Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31372e302f32342d3332203d3e203531313637.roa
File:                     352e3138322e31372e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          sUw2Kf8Y4kQMGh5ypyPmmxewwoWc2z/JV86kTZo1ja4=
Subject key identifier:   06:B5:99:88:04:1E:D7:11:B8:85:9F:BD:71:3F:57:EB:88:2F:92:BA
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       3799F0D6E56475017854B2B5D48651D5C498EB77
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31372e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:53 +0000
ROA not before:           Mon 26 Feb 2024 08:47:53 +0000
ROA not after:            Mon 24 Feb 2025 08:52:53 +0000
asID:                     51167
IP address blocks:        5.182.17.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:99:f0:d6:e5:64:75:01:78:54:b2:b5:d4:86:51:d5:c4:98:eb:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:53 2024 GMT
            Not After : Feb 24 08:52:53 2025 GMT
        Subject: CN=06B59988041ED711B8859FBD713F57EB882F92BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ba:16:ac:be:2e:67:c1:1c:9e:a9:c5:1e:6f:
                    2c:2c:17:b7:ae:ad:c0:5d:d7:a3:33:02:b6:ec:e2:
                    15:73:c4:9f:2a:92:6e:15:f2:bd:7a:a7:f9:ce:57:
                    c9:bb:61:e3:23:5a:34:1a:3f:15:f1:7d:f0:c9:af:
                    9c:6f:e4:e7:dc:23:ab:2c:36:c1:12:9c:b5:5c:c9:
                    43:7f:a1:e1:45:bc:fd:1d:fe:d7:0d:d8:7f:5f:72:
                    1e:9f:95:a0:fd:1e:12:7a:ee:1c:d1:74:f4:a0:d6:
                    4c:eb:e0:11:01:9a:59:31:03:3a:60:fe:5d:77:24:
                    52:20:62:ed:b0:5f:a7:e7:2e:d4:72:4b:fa:70:e6:
                    6f:20:5b:9a:ec:ad:06:d5:bd:a3:ba:23:be:19:2c:
                    ef:51:32:81:3e:06:9e:00:4e:ff:e1:52:69:c0:c0:
                    34:37:5f:a0:e7:f2:29:48:62:4c:7f:27:30:f2:26:
                    97:4a:0e:03:1a:10:e3:b6:a9:6c:fa:9b:bf:10:ef:
                    73:f7:f4:26:f9:65:03:7c:0c:14:27:98:0c:06:b6:
                    cf:2f:60:39:7d:dc:e2:4a:bc:14:c6:f1:ca:eb:62:
                    e3:f8:2e:37:9b:00:dd:0a:88:39:aa:15:d6:f4:2d:
                    72:1a:c6:d7:b9:7d:79:73:3e:0e:18:aa:c4:7e:4d:
                    15:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B5:99:88:04:1E:D7:11:B8:85:9F:BD:71:3F:57:EB:88:2F:92:BA
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31372e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c0:1c:45:ef:29:9f:ba:fb:5f:ee:0c:75:8b:35:11:bf:c0:
         f7:42:ff:3e:8d:c2:76:91:26:40:6f:5d:e7:58:d9:f9:14:69:
         36:6d:b7:e2:19:51:b7:ce:ac:1a:eb:f3:a8:0b:a3:21:5c:66:
         14:dc:f8:e0:36:e3:13:64:ca:08:e2:e5:a1:a9:3a:17:ae:b5:
         73:1e:2e:65:16:f5:5b:19:25:5b:17:af:dd:67:ef:49:2d:3c:
         8c:a1:56:6e:6a:ea:2c:ba:96:34:2a:81:dd:83:6a:2a:83:12:
         23:e4:57:7f:ae:8e:97:ce:a3:44:7d:cb:5b:26:e2:d9:ca:a3:
         dc:bb:a2:c8:4f:67:71:1d:d3:cc:2a:60:80:44:b0:4d:5e:97:
         e5:62:9d:b3:94:3c:aa:57:36:09:1e:2f:c3:c6:aa:0d:96:b2:
         96:c4:8d:f4:19:70:20:97:7d:99:6c:84:31:3a:27:9c:3c:6b:
         84:c3:14:d2:0f:e4:2c:24:8c:42:3e:55:c1:51:10:b9:94:dc:
         c3:ea:9b:ea:5e:99:33:bd:be:04:38:40:d5:75:e8:86:1b:02:
         cf:98:1c:91:06:2d:39:75:5b:a9:d7:bc:28:20:96:37:0c:3e:
         f4:f3:3b:34:f2:b4:61:d0:0b:a6:53:37:da:92:96:db:f6:ef:
         3e:c0:3b:e6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUN5nw1uVkdQF4VLK11IZR1cSY63cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTNaFw0yNTAyMjQwODUyNTNaMDMxMTAvBgNV
BAMTKDA2QjU5OTg4MDQxRUQ3MTFCODg1OUZCRDcxM0Y1N0VCODgyRjkyQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChuhasvi5nwRyeqcUebywsF7eu
rcBd16MzArbs4hVzxJ8qkm4V8r16p/nOV8m7YeMjWjQaPxXxffDJr5xv5OfcI6ss
NsESnLVcyUN/oeFFvP0d/tcN2H9fch6flaD9HhJ67hzRdPSg1kzr4BEBmlkxAzpg
/l13JFIgYu2wX6fnLtRyS/pw5m8gW5rsrQbVvaO6I74ZLO9RMoE+Bp4ATv/hUmnA
wDQ3X6Dn8ilIYkx/JzDyJpdKDgMaEOO2qWz6m78Q73P39Cb5ZQN8DBQnmAwGts8v
YDl93OJKvBTG8crrYuP4LjebAN0KiDmqFdb0LXIaxte5fXlzPg4YqsR+TRV7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBrWZiAQe1xG4hZ+9cT9X64gvkrowHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMjJlMzEzNzJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFthEw
DQYJKoZIhvcNAQELBQADggEBADTAHEXvKZ+6+1/uDHWLNRG/wPdC/z6NwnaRJkBv
XedY2fkUaTZtt+IZUbfOrBrr86gLoyFcZhTc+OA24xNkygji5aGpOheutXMeLmUW
9VsZJVsXr91n70ktPIyhVm5q6iy6ljQqgd2DaiqDEiPkV3+ujpfOo0R9y1sm4tnK
o9y7oshPZ3Ed08wqYIBEsE1el+VinbOUPKpXNgkeL8PGqg2WspbEjfQZcCCXfZls
hDE6J5w8a4TDFNIP5CwkjEI+VcFRELmU3MPqm+pemTO9vgQ4QNV16IYbAs+YHJEG
LTl1W6nXvCggljcMPvTzOzTytGHQC6ZTN9qSltv27z7AO+Y=
-----END CERTIFICATE-----