Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203531313637.roa
File:                     352e3138302e3135312e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          wYGPLxkMKbGTDJapJbu0PYl2kxQ+HMmG5mMaQXjeqG8=
Subject key identifier:   79:95:CC:05:8A:79:CD:41:26:DB:E7:89:C7:56:8B:21:76:EB:20:89
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       3C133BDDD70D44B29266262AF64A07452FBF9CDC
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 21 Jun 2024 08:03:59 +0000
ROA not before:           Fri 21 Jun 2024 07:58:59 +0000
ROA not after:            Fri 20 Jun 2025 08:03:59 +0000
asID:                     51167
IP address blocks:        5.180.151.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:13:3b:dd:d7:0d:44:b2:92:66:26:2a:f6:4a:07:45:2f:bf:9c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jun 21 07:58:59 2024 GMT
            Not After : Jun 20 08:03:59 2025 GMT
        Subject: CN=7995CC058A79CD4126DBE789C7568B2176EB2089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:49:39:6e:ff:6e:e3:e0:21:9b:54:ad:76:f6:
                    39:f8:52:40:61:14:a9:a5:97:02:c0:f9:f9:0f:89:
                    0a:d0:18:5f:ce:71:85:0f:00:77:83:c4:08:5c:7e:
                    e0:fa:68:87:8a:f1:55:43:ea:1a:ba:44:f2:44:ed:
                    28:3f:bf:3c:c4:94:55:75:ba:2a:4b:b6:de:0e:02:
                    e8:21:b1:8d:89:d2:66:39:a8:88:e2:52:b9:c9:8f:
                    c6:f8:c9:e2:48:a8:5f:b6:4a:52:e9:ea:74:dd:25:
                    fe:4d:34:5a:43:7c:9b:32:17:d6:ce:15:4a:2f:bf:
                    c1:0f:f4:50:a5:d6:16:dc:c1:38:b8:f7:70:fd:6d:
                    9b:e4:81:56:1d:c0:35:4a:a4:21:ce:ec:75:2e:d3:
                    ed:ce:e5:75:38:b0:c6:52:ad:37:0e:bf:f9:8c:4f:
                    3b:16:a4:21:d5:34:35:11:00:5d:56:b0:50:75:31:
                    e0:e4:5d:da:74:f5:32:48:aa:b8:d0:45:1f:56:3b:
                    94:ed:a6:9a:cf:65:84:65:5b:c4:71:dd:d9:4f:ba:
                    83:6e:d5:fb:9f:b8:b2:a9:59:e9:54:c2:a4:b6:57:
                    30:1d:51:1e:08:e1:e1:e5:23:19:19:08:79:5a:28:
                    3f:1b:b1:15:49:d6:b7:09:65:c7:7f:71:da:43:c7:
                    d0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:95:CC:05:8A:79:CD:41:26:DB:E7:89:C7:56:8B:21:76:EB:20:89
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138302e3135312e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:d9:f4:be:73:a3:ad:72:38:bf:d1:d2:5d:e6:4f:82:a4:36:
         85:ae:3f:b3:eb:93:87:48:8f:3a:6e:88:2c:b5:e3:a9:3b:2f:
         9c:8c:41:9b:87:7d:d0:3a:d6:aa:54:cb:a4:fd:96:c0:b0:ad:
         55:aa:24:50:9f:6f:c0:ab:dc:6f:56:fa:c9:ed:94:d2:a9:ab:
         e2:00:4e:1d:5c:25:78:06:21:59:f9:53:e6:c7:81:a7:9c:f6:
         b9:84:aa:29:ed:b4:b9:da:72:b2:66:85:be:4c:7d:14:e6:61:
         e8:7d:b8:92:59:69:05:94:ce:89:45:88:75:0c:09:d5:4a:31:
         b7:e7:93:67:ce:21:ad:fd:3a:ef:83:c3:ba:e9:41:eb:b7:34:
         cf:bd:9d:c1:57:56:91:b6:47:d5:1e:9b:b7:fe:6a:ce:3c:88:
         69:69:ed:e5:39:e3:21:93:27:f9:da:5d:6f:3e:bc:dd:12:8a:
         ea:0e:13:7d:76:88:75:66:94:50:d8:c6:d8:d0:44:f1:28:20:
         5b:c0:83:48:da:09:9d:2f:82:56:02:b1:a4:1c:0a:31:bc:91:
         ec:34:40:8c:19:cc:3d:fb:27:cd:39:16:f8:14:ca:d8:17:18:
         3f:d7:67:df:da:15:08:af:0b:ef:43:bd:cb:8d:ed:74:e4:bb:
         cf:69:79:9a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPBM73dcNRLKSZiYq9koHRS+/nNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA2MjEwNzU4NTlaFw0yNTA2MjAwODAzNTlaMDMxMTAvBgNV
BAMTKDc5OTVDQzA1OEE3OUNENDEyNkRCRTc4OUM3NTY4QjIxNzZFQjIwODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVSTlu/27j4CGbVK129jn4UkBh
FKmllwLA+fkPiQrQGF/OcYUPAHeDxAhcfuD6aIeK8VVD6hq6RPJE7Sg/vzzElFV1
uipLtt4OAughsY2J0mY5qIjiUrnJj8b4yeJIqF+2SlLp6nTdJf5NNFpDfJsyF9bO
FUovv8EP9FCl1hbcwTi493D9bZvkgVYdwDVKpCHO7HUu0+3O5XU4sMZSrTcOv/mM
TzsWpCHVNDURAF1WsFB1MeDkXdp09TJIqrjQRR9WO5TtpprPZYRlW8Rx3dlPuoNu
1fufuLKpWelUwqS2VzAdUR4I4eHlIxkZCHlaKD8bsRVJ1rcJZcd/cdpDx9AbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeZXMBYp5zUEm2+eJx1aLIXbrIIkwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMDJlMzEzNTMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW0
lzANBgkqhkiG9w0BAQsFAAOCAQEAItn0vnOjrXI4v9HSXeZPgqQ2ha4/s+uTh0iP
Om6ILLXjqTsvnIxBm4d90DrWqlTLpP2WwLCtVaokUJ9vwKvcb1b6ye2U0qmr4gBO
HVwleAYhWflT5seBp5z2uYSqKe20udpysmaFvkx9FOZh6H24kllpBZTOiUWIdQwJ
1Uoxt+eTZ84hrf0674PDuulB67c0z72dwVdWkbZH1R6bt/5qzjyIaWnt5TnjIZMn
+dpdbz683RKK6g4TfXaIdWaUUNjG2NBE8SggW8CDSNoJnS+CVgKxpBwKMbyR7DRA
jBnMPfsnzTkW+BTK2BcYP9dn39oVCK8L70O9y43tdOS7z2l5mg==
-----END CERTIFICATE-----