Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203430303231.roa
File:                     352e3138302e3135312e302f32342d3332203d3e203430303231.roa (raw, json)
Hash identifier:          N+3cimc0/cHCCYTezxviHey187mZofeF3XIObUehhLc=
Subject key identifier:   AA:AB:E9:20:D5:D2:A5:CD:35:7A:72:D4:B1:82:88:C0:33:EC:B7:6C
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       410CE92225F196FE74AD30909EC97C265F1FE78F
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203430303231.roa
Signing time:             Mon 26 Feb 2024 08:52:50 +0000
ROA not before:           Mon 26 Feb 2024 08:47:50 +0000
ROA not after:            Mon 24 Feb 2025 08:52:50 +0000
asID:                     40021
IP address blocks:        5.180.151.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:0c:e9:22:25:f1:96:fe:74:ad:30:90:9e:c9:7c:26:5f:1f:e7:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:50 2024 GMT
            Not After : Feb 24 08:52:50 2025 GMT
        Subject: CN=AAABE920D5D2A5CD357A72D4B18288C033ECB76C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b1:ef:c4:03:f3:99:d6:51:c5:d5:a6:c3:b0:
                    72:0e:34:f2:44:0a:5a:4e:92:bd:02:d3:be:45:e9:
                    7b:e6:7c:90:e7:18:2e:ac:40:38:fe:0c:01:77:f5:
                    48:0b:68:a6:a3:3e:f6:e1:cf:e0:6a:8d:77:be:98:
                    1a:87:63:2e:9b:8a:12:56:b7:09:e8:1c:f6:38:db:
                    2a:97:b6:7f:44:8d:52:eb:2e:df:90:ee:cd:f0:6c:
                    34:b3:43:67:7f:8d:c8:ee:d5:35:f5:d6:5b:5e:67:
                    97:d0:9e:7b:0f:89:12:15:08:cb:10:b4:af:ed:fb:
                    42:b5:32:bd:fe:93:a9:cf:dc:58:1a:bb:8f:76:44:
                    4d:2d:3b:5b:77:81:8b:f9:4a:69:58:bf:ef:6b:c5:
                    c2:d1:46:bd:2e:54:fc:ff:37:8a:47:c5:b7:f1:cb:
                    53:89:f5:72:ea:2f:a0:42:cc:5f:25:14:bd:6b:01:
                    ab:74:2f:bc:73:1d:c7:21:4d:f1:78:33:bd:9e:3e:
                    07:ab:df:b0:bd:e8:1d:4b:bc:1a:24:cd:af:04:d8:
                    9b:4e:3a:fc:81:2c:bc:28:78:9c:87:6f:e5:6f:b5:
                    6a:a9:49:39:07:4d:f9:fc:61:7a:ab:3c:37:4f:03:
                    de:56:30:1d:e8:ae:6d:a8:79:8e:ef:49:da:56:64:
                    b4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:AB:E9:20:D5:D2:A5:CD:35:7A:72:D4:B1:82:88:C0:33:EC:B7:6C
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:fb:4d:b8:fc:9c:55:ff:71:8b:19:80:43:3d:70:75:20:d9:
         42:75:7f:eb:34:32:7f:76:01:92:b5:a6:f2:13:9f:c4:31:57:
         93:cf:a7:0d:8d:09:9b:88:32:86:50:0f:61:cb:5d:52:a5:a9:
         d0:11:b0:3b:c7:d5:2b:a0:3d:c7:46:81:fd:e1:3f:6c:3c:df:
         74:b8:46:7a:a7:8a:70:e9:7e:be:2c:85:35:8b:86:70:6e:95:
         9f:91:0e:de:c9:3b:90:68:46:84:06:35:b6:bf:53:08:20:00:
         e5:08:2b:d3:f6:03:b6:3c:83:f3:32:5b:d0:8c:00:e2:9f:2e:
         15:7c:89:80:67:f4:b8:72:52:7f:98:79:e8:32:c2:f9:17:8c:
         7e:98:1b:46:16:c3:21:30:0b:27:95:30:19:dc:b2:c5:03:36:
         33:c4:2d:75:43:54:53:97:c3:80:6b:5c:96:ba:dc:4a:ee:fd:
         65:8f:75:a1:3b:e3:51:1a:d8:5f:91:ca:83:d3:e2:a0:6b:47:
         93:31:8f:6a:a3:0c:7c:d8:1a:1d:d3:ca:de:aa:7a:5c:bf:80:
         50:fd:8f:a1:f6:2a:b0:6e:6b:34:68:08:1f:d7:c6:b6:db:78:
         f5:f0:bf:51:01:3a:05:48:ea:ce:e9:07:21:e3:c6:ae:bc:62:
         ac:b1:6d:a6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQQzpIiXxlv50rTCQnsl8Jl8f548wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTBaFw0yNTAyMjQwODUyNTBaMDMxMTAvBgNV
BAMTKEFBQUJFOTIwRDVEMkE1Q0QzNTdBNzJENEIxODI4OEMwMzNFQ0I3NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDse/EA/OZ1lHF1abDsHIONPJE
ClpOkr0C075F6XvmfJDnGC6sQDj+DAF39UgLaKajPvbhz+BqjXe+mBqHYy6bihJW
twnoHPY42yqXtn9EjVLrLt+Q7s3wbDSzQ2d/jcju1TX11lteZ5fQnnsPiRIVCMsQ
tK/t+0K1Mr3+k6nP3Fgau492RE0tO1t3gYv5SmlYv+9rxcLRRr0uVPz/N4pHxbfx
y1OJ9XLqL6BCzF8lFL1rAat0L7xzHcchTfF4M72ePger37C96B1LvBokza8E2JtO
OvyBLLwoeJyHb+VvtWqpSTkHTfn8YXqrPDdPA95WMB3orm2oeY7vSdpWZLTZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqqvpINXSpc01enLUsYKIwDPst2wwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMDJlMzEzNTMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW0
lzANBgkqhkiG9w0BAQsFAAOCAQEAOvtNuPycVf9xixmAQz1wdSDZQnV/6zQyf3YB
krWm8hOfxDFXk8+nDY0Jm4gyhlAPYctdUqWp0BGwO8fVK6A9x0aB/eE/bDzfdLhG
eqeKcOl+viyFNYuGcG6Vn5EO3sk7kGhGhAY1tr9TCCAA5Qgr0/YDtjyD8zJb0IwA
4p8uFXyJgGf0uHJSf5h56DLC+ReMfpgbRhbDITALJ5UwGdyyxQM2M8QtdUNUU5fD
gGtclrrcSu79ZY91oTvjURrYX5HKg9PioGtHkzGPaqMMfNgaHdPK3qp6XL+AUP2P
ofYqsG5rNGgIH9fGttt49fC/UQE6BUjqzukHIePGrrxirLFtpg==
-----END CERTIFICATE-----