Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36302e302f32342d3234203d3e203437353833.roa
File:                     352e3138302e36302e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          1YvlAR89clva8auaAnGY9noc3vTJizOYT79jcx2FuEA=
Subject key identifier:   6C:75:0D:1D:18:4B:67:D7:95:C7:D8:2B:07:F6:E2:2E:38:4B:23:C9
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       04C59DDF854FEFFD366143D435C6C00B471A5018
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36302e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:45 +0000
ROA not before:           Mon 26 Feb 2024 08:47:45 +0000
ROA not after:            Mon 24 Feb 2025 08:52:45 +0000
asID:                     47583
IP address blocks:        5.180.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c5:9d:df:85:4f:ef:fd:36:61:43:d4:35:c6:c0:0b:47:1a:50:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:45 2024 GMT
            Not After : Feb 24 08:52:45 2025 GMT
        Subject: CN=6C750D1D184B67D795C7D82B07F6E22E384B23C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:86:9f:20:fd:1f:9d:85:b9:35:cd:74:0a:82:
                    25:44:97:f7:9e:ba:c4:b2:02:c2:72:d3:8c:90:b8:
                    9e:ad:36:59:c5:82:6a:b1:ab:fa:93:6c:0c:43:d0:
                    59:69:29:85:b7:8c:be:ac:bf:4d:77:86:5b:ff:95:
                    1d:62:e0:7b:36:6e:3a:41:98:3a:cf:b9:41:7d:fd:
                    0b:08:07:25:7f:ec:fa:73:07:df:b5:5b:6f:69:e9:
                    b1:83:b9:b6:be:b5:ab:1a:ac:38:8c:f7:73:2a:01:
                    e4:dd:46:eb:9d:1a:09:2f:31:12:70:19:af:f0:24:
                    75:38:a0:5b:1f:02:62:e1:fb:25:a2:c6:de:a2:28:
                    0f:54:57:32:f5:f2:62:9f:51:f6:05:80:1e:d3:dc:
                    82:2f:f0:7f:54:5a:0a:3e:d9:41:55:13:67:45:9d:
                    88:e8:e3:c6:1e:be:9b:44:1e:56:3e:3b:b0:39:f2:
                    80:6d:19:a3:d4:05:95:ce:0d:49:84:e4:74:3d:d2:
                    2f:68:d1:b1:e7:d3:df:25:ec:33:77:65:6c:9d:aa:
                    4a:a2:eb:11:a5:09:f0:02:0b:a1:4b:48:6f:be:93:
                    7b:0d:8a:97:cb:5a:3c:a8:77:75:5d:6d:12:02:01:
                    47:a6:5b:bd:d5:96:f0:78:8c:a7:c7:25:d6:28:ff:
                    16:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:75:0D:1D:18:4B:67:D7:95:C7:D8:2B:07:F6:E2:2E:38:4B:23:C9
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36302e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:99:b8:d9:22:75:e6:25:e8:d4:8c:62:54:11:7e:b7:ba:57:
         1a:3d:91:d7:02:e0:49:60:81:ea:45:b5:77:06:1b:77:81:75:
         86:9e:e5:32:75:9c:57:b2:08:db:3a:8c:f8:8a:33:3c:c8:5b:
         73:0f:46:fe:93:7c:90:9d:22:08:ab:38:9b:27:72:29:71:a8:
         e2:ab:a7:ca:08:bf:a8:68:57:4e:88:37:7a:c0:88:09:9c:11:
         f6:3a:85:b2:5a:b3:ef:af:56:2c:71:1f:ce:f1:02:a8:e8:de:
         f8:4f:05:6a:f1:4d:85:5f:3d:41:3f:8a:29:9a:ac:90:40:d5:
         c8:0a:89:4a:35:ea:b7:2d:b6:5c:bb:25:f0:12:fc:70:68:b1:
         b9:ca:d8:a8:2d:8c:5e:12:f1:a2:e2:a6:5a:50:a0:59:c0:15:
         53:2f:5b:89:5d:9c:aa:d2:ae:3a:90:ea:e1:a1:2a:b1:83:fc:
         7a:f2:25:3b:19:92:21:8a:ea:65:9a:a1:f0:a4:fe:f7:64:28:
         8b:51:f7:5c:52:0f:b5:33:5f:af:7a:63:ce:c2:92:5a:42:ce:
         8d:cd:d1:f9:59:fd:fe:fb:eb:27:9f:76:53:2f:17:e6:1f:7e:
         85:a7:c4:d3:c4:96:2d:1a:41:4e:66:c1:84:70:bb:42:59:29:
         01:5f:73:a3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBMWd34VP7/02YUPUNcbAC0caUBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDVaFw0yNTAyMjQwODUyNDVaMDMxMTAvBgNV
BAMTKDZDNzUwRDFEMTg0QjY3RDc5NUM3RDgyQjA3RjZFMjJFMzg0QjIzQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwhp8g/R+dhbk1zXQKgiVEl/ee
usSyAsJy04yQuJ6tNlnFgmqxq/qTbAxD0FlpKYW3jL6sv013hlv/lR1i4Hs2bjpB
mDrPuUF9/QsIByV/7PpzB9+1W29p6bGDuba+tasarDiM93MqAeTdRuudGgkvMRJw
Ga/wJHU4oFsfAmLh+yWixt6iKA9UVzL18mKfUfYFgB7T3IIv8H9UWgo+2UFVE2dF
nYjo48YevptEHlY+O7A58oBtGaPUBZXODUmE5HQ90i9o0bHn098l7DN3ZWydqkqi
6xGlCfACC6FLSG++k3sNipfLWjyod3VdbRICAUemW73VlvB4jKfHJdYo/xaRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbHUNHRhLZ9eVx9grB/biLjhLI8kwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMDJlMzYzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFtDww
DQYJKoZIhvcNAQELBQADggEBAF6ZuNkideYl6NSMYlQRfre6Vxo9kdcC4ElggepF
tXcGG3eBdYae5TJ1nFeyCNs6jPiKMzzIW3MPRv6TfJCdIgirOJsncilxqOKrp8oI
v6hoV06IN3rAiAmcEfY6hbJas++vVixxH87xAqjo3vhPBWrxTYVfPUE/iimarJBA
1cgKiUo16rcttly7JfAS/HBosbnK2KgtjF4S8aLiplpQoFnAFVMvW4ldnKrSrjqQ
6uGhKrGD/HryJTsZkiGK6mWaofCk/vdkKItR91xSD7UzX696Y87CklpCzo3N0flZ
/f776yefdlMvF+YffoWnxNPEli0aQU5mwYRwu0JZKQFfc6M=
-----END CERTIFICATE-----