07mnPmn
9yZZciDiqHW6cDdDjnYZ0mLTmp+7f3HlhH9aQrPEprOcPDnEBK6abMOHfas1RZG0
MsnyYPlJta+F3ImT5S140M/qo2aFZXSuyJB2yBpnb6DH1xzEbquyWgM0XHBi0n0n
N5eUn7N0OWb+o9W6qqUmlhOCk9c3fWS1Ri8WrRmL3phFv1dds59n2u66qsL32UEu
BgJz+C5vhxc9fhGpoxgmyXGs5so4pQ4IYW//v7hP+FST
-----END CERTIFICATE-----