Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32342d3234203d3e20383334.roa
File:                     352e3138302e3134382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          LprKMeOZevRBZWsP/6tPfhX7jvWGBHbk0vlX0O0qHiI=
Subject key identifier:   C3:9C:39:CC:DE:51:18:14:D4:1F:CB:95:F0:D8:03:BB:D3:07:54:98
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       6550EB13F6F07166EDE9B2ABFA48B2F8474F237E
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32342d3234203d3e20383334.roa
Signing time:             Fri 26 Apr 2024 07:20:07 +0000
ROA not before:           Fri 26 Apr 2024 07:15:07 +0000
ROA not after:            Fri 25 Apr 2025 07:20:07 +0000
asID:                     834
IP address blocks:        5.180.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:50:eb:13:f6:f0:71:66:ed:e9:b2:ab:fa:48:b2:f8:47:4f:23:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr 26 07:15:07 2024 GMT
            Not After : Apr 25 07:20:07 2025 GMT
        Subject: CN=C39C39CCDE511814D41FCB95F0D803BBD3075498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:cd:50:5a:02:ad:69:ad:9a:6b:0b:de:9a:6d:
                    c6:c2:9f:39:c3:0e:b9:da:b9:c2:4a:be:6f:c6:38:
                    11:17:84:28:a7:50:52:aa:0b:7d:b3:1a:13:be:ea:
                    de:0a:e8:e3:0e:bc:e9:1c:c6:61:e4:ad:fb:49:ae:
                    58:b6:2e:f6:ae:88:c9:94:4f:e1:42:a5:10:8d:0b:
                    49:31:d9:94:00:2a:de:b0:28:f5:d3:37:0d:01:15:
                    ee:c2:32:d2:d9:90:b6:2d:3e:d2:76:79:9a:85:9d:
                    fc:f4:c1:a7:29:48:29:d9:e8:ba:f0:6b:db:2b:cf:
                    63:d1:9c:b2:64:a7:8e:0b:a3:cc:85:b3:33:4b:85:
                    7e:7b:37:d4:73:7d:2c:66:2d:96:68:ba:07:49:76:
                    51:8d:d3:47:58:21:18:a0:62:d5:57:84:14:c1:60:
                    45:d2:ee:4c:6f:a7:91:87:66:d3:03:b7:90:36:c8:
                    1c:9b:73:e2:2a:49:d4:6d:f8:7e:93:c8:e1:38:3b:
                    92:4e:cc:d7:f8:09:55:18:6f:dd:e8:ab:c9:8d:85:
                    42:dc:cb:3c:e2:1d:ed:4f:c1:26:e0:ab:6b:f5:75:
                    b6:84:fb:c3:4e:e6:d8:71:4d:e3:43:48:12:85:d2:
                    a5:34:31:cd:d6:0d:3c:64:53:3c:65:97:e9:5e:f6:
                    20:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:9C:39:CC:DE:51:18:14:D4:1F:CB:95:F0:D8:03:BB:D3:07:54:98
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3134382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:fb:df:42:69:75:5c:86:c6:23:f0:9e:42:4c:df:5d:35:ac:
         e3:98:a9:07:34:bb:d8:8a:7e:c2:84:dc:bf:3a:77:b0:bb:30:
         59:7a:60:58:0f:fa:26:78:82:6a:a8:82:37:53:1a:84:17:20:
         db:fd:40:46:49:60:c8:27:7a:9b:f2:19:c1:6c:03:d6:f0:d1:
         0c:b1:9c:c5:c8:d8:73:6c:ec:f6:24:3d:fa:2d:b8:8b:23:08:
         e8:e9:e9:cb:39:0b:b6:8f:22:77:3c:bd:77:a0:aa:0b:85:30:
         bd:bf:0c:e5:b7:fa:79:df:8c:ac:b1:d0:f2:c9:d5:9e:50:6b:
         b8:7f:fd:69:1f:c5:72:30:02:d8:40:50:1c:70:5c:12:4e:f0:
         7c:9b:72:17:c9:07:73:9e:42:1c:a9:65:74:52:3b:8a:7e:18:
         4a:20:3b:c6:a0:bd:7e:ff:08:9d:d6:87:10:5f:f7:47:a5:22:
         29:39:da:b0:04:7f:32:6b:b4:b4:52:e6:ed:6d:65:be:ef:89:
         5a:9b:9d:cf:0d:c1:31:3e:b2:f8:78:3c:a9:e1:63:39:c1:f1:
         81:6b:73:f9:7c:19:f1:95:28:83:d5:e0:c1:3d:29:e5:64:e5:
         ff:95:10:12:d9:53:23:3b:5f:91:e0:bc:f7:2c:8a:19:f2:57:
         21:a4:d3:5c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZVDrE/bwcWbt6bKr+kiy+EdPI34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA0MjYwNzE1MDdaFw0yNTA0MjUwNzIwMDdaMDMxMTAvBgNV
BAMTKEMzOUMzOUNDREU1MTE4MTRENDFGQ0I5NUYwRDgwM0JCRDMwNzU0OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzVBaAq1prZprC96abcbCnznD
DrnaucJKvm/GOBEXhCinUFKqC32zGhO+6t4K6OMOvOkcxmHkrftJrli2LvauiMmU
T+FCpRCNC0kx2ZQAKt6wKPXTNw0BFe7CMtLZkLYtPtJ2eZqFnfz0wacpSCnZ6Lrw
a9srz2PRnLJkp44Lo8yFszNLhX57N9RzfSxmLZZougdJdlGN00dYIRigYtVXhBTB
YEXS7kxvp5GHZtMDt5A2yBybc+IqSdRt+H6TyOE4O5JOzNf4CVUYb93oq8mNhULc
yzziHe1PwSbgq2v1dbaE+8NO5thxTeNDSBKF0qU0Mc3WDTxkUzxll+le9iCJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUw5w5zN5RGBTUH8uV8NgDu9MHVJgwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMDJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbSUMA0G
CSqGSIb3DQEBCwUAA4IBAQBn+99CaXVchsYj8J5CTN9dNazjmKkHNLvYin7ChNy/
OnewuzBZemBYD/omeIJqqII3UxqEFyDb/UBGSWDIJ3qb8hnBbAPW8NEMsZzFyNhz
bOz2JD36LbiLIwjo6enLOQu2jyJ3PL13oKoLhTC9vwzlt/p534yssdDyydWeUGu4
f/1pH8VyMALYQFAccFwSTvB8m3IXyQdznkIcqWV0UjuKfhhKIDvGoL1+/wid1ocQ
X/dHpSIpOdqwBH8ya7S0UubtbWW+74lam53PDcExPrL4eDyp4WM5wfGBa3P5fBnx
lSiD1eDBPSnlZOX/lRAS2VMjO1+R4Lz3LIoZ8lchpNNc
-----END CERTIFICATE-----