Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32332d3332203d3e203531313637.roa
File:                     352e3138302e3134382e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          5LuJLp8sd4mx2l9bxsrslPTm23GxgmuTgc8c8yDBIaM=
Subject key identifier:   D0:38:3E:76:48:13:2D:04:01:A2:91:9D:47:A9:D7:0B:F9:6D:BF:58
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       2A4AD988B4FD0958C5FD1D5A484D81FFF9F8DA58
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32332d3332203d3e203531313637.roa
Signing time:             Thu 30 May 2024 20:39:02 +0000
ROA not before:           Thu 30 May 2024 20:34:02 +0000
ROA not after:            Thu 29 May 2025 20:39:02 +0000
asID:                     51167
IP address blocks:        5.180.148.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:4a:d9:88:b4:fd:09:58:c5:fd:1d:5a:48:4d:81:ff:f9:f8:da:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: May 30 20:34:02 2024 GMT
            Not After : May 29 20:39:02 2025 GMT
        Subject: CN=D0383E7648132D0401A2919D47A9D70BF96DBF58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:40:09:51:4c:9f:e5:37:ea:5e:65:94:da:53:
                    84:50:ca:eb:31:87:ae:71:e1:8f:4e:54:8b:0f:04:
                    f1:52:be:82:13:5c:c9:f6:bc:b7:50:92:49:7a:33:
                    a2:9a:4e:ca:b5:64:5f:3a:35:a3:3e:de:c0:fb:10:
                    af:82:14:49:cf:28:9d:f4:a9:22:a8:ad:14:72:bd:
                    b7:5c:6d:6b:aa:f7:30:42:88:b4:cb:0f:7d:dd:1d:
                    26:f4:bf:07:18:9e:6e:c7:24:84:76:d6:24:2a:76:
                    06:83:d9:10:57:5e:69:0a:22:45:fd:2b:81:ca:d1:
                    cd:34:9e:81:bc:1b:10:73:d8:bd:01:21:6c:46:de:
                    ff:9a:9d:6a:bc:3a:2a:d9:ce:4c:dd:ec:2d:64:3e:
                    76:84:d7:ee:1b:63:c7:18:db:bd:83:f5:9f:72:d5:
                    11:0b:7e:92:a2:06:61:62:17:28:13:09:d9:be:37:
                    67:20:31:73:48:f1:67:d7:17:1d:38:d4:92:70:ba:
                    0e:e9:b1:a2:29:35:1b:0b:73:eb:bd:9d:d6:87:2d:
                    a6:99:60:47:8a:85:14:c3:8b:bc:08:d4:3b:ad:a7:
                    d7:12:ef:e4:d1:d8:87:75:e5:84:9b:e1:b0:1f:b4:
                    22:62:3a:18:89:d9:bf:e5:72:24:1d:3a:59:ae:2c:
                    f9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:38:3E:76:48:13:2D:04:01:A2:91:9D:47:A9:D7:0B:F9:6D:BF:58
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:68:ea:41:9e:8b:e6:2f:b8:d9:97:c3:4b:d6:5d:d3:22:30:
         c8:cb:eb:95:10:23:d0:6f:21:5d:ec:a5:53:2b:4a:d9:65:96:
         1f:b8:7f:d4:f3:d0:df:2f:38:b9:26:09:3d:63:5e:ca:d3:88:
         a0:27:24:5b:46:7c:98:f7:40:11:ed:ca:7f:8c:22:86:bb:4d:
         7d:f3:ea:93:ce:23:0f:64:a6:6c:e2:ec:a5:77:e4:09:01:6d:
         35:e2:29:c3:fa:80:aa:f5:24:63:30:76:35:b0:0b:2f:22:87:
         f1:de:db:79:7a:4e:77:42:da:fd:c8:5b:0b:b1:4c:47:a7:b0:
         ab:05:a5:97:63:63:cb:52:57:9a:b2:c5:99:8c:4f:19:6d:81:
         c6:19:5a:f6:df:ad:91:9a:1c:9f:5d:40:d8:23:6c:7c:8f:70:
         09:e0:a0:8f:d4:cb:af:6d:75:69:07:59:bb:e9:99:c8:a3:06:
         66:1d:b1:e7:54:99:3e:5e:62:5b:b2:d4:9a:1a:b8:0f:15:f9:
         f7:df:6c:93:69:d7:a9:43:03:08:9a:7b:f6:c5:65:b6:01:2e:
         08:cf:09:f2:44:25:16:d6:e3:72:c4:5e:c2:75:f1:1e:ee:03:
         2d:97:d1:83:89:51:51:38:2f:11:83:b4:9a:0b:fd:8b:05:c4:
         3d:73:07:b4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKkrZiLT9CVjF/R1aSE2B//n42lgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA1MzAyMDM0MDJaFw0yNTA1MjkyMDM5MDJaMDMxMTAvBgNV
BAMTKEQwMzgzRTc2NDgxMzJEMDQwMUEyOTE5RDQ3QTlENzBCRjk2REJGNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFQAlRTJ/lN+peZZTaU4RQyusx
h65x4Y9OVIsPBPFSvoITXMn2vLdQkkl6M6KaTsq1ZF86NaM+3sD7EK+CFEnPKJ30
qSKorRRyvbdcbWuq9zBCiLTLD33dHSb0vwcYnm7HJIR21iQqdgaD2RBXXmkKIkX9
K4HK0c00noG8GxBz2L0BIWxG3v+anWq8OirZzkzd7C1kPnaE1+4bY8cY272D9Z9y
1RELfpKiBmFiFygTCdm+N2cgMXNI8WfXFx041JJwug7psaIpNRsLc+u9ndaHLaaZ
YEeKhRTDi7wI1Dutp9cS7+TR2Id15YSb4bAftCJiOhiJ2b/lciQdOlmuLPlhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0Dg+dkgTLQQBopGdR6nXC/ltv1gwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMDJlMzEzNDM4
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQW0
lDANBgkqhkiG9w0BAQsFAAOCAQEAPGjqQZ6L5i+42ZfDS9Zd0yIwyMvrlRAj0G8h
XeylUytK2WWWH7h/1PPQ3y84uSYJPWNeytOIoCckW0Z8mPdAEe3Kf4wihrtNffPq
k84jD2SmbOLspXfkCQFtNeIpw/qAqvUkYzB2NbALLyKH8d7beXpOd0La/chbC7FM
R6ewqwWll2Njy1JXmrLFmYxPGW2Bxhla9t+tkZocn11A2CNsfI9wCeCgj9TLr211
aQdZu+mZyKMGZh2x51SZPl5iW7LUmhq4DxX5999sk2nXqUMDCJp79sVltgEuCM8J
8kQlFtbjcsRewnXxHu4DLZfRg4lRUTgvEYO0mgv9iwXEPXMHtA==
-----END CERTIFICATE-----