Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36312e302f32342d3234203d3e20313437303439.roa
File:                     352e3138302e36312e302f32342d3234203d3e20313437303439.roa (raw, json)
Hash identifier:          VT0vZjREjdAH9PJ48mDy2HjYTh2qKn0ZWXy1lmBaJhk=
Subject key identifier:   1F:1A:A0:24:4D:8C:FB:CF:72:62:FB:E4:D0:8D:0D:A7:FF:EC:5F:FF
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       4F6316904AC2658E6D1CE491A409DDA2447899C0
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36312e302f32342d3234203d3e20313437303439.roa
Signing time:             Mon 26 Feb 2024 08:52:46 +0000
ROA not before:           Mon 26 Feb 2024 08:47:46 +0000
ROA not after:            Mon 24 Feb 2025 08:52:46 +0000
asID:                     147049
IP address blocks:        5.180.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:63:16:90:4a:c2:65:8e:6d:1c:e4:91:a4:09:dd:a2:44:78:99:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:46 2024 GMT
            Not After : Feb 24 08:52:46 2025 GMT
        Subject: CN=1F1AA0244D8CFBCF7262FBE4D08D0DA7FFEC5FFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:22:b1:8b:c7:5a:62:e0:12:97:4f:e1:d2:
                    4b:f4:de:f6:93:79:69:9e:b4:8e:c8:09:5e:3f:db:
                    52:7d:47:3e:7b:58:da:c9:c3:e1:af:ec:4d:da:ba:
                    7d:7c:3c:aa:ae:3d:d1:3e:49:1a:d3:79:ce:0d:c3:
                    45:88:66:2c:e5:9b:18:29:b4:c6:45:06:5a:14:f6:
                    46:57:11:9c:84:8c:80:3a:a0:2d:dd:0f:b5:30:2d:
                    dd:e6:5a:2d:80:9b:41:3f:63:c2:87:0a:41:c5:f4:
                    66:0f:e8:8b:55:6b:3f:e9:e2:7c:56:72:42:f5:ee:
                    12:24:ce:d8:ce:87:f4:3c:6b:8a:dd:23:40:af:7e:
                    20:af:da:9c:1b:99:59:1f:9d:b6:59:d4:6d:f1:c7:
                    28:11:24:5d:03:a1:9e:55:7e:03:29:3e:5a:f8:be:
                    f7:26:b4:05:57:36:47:78:80:97:91:34:a4:41:be:
                    af:fc:ff:72:31:f2:69:19:13:58:33:64:73:5d:f2:
                    04:f3:ad:09:84:dc:0f:b9:24:2b:2f:ee:5c:cd:b4:
                    6f:91:3f:91:99:69:9f:07:dc:e6:e3:21:97:dd:a8:
                    f0:64:7d:c4:9b:77:4b:07:22:a1:a7:aa:86:b9:ac:
                    fd:38:8d:3a:32:2d:ce:c3:9e:62:4c:58:3a:63:6c:
                    e0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:1A:A0:24:4D:8C:FB:CF:72:62:FB:E4:D0:8D:0D:A7:FF:EC:5F:FF
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36312e302f32342d3234203d3e20313437303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d1:18:91:f3:12:59:0c:04:fc:79:14:25:85:bd:05:f7:9e:
         a1:4c:e9:81:df:c9:06:15:2f:aa:8c:f4:8d:38:28:2a:bd:bd:
         42:5f:e3:24:cc:38:29:2e:e1:0d:8a:26:6c:c3:4c:cb:3f:31:
         53:27:9b:cd:9e:7f:c1:ec:15:4f:12:99:c1:e6:7a:b3:9f:00:
         e4:f2:49:ed:7b:e8:b2:12:33:de:4d:77:9b:5d:40:f7:7b:fa:
         f8:22:c3:70:68:90:5f:0d:9e:0e:36:45:4c:89:62:ab:5e:ae:
         bb:8a:49:7f:46:37:89:01:95:57:2b:8e:2d:fb:41:7b:5b:7c:
         1c:48:3a:42:07:6c:47:a9:03:4d:07:46:0d:d7:01:d2:5c:04:
         2c:77:ab:4b:8f:49:c4:21:3f:a4:d1:92:58:70:67:6c:a6:dd:
         e7:0e:4f:4b:95:50:25:28:97:b2:5c:c2:a6:ae:98:19:98:e0:
         8e:98:94:cc:43:00:e1:d9:13:81:3f:29:5f:58:c7:ce:4a:99:
         1c:1d:ec:96:4b:03:25:38:26:8b:4f:40:ac:50:b4:30:83:f5:
         2e:31:57:58:8c:fc:44:58:a1:ee:5c:1a:32:22:c9:47:9c:6b:
         2a:9f:d7:0b:0b:fe:03:77:54:72:64:85:2f:39:52:af:b5:38:
         df:95:82:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUT2MWkErCZY5tHOSRpAndokR4mcAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDZaFw0yNTAyMjQwODUyNDZaMDMxMTAvBgNV
BAMTKDFGMUFBMDI0NEQ4Q0ZCQ0Y3MjYyRkJFNEQwOEQwREE3RkZFQzVGRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsRSKxi8daYuASl0/h0kv03vaT
eWmetI7ICV4/21J9Rz57WNrJw+Gv7E3aun18PKquPdE+SRrTec4Nw0WIZizlmxgp
tMZFBloU9kZXEZyEjIA6oC3dD7UwLd3mWi2Am0E/Y8KHCkHF9GYP6ItVaz/p4nxW
ckL17hIkztjOh/Q8a4rdI0CvfiCv2pwbmVkfnbZZ1G3xxygRJF0DoZ5VfgMpPlr4
vvcmtAVXNkd4gJeRNKRBvq/8/3Ix8mkZE1gzZHNd8gTzrQmE3A+5JCsv7lzNtG+R
P5GZaZ8H3ObjIZfdqPBkfcSbd0sHIqGnqoa5rP04jToyLc7DnmJMWDpjbOB5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHxqgJE2M+89yYvvk0I0Np//sX/8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMDJlMzYzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzNzMwMzQzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW0
PTANBgkqhkiG9w0BAQsFAAOCAQEADtEYkfMSWQwE/HkUJYW9BfeeoUzpgd/JBhUv
qoz0jTgoKr29Ql/jJMw4KS7hDYombMNMyz8xUyebzZ5/wewVTxKZweZ6s58A5PJJ
7XvoshIz3k13m11A93v6+CLDcGiQXw2eDjZFTIliq16uu4pJf0Y3iQGVVyuOLftB
e1t8HEg6QgdsR6kDTQdGDdcB0lwELHerS49JxCE/pNGSWHBnbKbd5w5PS5VQJSiX
slzCpq6YGZjgjpiUzEMA4dkTgT8pX1jHzkqZHB3slksDJTgmi09ArFC0MIP1LjFX
WIz8RFih7lwaMiLJR5xrKp/XCwv+A3dUcmSFLzlSr7U435WC3g==
-----END CERTIFICATE-----