Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31382e302f32342d3234203d3e203437353833.roa
File:                     352e3138322e31382e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          fJ3LcPE6kk5z6DFME9Y6/huPXp7XbNlcvsC74VWvlYg=
Subject key identifier:   65:96:9A:D8:B8:E1:32:02:D6:7B:93:09:00:96:A1:DF:EE:00:03:A9
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       46074F948CBADAC8C23AE4AF9FB1F26CEEFA08B1
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31382e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:48 +0000
ROA not before:           Mon 26 Feb 2024 08:47:48 +0000
ROA not after:            Mon 24 Feb 2025 08:52:48 +0000
asID:                     47583
IP address blocks:        5.182.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:07:4f:94:8c:ba:da:c8:c2:3a:e4:af:9f:b1:f2:6c:ee:fa:08:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:48 2024 GMT
            Not After : Feb 24 08:52:48 2025 GMT
        Subject: CN=65969AD8B8E13202D67B93090096A1DFEE0003A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:3e:af:f4:40:a7:cb:9c:c8:57:e0:d5:6e:
                    4d:4c:4d:75:4e:d2:d3:56:e8:41:4d:34:ab:12:5a:
                    ec:3c:8d:3f:84:43:5c:56:37:36:cb:54:4c:7b:4e:
                    59:73:71:36:ff:83:7d:62:ef:58:ae:75:58:fe:44:
                    9a:9a:1b:36:47:68:78:ee:a4:84:31:8a:7c:5a:c2:
                    95:8f:80:87:01:2e:eb:dd:e2:77:eb:bc:34:d2:f3:
                    90:9f:80:51:03:da:de:bc:e2:94:4a:4a:1d:34:c9:
                    65:5c:23:54:d7:93:8a:aa:d2:85:52:36:e7:f2:77:
                    32:cf:28:9d:e0:79:e2:3a:55:e6:ca:7e:4a:61:f5:
                    fd:c8:95:08:51:91:bf:e0:96:c8:35:98:4f:85:b9:
                    81:56:3d:51:e3:d4:92:e4:14:4b:6e:56:35:ad:f2:
                    34:d8:97:aa:a0:db:f1:32:11:ec:45:80:6c:93:c7:
                    1b:67:d6:9c:5a:bb:e1:cb:4e:50:48:34:d5:ad:67:
                    6b:dd:fd:77:d4:8e:1e:a6:10:63:eb:96:ae:55:3c:
                    73:8b:90:f6:47:27:0f:f6:12:eb:06:72:cd:23:9a:
                    00:83:24:40:1a:7c:48:63:43:f4:44:ca:69:cb:d5:
                    86:5b:db:27:03:e3:7e:a2:00:a4:d0:89:e1:9b:61:
                    d8:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:96:9A:D8:B8:E1:32:02:D6:7B:93:09:00:96:A1:DF:EE:00:03:A9
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3138322e31382e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:1c:98:64:52:97:6f:2e:86:1d:aa:67:1e:34:2b:25:6c:6b:
         b5:34:df:00:a0:0f:3d:e8:d2:84:09:20:e3:25:36:20:38:07:
         f0:7c:87:5d:6c:c1:45:cd:0b:c2:6f:69:ed:b0:dd:c5:f6:b2:
         71:c5:96:76:f6:ef:6d:da:a9:9e:87:bf:a9:5e:6a:78:99:6d:
         6f:63:68:ec:f1:5f:82:6d:c3:29:cc:7e:d4:9b:93:f4:f5:12:
         4b:7e:9b:75:49:5b:b6:59:9e:28:34:83:a9:4e:44:27:32:7e:
         13:a4:75:35:e3:ff:f6:d5:11:48:f6:80:65:6e:ab:30:df:6f:
         29:84:80:25:a0:ab:b3:9f:08:c7:3d:2c:1a:1f:55:95:60:0c:
         3d:2f:75:69:a8:86:73:b6:c2:2a:f5:79:7c:57:0f:ea:3a:89:
         7b:c3:58:78:f1:23:a5:ce:7c:ae:2c:73:c7:9f:2a:b8:79:88:
         c7:80:24:da:6d:2b:04:44:57:86:aa:2f:db:ae:93:d9:e9:fa:
         28:83:dc:be:69:d9:db:0b:1c:87:d1:43:f7:49:29:6f:88:ca:
         dc:d9:f7:b7:c2:8d:26:6a:31:59:45:fa:8d:01:54:50:b1:57:
         28:5e:50:8f:6e:4e:33:84:0a:24:12:20:94:69:8d:25:b8:50:
         be:bf:00:52
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURgdPlIy62sjCOuSvn7HybO76CLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDhaFw0yNTAyMjQwODUyNDhaMDMxMTAvBgNV
BAMTKDY1OTY5QUQ4QjhFMTMyMDJENjdCOTMwOTAwOTZBMURGRUUwMDAzQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrZz6v9ECny5zIV+DVbk1MTXVO
0tNW6EFNNKsSWuw8jT+EQ1xWNzbLVEx7TllzcTb/g31i71iudVj+RJqaGzZHaHju
pIQxinxawpWPgIcBLuvd4nfrvDTS85CfgFED2t684pRKSh00yWVcI1TXk4qq0oVS
NufydzLPKJ3geeI6VebKfkph9f3IlQhRkb/glsg1mE+FuYFWPVHj1JLkFEtuVjWt
8jTYl6qg2/EyEexFgGyTxxtn1pxau+HLTlBINNWtZ2vd/XfUjh6mEGPrlq5VPHOL
kPZHJw/2EusGcs0jmgCDJEAafEhjQ/REymnL1YZb2ycD436iAKTQieGbYdiLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZZaa2LjhMgLWe5MJAJah3+4AA6kwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMxMzgzMjJlMzEzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFthIw
DQYJKoZIhvcNAQELBQADggEBAAMcmGRSl28uhh2qZx40KyVsa7U03wCgDz3o0oQJ
IOMlNiA4B/B8h11swUXNC8Jvae2w3cX2snHFlnb2723aqZ6Hv6leaniZbW9jaOzx
X4JtwynMftSbk/T1Ekt+m3VJW7ZZnig0g6lORCcyfhOkdTXj//bVEUj2gGVuqzDf
bymEgCWgq7OfCMc9LBofVZVgDD0vdWmohnO2wir1eXxXD+o6iXvDWHjxI6XOfK4s
c8efKrh5iMeAJNptKwREV4aqL9uuk9np+iiD3L5p2dsLHIfRQ/dJKW+IytzZ97fC
jSZqMVlF+o0BVFCxVyheUI9uTjOECiQSIJRpjSW4UL6/AFI=
-----END CERTIFICATE-----