Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36302e302f32342d3234203d3e203437353833.roa
File:                     352e3138302e36302e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          IS9E8dQDDFWBVIwsRsmVAxHMe/2jSn7O0wgXQfQf9U4=
Subject key identifier:   32:71:B5:57:B3:0F:06:E0:5F:38:B0:E4:37:26:4C:60:4E:FF:D1:B6
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       100450D67FA4971B1710991349E222268B1248BB
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36302e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:44:47 +0000
ROA not before:           Mon 27 Jan 2025 09:39:47 +0000
ROA not after:            Mon 26 Jan 2026 09:44:47 +0000
asID:                     47583
IP address blocks:        5.180.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:04:50:d6:7f:a4:97:1b:17:10:99:13:49:e2:22:26:8b:12:48:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:47 2025 GMT
            Not After : Jan 26 09:44:47 2026 GMT
        Subject: CN=3271B557B30F06E05F38B0E437264C604EFFD1B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:80:29:fc:c6:02:c4:76:18:9f:a9:6f:ea:38:
                    0b:3e:0a:53:27:06:80:a8:64:16:cb:bf:fd:2d:06:
                    d9:de:be:70:ef:12:cf:69:e4:3d:65:ff:f7:c5:99:
                    39:5d:62:e3:9e:b7:05:eb:2d:bd:06:6e:ad:64:11:
                    39:39:f6:12:f5:e3:4e:92:60:05:a9:79:35:a7:91:
                    f7:31:c9:fa:60:3b:a3:c7:8f:83:66:7a:23:92:7e:
                    cd:63:84:34:5e:a8:48:c9:35:b2:36:5e:e1:ee:39:
                    a5:c0:86:16:96:09:58:10:bd:3e:b3:1b:6c:b6:2d:
                    ed:4e:31:31:fa:ad:52:eb:3b:cc:b3:0a:4d:fa:e0:
                    5e:01:6a:a7:8c:67:ce:39:2c:13:78:9c:cb:f9:2c:
                    b0:ab:d8:06:be:2b:6f:2b:22:28:64:45:e9:ea:e5:
                    94:71:d6:1c:bd:1c:c6:b3:6d:9b:45:c6:79:92:ef:
                    ad:fa:d2:b5:0a:34:34:ff:d8:63:6d:ba:06:cd:90:
                    79:2a:85:d2:d7:75:a5:0f:0f:70:08:65:b6:18:0e:
                    69:85:8e:69:6c:62:03:40:93:2a:54:41:a0:a3:21:
                    ba:a0:fe:33:8e:0f:f5:cc:e2:cd:2f:6c:b9:5d:b4:
                    a4:00:11:f6:17:26:27:79:98:a5:5c:39:22:5a:e4:
                    80:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:71:B5:57:B3:0F:06:E0:5F:38:B0:E4:37:26:4C:60:4E:FF:D1:B6
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36302e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:80:67:1a:e9:50:14:5d:58:b1:c4:89:69:ed:73:31:78:2d:
         f8:31:3a:a5:f2:b4:fa:ec:96:1a:04:c9:e7:ed:6f:28:9e:f8:
         09:58:0b:45:f2:c7:89:2e:b6:96:50:df:44:34:e3:59:28:9d:
         ef:4b:d8:9c:58:dd:37:87:d4:d8:84:3d:14:b6:b9:45:6a:ae:
         fc:fc:83:5b:bd:72:03:5e:3f:d9:72:6f:4d:27:93:2f:11:41:
         6c:d4:36:f1:08:b9:26:66:79:92:77:67:85:ed:c6:c5:a5:03:
         51:9b:ed:0f:16:b5:1f:5a:fe:23:bc:38:59:83:b6:c2:47:75:
         4c:cc:ee:dc:50:f5:36:17:11:d2:71:73:df:25:0e:b0:48:4b:
         c4:01:ea:a2:21:cb:87:dc:9b:cc:83:d9:22:f5:3d:45:43:f4:
         b7:b9:f7:91:e1:12:11:d7:0c:d1:09:24:cc:ac:d0:8a:5c:03:
         87:19:b3:92:dd:f0:5c:a5:ab:58:0f:01:2e:4c:6e:ff:5a:ac:
         26:40:51:11:e3:db:2c:c7:51:b1:b0:7d:94:17:dc:5d:2f:d9:
         d5:1f:23:36:0e:6e:85:0c:a3:87:dd:9b:d7:b7:72:d6:ea:06:
         3b:f8:73:ed:49:6a:cb:c3:8e:66:cd:46:5e:79:8b:e3:db:a0:
         13:2e:7e:42
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUEARQ1n+klxsXEJkTSeIiJosSSLswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDdaFw0yNjAxMjYwOTQ0NDdaMDMxMTAvBgNV
BAMTKDMyNzFCNTU3QjMwRjA2RTA1RjM4QjBFNDM3MjY0QzYwNEVGRkQxQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSgCn8xgLEdhifqW/qOAs+ClMn
BoCoZBbLv/0tBtnevnDvEs9p5D1l//fFmTldYuOetwXrLb0Gbq1kETk59hL1406S
YAWpeTWnkfcxyfpgO6PHj4NmeiOSfs1jhDReqEjJNbI2XuHuOaXAhhaWCVgQvT6z
G2y2Le1OMTH6rVLrO8yzCk364F4BaqeMZ845LBN4nMv5LLCr2Aa+K28rIihkRenq
5ZRx1hy9HMazbZtFxnmS76360rUKNDT/2GNtugbNkHkqhdLXdaUPD3AIZbYYDmmF
jmlsYgNAkypUQaCjIbqg/jOOD/XM4s0vbLldtKQAEfYXJid5mKVcOSJa5IBJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMnG1V7MPBuBfOLDkNyZMYE7/0bYwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMDJlMzYzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFtDww
DQYJKoZIhvcNAQELBQADggEBAK6AZxrpUBRdWLHEiWntczF4LfgxOqXytPrslhoE
yeftbyie+AlYC0Xyx4kutpZQ30Q041kone9L2JxY3TeH1NiEPRS2uUVqrvz8g1u9
cgNeP9lyb00nky8RQWzUNvEIuSZmeZJ3Z4XtxsWlA1Gb7Q8WtR9a/iO8OFmDtsJH
dUzM7txQ9TYXEdJxc98lDrBIS8QB6qIhy4fcm8yD2SL1PUVD9Le595HhEhHXDNEJ
JMys0IpcA4cZs5Ld8Fylq1gPAS5Mbv9arCZAURHj2yzHUbGwfZQX3F0v2dUfIzYO
boUMo4fdm9e3ctbqBjv4c+1JasvDjmbNRl55i+PboBMufkI=
-----END CERTIFICATE-----