Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31362e302f32342d3234203d3e20313336373837.roa
File:                     352e3138322e31362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          N59ullllOqVGVg1I0pBzxWp8BAXYHZ785/Ps+606uf4=
Subject key identifier:   D0:00:DE:75:49:F0:37:DF:F2:C9:1C:6B:74:27:6B:EC:C7:37:25:35
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       06F2A29D4A8703C2E099E569F7609F70E5AF6766
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31362e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:53 +0000
ROA not before:           Mon 26 Feb 2024 08:47:53 +0000
ROA not after:            Mon 24 Feb 2025 08:52:53 +0000
asID:                     136787
IP address blocks:        5.182.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f2:a2:9d:4a:87:03:c2:e0:99:e5:69:f7:60:9f:70:e5:af:67:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:53 2024 GMT
            Not After : Feb 24 08:52:53 2025 GMT
        Subject: CN=D000DE7549F037DFF2C91C6B74276BECC7372535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f9:99:ef:6b:9d:80:cb:38:58:91:af:20:08:
                    19:91:82:85:e2:e8:2d:ca:98:65:aa:ff:f9:b0:6f:
                    75:c1:4b:6c:5f:dd:6a:28:d8:df:a1:af:1f:41:26:
                    77:7d:60:07:74:a7:8e:96:02:56:9e:93:e7:75:03:
                    8c:37:a5:f4:88:e0:a6:38:3a:bc:31:d2:b7:9b:38:
                    53:6a:f2:a7:29:82:bf:20:b9:85:b9:a3:50:fe:eb:
                    c7:5e:19:3f:60:80:92:c3:a2:0c:c9:8c:16:35:3b:
                    7c:cf:00:33:ef:3b:8a:84:85:22:df:1f:1a:fc:f4:
                    54:f3:50:de:5f:f9:fd:83:8b:be:1c:60:ec:ef:5e:
                    62:b1:6f:51:69:c2:3b:af:10:2a:af:4f:32:70:8f:
                    46:80:72:38:98:24:4a:f2:9d:83:d6:ca:cc:ee:b1:
                    37:19:e3:db:4d:bb:05:5f:0d:91:f2:a1:cc:b9:3f:
                    d2:05:39:bf:01:69:1a:52:bf:73:56:cb:eb:ed:bd:
                    bd:d4:8a:19:f8:80:4e:f6:83:34:c9:70:5e:4a:9f:
                    11:c3:e4:d4:77:d4:ce:46:ce:13:8f:ef:bd:6b:4d:
                    2e:39:2f:4b:c7:71:19:9e:f2:fa:68:3b:5a:db:b5:
                    13:db:4c:d4:42:a3:83:23:e2:3d:12:24:67:f5:be:
                    f8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:00:DE:75:49:F0:37:DF:F2:C9:1C:6B:74:27:6B:EC:C7:37:25:35
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:aa:63:b6:7a:91:f9:88:b1:a0:a8:d7:c6:fa:3a:bd:fc:25:
         89:a4:07:96:21:f4:19:d0:41:14:ea:02:57:bb:83:c0:2d:d3:
         cb:a0:77:8c:3f:8d:00:cc:2e:aa:ed:f8:32:81:0d:f4:85:29:
         88:9e:18:7b:2d:43:fd:25:83:95:43:35:90:00:5f:8c:fa:28:
         fa:a2:75:7a:d0:86:f3:af:63:65:64:d0:81:77:2b:e6:28:b7:
         25:72:ef:db:43:a0:07:c2:b9:e8:ff:af:be:09:99:c6:02:8e:
         85:37:db:57:0b:36:a7:b0:40:eb:82:49:1a:d3:0f:a0:72:fa:
         0b:d2:aa:13:9f:ab:b9:2a:b4:f3:6e:72:44:e7:79:89:f6:0f:
         3c:1b:34:82:84:88:1b:e4:0d:9f:d2:3d:a2:96:48:ab:3d:0b:
         27:e3:64:33:8c:3c:9f:32:cb:19:fd:c4:05:6a:a1:a7:f2:7f:
         b0:9f:bb:0c:d9:ed:a0:6b:aa:8e:ec:58:3f:e0:6d:70:d3:2e:
         45:7e:f2:b8:74:1a:0b:40:4c:f8:d0:99:b1:e9:21:6c:7f:84:
         24:1a:fa:db:b9:70:7b:22:a3:8f:be:b0:40:ac:56:0e:d4:42:
         3e:6b:89:6e:35:9d:e9:41:c3:c5:b3:34:c2:79:da:60:8b:ae:
         6b:00:f7:c0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBvKinUqHA8LgmeVp92CfcOWvZ2YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTNaFw0yNTAyMjQwODUyNTNaMDMxMTAvBgNV
BAMTKEQwMDBERTc1NDlGMDM3REZGMkM5MUM2Qjc0Mjc2QkVDQzczNzI1MzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo+Znva52AyzhYka8gCBmRgoXi
6C3KmGWq//mwb3XBS2xf3Woo2N+hrx9BJnd9YAd0p46WAlaek+d1A4w3pfSI4KY4
Orwx0rebOFNq8qcpgr8guYW5o1D+68deGT9ggJLDogzJjBY1O3zPADPvO4qEhSLf
Hxr89FTzUN5f+f2Di74cYOzvXmKxb1FpwjuvECqvTzJwj0aAcjiYJErynYPWyszu
sTcZ49tNuwVfDZHyocy5P9IFOb8BaRpSv3NWy+vtvb3Uihn4gE72gzTJcF5KnxHD
5NR31M5GzhOP771rTS45L0vHcRme8vpoO1rbtRPbTNRCo4Mj4j0SJGf1vvhVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0ADedUnwN9/yyRxrdCdr7Mc3JTUwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMjJlMzEzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW2
EDANBgkqhkiG9w0BAQsFAAOCAQEAe6pjtnqR+YixoKjXxvo6vfwliaQHliH0GdBB
FOoCV7uDwC3Ty6B3jD+NAMwuqu34MoEN9IUpiJ4Yey1D/SWDlUM1kABfjPoo+qJ1
etCG869jZWTQgXcr5ii3JXLv20OgB8K56P+vvgmZxgKOhTfbVws2p7BA64JJGtMP
oHL6C9KqE5+ruSq0825yROd5ifYPPBs0goSIG+QNn9I9opZIqz0LJ+NkM4w8nzLL
Gf3EBWqhp/J/sJ+7DNntoGuqjuxYP+BtcNMuRX7yuHQaC0BM+NCZsekhbH+EJBr6
27lweyKjj76wQKxWDtRCPmuJbjWd6UHDxbM0wnnaYIuuawD3wA==
-----END CERTIFICATE-----