Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/352e3138332e382e302f32322d3234203d3e203437353833.roa
File:                     352e3138332e382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          HRMMg9G9F0BCxr8TS7qJhZTHjU+4QnHA5ExlxJvZgWQ=
Subject key identifier:   64:3C:DC:FA:71:C5:62:21:25:C8:83:06:B3:78:E1:62:0F:77:88:87
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2C61711969551E0F7B60EF78257FC13408C5A8A4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/352e3138332e382e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:01 +0000
ROA not before:           Mon 26 Feb 2024 08:48:01 +0000
ROA not after:            Mon 24 Feb 2025 08:53:01 +0000
asID:                     47583
IP address blocks:        5.183.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:61:71:19:69:55:1e:0f:7b:60:ef:78:25:7f:c1:34:08:c5:a8:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:01 2024 GMT
            Not After : Feb 24 08:53:01 2025 GMT
        Subject: CN=643CDCFA71C5622125C88306B378E1620F778887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:04:c3:e6:f8:9d:85:9f:76:c7:3f:d5:6d:ae:
                    31:3a:83:be:09:28:10:51:2b:73:99:59:48:c4:67:
                    24:a0:6c:c9:48:9d:c5:a8:aa:5a:79:9d:b2:32:e7:
                    06:cd:be:80:ee:36:68:92:e0:fa:87:57:e3:7a:a8:
                    fd:98:6d:f3:a2:16:29:96:b4:82:0a:f9:a5:14:ba:
                    dc:4c:cd:db:32:5a:09:f6:48:50:4c:d2:7c:cd:ad:
                    00:5d:30:5e:dc:d1:76:59:2b:ad:9a:25:56:5f:87:
                    4c:09:d2:38:5e:6d:f1:aa:db:c3:1c:b2:a2:5f:8a:
                    1a:51:2d:a3:61:45:60:bc:d3:47:9b:7a:ae:97:a2:
                    e1:f3:cc:22:75:ce:81:37:84:f1:fc:d3:dc:55:de:
                    8c:67:af:29:23:a3:ef:22:c6:64:dd:25:30:3e:30:
                    19:9b:63:14:aa:e9:bc:af:70:a7:2e:9a:2c:96:63:
                    cd:29:fe:d1:de:fb:78:3d:22:d6:bc:38:a6:e2:5c:
                    16:81:a2:35:7c:da:bc:60:61:a3:23:6c:34:1c:74:
                    0e:f9:6d:f4:b8:6f:10:f0:56:da:06:07:0b:67:15:
                    d5:44:80:76:32:a4:87:9a:63:87:2a:2a:e4:e8:ed:
                    38:72:92:36:21:00:02:e9:c9:d3:d5:41:68:e3:98:
                    84:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:3C:DC:FA:71:C5:62:21:25:C8:83:06:B3:78:E1:62:0F:77:88:87
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/352e3138332e382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:8d:90:a6:19:e7:e2:c9:61:ab:a4:e7:00:ab:74:7e:f5:a0:
         88:b0:ee:f3:b7:62:51:47:ff:bf:6d:f2:da:bc:08:50:b7:53:
         3b:82:9d:72:dc:ac:f7:c0:81:c9:18:8f:da:23:49:9f:db:82:
         89:0f:53:df:3c:75:f5:cb:16:93:de:fc:4f:52:f7:f6:52:f9:
         f9:77:df:3c:9a:c2:09:48:91:42:b8:55:0f:fb:45:f0:82:e2:
         20:16:49:4e:b5:c8:94:2d:b5:c0:67:7e:b8:54:06:bd:f0:57:
         f5:fb:6f:07:df:95:49:be:33:ee:3d:85:7a:ca:0f:57:ec:3b:
         e3:2c:8b:3c:ab:85:16:b1:e2:f8:33:e1:dc:6a:40:5d:df:26:
         67:88:27:67:c5:a5:a7:31:3e:3a:e9:9f:73:75:d0:9d:dc:09:
         09:23:14:2a:fd:2f:20:42:e9:e1:ad:35:3d:6f:3c:65:10:67:
         9e:2c:55:a3:d6:37:9e:97:0b:e5:66:a7:68:c4:80:ee:7f:67:
         9d:7e:b8:90:f4:d0:fd:1d:76:c6:f8:90:7f:4f:27:06:4f:82:
         06:88:06:27:5d:ed:91:62:3e:f8:df:ea:9c:62:21:cb:99:a5:
         e8:e2:06:9a:df:8e:54:f2:63:d9:72:11:a5:26:17:f0:34:a6:
         1d:a1:96:a9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULGFxGWlVHg97YO94JX/BNAjFqKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDFaFw0yNTAyMjQwODUzMDFaMDMxMTAvBgNV
BAMTKDY0M0NEQ0ZBNzFDNTYyMjEyNUM4ODMwNkIzNzhFMTYyMEY3Nzg4ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDBMPm+J2Fn3bHP9VtrjE6g74J
KBBRK3OZWUjEZySgbMlIncWoqlp5nbIy5wbNvoDuNmiS4PqHV+N6qP2YbfOiFimW
tIIK+aUUutxMzdsyWgn2SFBM0nzNrQBdMF7c0XZZK62aJVZfh0wJ0jhebfGq28Mc
sqJfihpRLaNhRWC800ebeq6XouHzzCJ1zoE3hPH809xV3oxnrykjo+8ixmTdJTA+
MBmbYxSq6byvcKcumiyWY80p/tHe+3g9Ita8OKbiXBaBojV82rxgYaMjbDQcdA75
bfS4bxDwVtoGBwtnFdVEgHYypIeaY4cqKuTo7ThykjYhAALpydPVQWjjmISHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUZDzc+nHFYiElyIMGs3jhYg93iIcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzUyZTMxMzgzMzJlMzgyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbcIMA0G
CSqGSIb3DQEBCwUAA4IBAQADjZCmGefiyWGrpOcAq3R+9aCIsO7zt2JRR/+/bfLa
vAhQt1M7gp1y3Kz3wIHJGI/aI0mf24KJD1PfPHX1yxaT3vxPUvf2Uvn5d988msIJ
SJFCuFUP+0XwguIgFklOtciULbXAZ364VAa98Ff1+28H35VJvjPuPYV6yg9X7Dvj
LIs8q4UWseL4M+HcakBd3yZniCdnxaWnMT466Z9zddCd3AkJIxQq/S8gQunhrTU9
bzxlEGeeLFWj1jeelwvlZqdoxIDuf2edfriQ9ND9HXbG+JB/TycGT4IGiAYnXe2R
Yj743+qcYiHLmaXo4gaa345U8mPZchGlJhfwNKYdoZap
-----END CERTIFICATE-----