Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135302e302f32342d3234203d3e203631333137.roa
File:                     352e3138302e3135302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          w3I0O2oJpCaxlUEWgqnwz/4CiPG9sJExf8usL9Zvslk=
Subject key identifier:   B0:EC:BC:CC:21:59:46:E1:30:91:22:EF:F8:8B:BC:A3:0A:64:B4:1D
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       44F4E0ACBED979A315B8F8E836A3D8CAA7AC8B47
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135302e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:49 +0000
ROA not before:           Mon 26 Feb 2024 08:47:49 +0000
ROA not after:            Mon 24 Feb 2025 08:52:49 +0000
asID:                     61317
IP address blocks:        5.180.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Apr 2024 17:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f4:e0:ac:be:d9:79:a3:15:b8:f8:e8:36:a3:d8:ca:a7:ac:8b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:49 2024 GMT
            Not After : Feb 24 08:52:49 2025 GMT
        Subject: CN=B0ECBCCC215946E1309122EFF88BBCA30A64B41D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e3:45:5f:15:23:95:39:a9:19:bf:41:f9:9b:
                    e2:c6:96:8e:22:58:ba:25:f6:a1:b7:0e:4e:c7:c7:
                    2b:70:48:cf:da:82:8e:e5:bd:12:94:2c:8c:cd:21:
                    8b:e0:be:a0:50:e2:e2:9a:be:5b:d8:da:e9:f5:fc:
                    6a:32:90:e9:d1:26:2f:c8:3c:ab:ba:3f:11:35:5a:
                    14:a5:09:08:ca:15:35:57:f1:77:b7:b2:18:ee:cd:
                    74:27:6c:d8:7d:88:b5:a5:2a:71:f0:47:b9:b6:44:
                    ca:a7:ad:91:17:0f:b3:a8:77:32:30:5c:a8:da:0d:
                    66:b0:a6:f5:21:33:45:ec:59:a1:cc:7e:d1:73:80:
                    33:42:98:94:c3:35:f2:b0:65:49:dc:4e:fb:53:f5:
                    87:55:cb:60:5d:d4:b8:75:33:8d:18:4c:6c:26:02:
                    b1:ec:49:a7:13:8b:54:89:17:ab:c4:ef:2d:07:39:
                    e7:11:da:a3:d4:07:26:a6:76:34:27:ea:e7:3a:7a:
                    e9:c5:4d:a8:60:9d:7e:50:19:e9:c9:f6:82:a9:37:
                    97:62:ff:e6:4a:4f:83:15:9c:49:05:4e:be:7f:8e:
                    df:bc:db:2a:ec:dd:50:81:31:6c:5a:32:a8:3b:d4:
                    c1:69:c3:af:74:8c:67:92:43:15:f6:16:8f:47:39:
                    6f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:EC:BC:CC:21:59:46:E1:30:91:22:EF:F8:8B:BC:A3:0A:64:B4:1D
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:33:d4:bf:9f:d6:4b:67:48:70:b4:8f:08:f3:7d:61:34:60:
         1c:dd:90:a9:1f:9c:3d:22:23:c3:c5:51:5f:a9:b3:96:94:14:
         37:06:21:8f:ab:fc:90:2d:8c:da:43:a7:69:90:a0:8e:3a:d9:
         72:1f:e6:ab:13:a0:26:f1:64:ae:d2:9d:3b:29:22:20:06:c9:
         58:2b:b0:06:4f:75:c2:87:07:4d:3f:a6:43:e9:83:40:5e:95:
         ca:9d:7c:b9:04:c7:0b:b6:ae:f7:0a:79:94:e8:26:b4:81:21:
         14:b6:75:80:3f:06:57:a5:55:e3:b4:02:d5:29:d7:f6:c8:30:
         85:39:ac:6d:6c:a5:65:a7:c1:61:48:3c:cb:18:20:33:00:cf:
         25:1b:0c:9d:e4:92:86:0a:b3:b0:d4:c8:5e:31:c3:69:66:0a:
         99:39:98:34:2b:1c:27:ee:0b:bd:3e:f4:3f:6f:52:09:4c:42:
         f8:fa:64:df:43:4f:6f:25:53:08:41:53:cf:7c:79:a6:6f:fa:
         3b:72:80:0e:41:63:cf:f7:89:b0:26:3f:55:95:8e:8b:7c:61:
         15:b7:3e:2a:78:38:d7:5a:45:38:53:86:bf:53:36:e6:f2:9c:
         be:7b:6f:4a:aa:90:6e:42:ac:a6:38:10:37:f4:eb:0b:7a:1c:
         a9:dd:77:16
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURPTgrL7ZeaMVuPjoNqPYyqesi0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDlaFw0yNTAyMjQwODUyNDlaMDMxMTAvBgNV
BAMTKEIwRUNCQ0NDMjE1OTQ2RTEzMDkxMjJFRkY4OEJCQ0EzMEE2NEI0MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf40VfFSOVOakZv0H5m+LGlo4i
WLol9qG3Dk7HxytwSM/ago7lvRKULIzNIYvgvqBQ4uKavlvY2un1/GoykOnRJi/I
PKu6PxE1WhSlCQjKFTVX8Xe3shjuzXQnbNh9iLWlKnHwR7m2RMqnrZEXD7OodzIw
XKjaDWawpvUhM0XsWaHMftFzgDNCmJTDNfKwZUncTvtT9YdVy2Bd1Lh1M40YTGwm
ArHsSacTi1SJF6vE7y0HOecR2qPUByamdjQn6uc6eunFTahgnX5QGenJ9oKpN5di
/+ZKT4MVnEkFTr5/jt+82yrs3VCBMWxaMqg71MFpw690jGeSQxX2Fo9HOW9vAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUsOy8zCFZRuEwkSLv+Iu8owpktB0wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMDJlMzEzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW0
ljANBgkqhkiG9w0BAQsFAAOCAQEALjPUv5/WS2dIcLSPCPN9YTRgHN2QqR+cPSIj
w8VRX6mzlpQUNwYhj6v8kC2M2kOnaZCgjjrZch/mqxOgJvFkrtKdOykiIAbJWCuw
Bk91wocHTT+mQ+mDQF6Vyp18uQTHC7au9wp5lOgmtIEhFLZ1gD8GV6VV47QC1SnX
9sgwhTmsbWylZafBYUg8yxggMwDPJRsMneSShgqzsNTIXjHDaWYKmTmYNCscJ+4L
vT70P29SCUxC+Ppk30NPbyVTCEFTz3x5pm/6O3KADkFjz/eJsCY/VZWOi3xhFbc+
Kng411pFOFOGv1M25vKcvntvSqqQbkKspjgQN/TrC3ocqd13Fg==
-----END CERTIFICATE-----