Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203531313637.roa
File:                     352e3138302e3135312e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          vY0gk97Mwfj8TpG8wF/TVUMK2xMcJoKQapHnj/35QDo=
Subject key identifier:   E7:E0:77:1F:66:71:E9:DD:26:36:B1:EC:AF:92:8F:F7:AC:78:84:E1
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       40E370AEE5094B8695409DA913CDB9C30B8646DE
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 21 Jul 2023 07:19:05 +0000
ROA not before:           Fri 21 Jul 2023 07:14:05 +0000
ROA not after:            Fri 19 Jul 2024 07:19:05 +0000
asID:                     51167
IP address blocks:        5.180.151.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:e3:70:ae:e5:09:4b:86:95:40:9d:a9:13:cd:b9:c3:0b:86:46:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jul 21 07:14:05 2023 GMT
            Not After : Jul 19 07:19:05 2024 GMT
        Subject: CN=E7E0771F6671E9DD2636B1ECAF928FF7AC7884E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f2:a7:67:da:b6:8f:20:80:a0:ac:12:71:bf:
                    26:eb:b8:09:8b:d4:58:70:76:e7:4a:96:54:d9:bb:
                    1d:39:56:7e:f5:b8:24:c4:17:1f:45:f2:aa:8b:77:
                    7e:85:85:4e:7c:f4:ef:58:11:d8:54:9d:5a:d0:1a:
                    b8:0b:e6:73:10:91:db:2b:ac:65:67:0a:5e:41:35:
                    ce:f7:ef:a6:68:1d:e3:9b:7c:76:4f:40:5e:ff:4d:
                    cb:b9:dd:88:2d:4d:71:58:ec:f7:c1:91:bb:a0:c5:
                    48:17:7f:d6:1c:55:50:74:6f:4e:1a:35:4a:71:ed:
                    17:3c:0f:f7:65:1c:6a:18:d3:a6:8a:25:56:aa:c7:
                    e0:39:58:3d:29:d0:0b:93:15:53:00:e9:ac:6d:e0:
                    10:2a:83:0d:94:a4:c8:8e:65:b2:ce:29:66:75:f2:
                    5b:ed:cd:6a:61:5b:c1:b8:75:8c:03:25:8b:1e:ca:
                    be:db:27:87:a3:ac:34:5b:6c:59:6b:e6:54:74:58:
                    f0:82:43:17:ea:07:c4:5d:cd:b5:8c:f3:a9:ce:35:
                    2b:40:96:07:bd:fa:62:07:f8:02:d1:40:76:43:35:
                    9d:1c:79:e4:dc:95:02:37:9c:ac:a0:a4:dc:e9:0a:
                    c3:f0:3b:9f:5c:14:d4:da:93:c3:57:99:ce:2d:7f:
                    c3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E0:77:1F:66:71:E9:DD:26:36:B1:EC:AF:92:8F:F7:AC:78:84:E1
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:63:14:ed:28:1a:4b:1f:e3:c2:7f:9d:69:39:2b:ff:e4:fa:
         ea:72:3e:0e:01:35:24:7a:df:3c:7a:27:c4:b6:42:3a:cd:d6:
         c7:f0:2f:4c:e9:73:9d:f3:cf:1d:cb:12:82:eb:ee:d7:ad:be:
         9b:f3:c2:6a:40:28:10:86:9e:7a:9a:9e:3a:2e:bc:a1:78:b8:
         db:cd:be:8e:8e:40:6e:99:b9:2c:5d:ab:a6:ab:cd:39:67:82:
         da:4c:76:8e:d9:bf:73:52:0e:91:b1:2b:e2:b1:6f:91:4a:e1:
         d1:19:19:dc:13:cf:ea:c1:37:7e:c3:a1:8c:d5:52:19:cb:38:
         af:fc:9c:65:3f:28:f1:ba:aa:bf:51:05:2e:43:54:a0:00:43:
         91:b6:80:a2:4f:67:d0:3f:7a:2c:ed:7d:8e:ef:b4:2a:2f:d7:
         be:33:58:36:d9:e5:94:75:63:4f:79:84:0b:a0:46:c9:3e:d4:
         14:5d:b4:66:ac:4d:c4:e9:ef:33:62:4a:eb:25:10:ff:96:5c:
         9c:38:56:91:02:07:a0:c4:1f:0b:a3:fe:ee:25:b9:7b:3c:d7:
         2f:6a:61:06:b6:4f:38:81:6d:04:fa:03:64:b7:48:35:01:36:
         41:45:5f:ac:ce:63:d7:92:9c:c6:9f:e2:d4:61:b1:c6:1f:dc:
         e4:f9:e4:3a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQONwruUJS4aVQJ2pE825wwuGRt4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzA3MjEwNzE0MDVaFw0yNDA3MTkwNzE5MDVaMDMxMTAvBgNV
BAMTKEU3RTA3NzFGNjY3MUU5REQyNjM2QjFFQ0FGOTI4RkY3QUM3ODg0RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8qdn2raPIICgrBJxvybruAmL
1FhwdudKllTZux05Vn71uCTEFx9F8qqLd36FhU589O9YEdhUnVrQGrgL5nMQkdsr
rGVnCl5BNc7376ZoHeObfHZPQF7/Tcu53YgtTXFY7PfBkbugxUgXf9YcVVB0b04a
NUpx7Rc8D/dlHGoY06aKJVaqx+A5WD0p0AuTFVMA6axt4BAqgw2UpMiOZbLOKWZ1
8lvtzWphW8G4dYwDJYseyr7bJ4ejrDRbbFlr5lR0WPCCQxfqB8RdzbWM86nONStA
lge9+mIH+ALRQHZDNZ0ceeTclQI3nKygpNzpCsPwO59cFNTak8NXmc4tf8NJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5+B3H2Zx6d0mNrHsr5KP96x4hOEwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMDJlMzEzNTMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW0
lzANBgkqhkiG9w0BAQsFAAOCAQEACWMU7SgaSx/jwn+daTkr/+T66nI+DgE1JHrf
PHonxLZCOs3Wx/AvTOlznfPPHcsSguvu162+m/PCakAoEIaeepqeOi68oXi4282+
jo5Abpm5LF2rpqvNOWeC2kx2jtm/c1IOkbEr4rFvkUrh0RkZ3BPP6sE3fsOhjNVS
Gcs4r/ycZT8o8bqqv1EFLkNUoABDkbaAok9n0D96LO19ju+0Ki/XvjNYNtnllHVj
T3mEC6BGyT7UFF20ZqxNxOnvM2JK6yUQ/5ZcnDhWkQIHoMQfC6P+7iW5ezzXL2ph
BrZPOIFtBPoDZLdINQE2QUVfrM5j15Kcxp/i1GGxxh/c5PnkOg==
-----END CERTIFICATE-----