Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36312e302f32342d3234203d3e20313437303439.roa
File:                     352e3138302e36312e302f32342d3234203d3e20313437303439.roa (raw, json)
Hash identifier:          rkK0avz3xpmQTWy70VJFgHZVIPV0SY8dY2J/kxr/Ycs=
Subject key identifier:   8F:E9:3B:98:EA:65:CB:46:BB:B9:BF:66:9A:5A:E9:FD:AB:9A:66:4F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       6F3DF3F00C98B5B95047B1DDAB247D6D541ACDCA
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36312e302f32342d3234203d3e20313437303439.roa
Signing time:             Mon 27 Jan 2025 09:44:52 +0000
ROA not before:           Mon 27 Jan 2025 09:39:52 +0000
ROA not after:            Mon 26 Jan 2026 09:44:52 +0000
asID:                     147049
IP address blocks:        5.180.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:3d:f3:f0:0c:98:b5:b9:50:47:b1:dd:ab:24:7d:6d:54:1a:cd:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:52 2025 GMT
            Not After : Jan 26 09:44:52 2026 GMT
        Subject: CN=8FE93B98EA65CB46BBB9BF669A5AE9FDAB9A664F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e4:9b:f1:9d:31:ec:93:fe:44:b7:f7:f8:0a:
                    42:26:07:f8:b1:52:46:83:b7:b8:cd:66:36:7a:ed:
                    dd:50:4c:e9:76:d6:43:fa:83:b5:3a:49:f3:d2:1c:
                    bd:09:a2:68:cc:b3:65:56:cb:79:42:49:95:b8:45:
                    b9:b3:51:81:a3:71:17:90:19:3a:e2:39:23:ed:80:
                    ad:f2:24:67:20:62:6b:4f:b9:80:28:e5:de:3a:90:
                    63:00:5d:d2:15:bf:15:4b:55:82:3a:8b:55:9c:31:
                    68:5d:20:5d:c4:e5:d6:e5:7f:3b:54:47:07:d0:1f:
                    50:e4:8c:d4:50:e6:31:54:2e:d7:a7:6a:6d:10:4a:
                    0d:d6:96:13:73:2a:36:2e:95:19:27:c4:47:da:41:
                    0b:c6:5a:50:e1:dd:7c:5d:70:10:f5:74:52:9f:22:
                    43:b6:a5:94:bc:c7:96:01:40:8b:76:de:ab:17:15:
                    3c:da:39:79:29:bd:10:d8:f3:32:a5:aa:2a:72:5f:
                    02:d5:3c:54:2a:9e:cc:9c:85:49:e4:e5:af:58:e0:
                    c4:49:a9:07:70:ac:d0:94:12:fe:30:15:f4:d5:b1:
                    06:7c:04:c7:cf:6b:c7:88:76:96:e8:78:94:fa:4e:
                    2d:66:fe:6b:c9:1e:44:d7:99:54:92:db:9d:f6:32:
                    d1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E9:3B:98:EA:65:CB:46:BB:B9:BF:66:9A:5A:E9:FD:AB:9A:66:4F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36312e302f32342d3234203d3e20313437303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:9a:82:43:9e:a4:57:50:dd:a2:99:d1:b0:2a:24:dd:54:7a:
         03:6f:d7:66:a4:5b:81:04:8e:c0:9a:b8:e4:a7:c8:b4:ed:f3:
         f4:dc:c6:59:76:2b:69:60:95:98:5a:f1:89:9e:b0:bd:3d:26:
         f8:3b:04:78:30:2c:4e:31:a2:7d:7b:d2:64:1e:3f:0c:82:c8:
         70:ac:fe:79:7a:54:5d:21:3b:24:f4:79:eb:fe:e7:98:7b:f6:
         60:ea:80:32:a4:f5:8d:2d:55:aa:5d:90:22:6c:28:d7:d2:40:
         ea:87:b6:9c:45:d2:13:ab:88:30:e0:8f:23:ff:91:61:f2:3d:
         37:09:62:b3:13:f5:71:a8:bc:28:3e:64:3e:3f:e1:cf:28:86:
         2d:0b:a2:ec:bd:ee:c0:10:3c:f7:6f:1c:e3:84:47:95:ad:b0:
         86:09:58:91:55:e0:e2:dd:b0:39:ee:4f:58:45:eb:c3:d7:09:
         15:cb:14:fd:7a:35:38:88:bc:c4:f3:ce:bf:90:a4:c3:d3:c7:
         fd:22:58:25:f0:05:12:c5:38:5f:86:0d:b3:a3:8a:8d:b8:55:
         38:bf:d7:95:20:57:35:af:9f:51:9b:5c:5b:42:83:87:5a:09:
         68:a8:18:f7:09:18:40:32:a0:2b:ae:7b:f7:86:98:4d:b0:53:
         b5:5f:4c:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbz3z8AyYtblQR7HdqyR9bVQazcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NTJaFw0yNjAxMjYwOTQ0NTJaMDMxMTAvBgNV
BAMTKDhGRTkzQjk4RUE2NUNCNDZCQkI5QkY2NjlBNUFFOUZEQUI5QTY2NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe5JvxnTHsk/5Et/f4CkImB/ix
UkaDt7jNZjZ67d1QTOl21kP6g7U6SfPSHL0JomjMs2VWy3lCSZW4RbmzUYGjcReQ
GTriOSPtgK3yJGcgYmtPuYAo5d46kGMAXdIVvxVLVYI6i1WcMWhdIF3E5dblfztU
RwfQH1DkjNRQ5jFULtenam0QSg3WlhNzKjYulRknxEfaQQvGWlDh3XxdcBD1dFKf
IkO2pZS8x5YBQIt23qsXFTzaOXkpvRDY8zKlqipyXwLVPFQqnsychUnk5a9Y4MRJ
qQdwrNCUEv4wFfTVsQZ8BMfPa8eIdpboeJT6Ti1m/mvJHkTXmVSS2532MtHvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUj+k7mOply0a7ub9mmlrp/auaZk8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMDJlMzYzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzNzMwMzQzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW0
PTANBgkqhkiG9w0BAQsFAAOCAQEAZJqCQ56kV1DdopnRsCok3VR6A2/XZqRbgQSO
wJq45KfItO3z9NzGWXYraWCVmFrxiZ6wvT0m+DsEeDAsTjGifXvSZB4/DILIcKz+
eXpUXSE7JPR56/7nmHv2YOqAMqT1jS1Vql2QImwo19JA6oe2nEXSE6uIMOCPI/+R
YfI9NwlisxP1cai8KD5kPj/hzyiGLQui7L3uwBA8928c44RHla2whglYkVXg4t2w
Oe5PWEXrw9cJFcsU/Xo1OIi8xPPOv5Ckw9PH/SJYJfAFEsU4X4YNs6OKjbhVOL/X
lSBXNa+fUZtcW0KDh1oJaKgY9wkYQDKgK65794aYTbBTtV9M+A==
-----END CERTIFICATE-----