Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36322e302f32342d3332203d3e203632323430.roa
File:                     352e3138302e36322e302f32342d3332203d3e203632323430.roa (raw, json)
Hash identifier:          qkW0mbiDLyqJ+yZYVStHFFwFFh6Qlxg5wcn/Y1BpqvA=
Subject key identifier:   56:49:4F:5F:88:5C:59:55:7F:67:B2:77:21:8A:81:1E:99:71:68:71
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       0F789EC1834246BFD16C0B3C9AA958F913491286
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36322e302f32342d3332203d3e203632323430.roa
Signing time:             Mon 26 Feb 2024 08:52:46 +0000
ROA not before:           Mon 26 Feb 2024 08:47:46 +0000
ROA not after:            Mon 24 Feb 2025 08:52:46 +0000
asID:                     62240
IP address blocks:        5.180.62.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:78:9e:c1:83:42:46:bf:d1:6c:0b:3c:9a:a9:58:f9:13:49:12:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:46 2024 GMT
            Not After : Feb 24 08:52:46 2025 GMT
        Subject: CN=56494F5F885C59557F67B277218A811E99716871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:61:14:ad:d6:fe:ba:d4:f4:4f:43:2f:2a:bf:
                    0a:d2:0e:82:06:93:2d:0c:6a:ad:7f:05:28:5b:f7:
                    84:30:bd:de:58:86:a8:28:7a:21:fc:c2:2d:c3:5c:
                    ec:2c:86:35:d2:31:f6:81:95:8a:9a:87:84:d4:cd:
                    f6:53:af:58:6f:f9:27:1b:5e:51:35:4d:11:4c:f6:
                    5b:51:bd:0d:37:28:f7:a2:8a:f9:2d:84:9d:bc:1b:
                    b7:da:25:c4:65:2f:91:7b:32:9e:73:4c:e5:80:e0:
                    22:aa:40:4e:52:bb:49:e6:e7:b8:80:6a:8b:2d:f8:
                    48:2e:01:a9:ac:ef:d5:e8:d0:6c:32:b5:c8:52:4a:
                    c5:6a:bf:04:af:e7:94:7d:40:35:8b:c9:3c:3f:c6:
                    e0:12:c2:66:5c:c4:df:21:d2:b9:56:b1:e9:27:1b:
                    83:4f:17:32:00:6c:9b:03:f0:f0:12:7a:1f:2a:8d:
                    af:13:44:c0:16:c8:02:cf:a1:55:73:50:4e:42:b4:
                    05:89:3d:ee:50:26:cc:63:a5:87:3a:26:a1:d8:6e:
                    48:d3:6c:8d:78:a2:c8:f0:b4:a7:0f:93:1c:29:4a:
                    83:c7:c2:46:6b:ab:7f:a0:29:8d:4c:68:ec:f0:82:
                    94:6a:41:8f:84:de:16:93:fb:ad:05:cb:38:64:e1:
                    f9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:49:4F:5F:88:5C:59:55:7F:67:B2:77:21:8A:81:1E:99:71:68:71
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36322e302f32342d3332203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:bd:03:8a:05:1c:e0:fc:e2:34:89:0d:1e:33:84:fb:ba:f0:
         25:4e:09:2d:09:12:c6:a7:e7:6d:74:9c:bd:4c:ee:6c:98:3e:
         a6:9d:7a:32:bc:07:bc:a5:24:c4:66:d8:e2:4d:7b:19:a2:c4:
         5f:38:a4:af:35:be:70:70:05:65:15:8a:13:cd:c2:6d:2d:59:
         7a:3d:72:73:61:9a:3b:64:9f:a6:8d:02:9a:93:a2:fe:94:db:
         f7:41:21:66:00:e7:8f:19:37:73:f3:81:ac:c6:1b:71:f1:69:
         5f:e9:3e:50:90:12:36:d7:a8:08:72:86:70:4d:2e:76:6a:b7:
         81:a2:29:99:b2:22:b5:59:aa:e9:f9:92:e9:46:61:d9:fd:ec:
         56:e6:a6:41:9c:b1:31:28:f0:70:a9:95:ca:d3:ee:11:6e:d6:
         20:c3:57:e6:96:f8:d1:1e:31:0a:8a:92:55:ce:9b:43:f3:0f:
         cb:17:ba:69:d6:49:ec:8d:c9:c4:12:68:4e:a5:cd:92:1d:f1:
         e4:71:5e:f3:89:fa:0c:a1:c3:c5:35:2a:01:da:d0:4c:04:04:
         3a:5a:a0:68:1e:1b:70:52:a6:47:64:29:e7:4b:5c:f5:32:4b:
         da:cf:dc:e2:f1:66:5a:f5:34:7d:a0:4d:20:50:d1:3a:fa:39:
         83:c4:8a:e6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUD3iewYNCRr/RbAs8mqlY+RNJEoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDZaFw0yNTAyMjQwODUyNDZaMDMxMTAvBgNV
BAMTKDU2NDk0RjVGODg1QzU5NTU3RjY3QjI3NzIxOEE4MTFFOTk3MTY4NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMYRSt1v661PRPQy8qvwrSDoIG
ky0Maq1/BShb94Qwvd5YhqgoeiH8wi3DXOwshjXSMfaBlYqah4TUzfZTr1hv+Scb
XlE1TRFM9ltRvQ03KPeiivkthJ28G7faJcRlL5F7Mp5zTOWA4CKqQE5Su0nm57iA
aost+EguAams79Xo0GwytchSSsVqvwSv55R9QDWLyTw/xuASwmZcxN8h0rlWsekn
G4NPFzIAbJsD8PASeh8qja8TRMAWyALPoVVzUE5CtAWJPe5QJsxjpYc6JqHYbkjT
bI14osjwtKcPkxwpSoPHwkZrq3+gKY1MaOzwgpRqQY+E3haT+60Fyzhk4fkdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUVklPX4hcWVV/Z7J3IYqBHplxaHEwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMDJlMzYzMjJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM2MzIzMjM0MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFtD4w
DQYJKoZIhvcNAQELBQADggEBABy9A4oFHOD84jSJDR4zhPu68CVOCS0JEsan5210
nL1M7myYPqadejK8B7ylJMRm2OJNexmixF84pK81vnBwBWUVihPNwm0tWXo9cnNh
mjtkn6aNApqTov6U2/dBIWYA548ZN3PzgazGG3HxaV/pPlCQEjbXqAhyhnBNLnZq
t4GiKZmyIrVZqun5kulGYdn97FbmpkGcsTEo8HCplcrT7hFu1iDDV+aW+NEeMQqK
klXOm0PzD8sXumnWSeyNycQSaE6lzZId8eRxXvOJ+gyhw8U1KgHa0EwEBDpaoGge
G3BSpkdkKedLXPUyS9rP3OLxZlr1NH2gTSBQ0Tr6OYPEiuY=
-----END CERTIFICATE-----