Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36322e302f32342d3332203d3e203632323430.roa
File:                     352e3138302e36322e302f32342d3332203d3e203632323430.roa (raw, json)
Hash identifier:          +3kS4MNhrmP3MYlZjqRVyeyavA0cROvAeaKBNrwhQMI=
Subject key identifier:   11:54:C5:90:D4:44:2A:F8:17:AC:9A:D5:30:91:A0:F0:AA:3A:5C:30
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       29914E65CFFE4C766959A5A686FE8C0BC3047E13
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36322e302f32342d3332203d3e203632323430.roa
Signing time:             Mon 27 Jan 2025 09:44:48 +0000
ROA not before:           Mon 27 Jan 2025 09:39:48 +0000
ROA not after:            Mon 26 Jan 2026 09:44:48 +0000
asID:                     62240
IP address blocks:        5.180.62.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Feb 2025 22:23:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:91:4e:65:cf:fe:4c:76:69:59:a5:a6:86:fe:8c:0b:c3:04:7e:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:48 2025 GMT
            Not After : Jan 26 09:44:48 2026 GMT
        Subject: CN=1154C590D4442AF817AC9AD53091A0F0AA3A5C30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:76:f8:c4:e4:6c:4d:5d:07:92:cb:14:18:13:
                    1c:ce:52:71:77:ef:4c:19:e1:c3:82:c7:da:f5:ea:
                    7d:4e:f5:49:ab:fa:93:a0:e9:8b:72:00:ed:1a:d3:
                    0a:75:40:a7:0e:0d:f9:4f:81:d0:94:69:03:d0:6e:
                    99:89:e2:74:e0:d6:49:7d:b7:f4:ea:42:a1:48:12:
                    cb:24:f5:a1:6d:3b:80:57:0f:19:7b:8f:d2:da:cb:
                    dc:ba:7f:b2:e9:9c:e1:cc:b7:76:8b:24:f6:68:e8:
                    bc:e7:73:8d:b8:12:26:29:df:ec:fa:0a:f7:81:cd:
                    db:13:7a:cb:2d:dc:48:1b:61:37:f2:2c:8f:89:02:
                    10:f9:a2:47:f3:1b:3a:78:70:1a:9e:a1:d4:b5:3d:
                    53:3a:da:58:39:e6:f7:00:85:7a:f6:85:75:e4:22:
                    b6:6b:f0:7c:0b:49:c5:c8:6e:d6:07:cc:be:16:f6:
                    f3:8f:a2:e7:92:a4:3d:fd:e8:56:62:b5:36:4b:98:
                    56:a5:b4:ed:32:78:6e:6e:58:f9:0a:47:86:d9:2b:
                    d0:db:8a:be:a7:32:e1:54:9d:a4:1d:0c:66:dc:95:
                    98:90:a3:11:e6:5d:64:7e:74:63:3a:80:fc:cc:a2:
                    69:a6:6c:77:aa:c6:7c:b8:76:e7:98:84:14:16:8e:
                    33:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:54:C5:90:D4:44:2A:F8:17:AC:9A:D5:30:91:A0:F0:AA:3A:5C:30
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138302e36322e302f32342d3332203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:50:32:79:9b:9c:8d:3e:de:44:b0:fb:dc:50:2a:45:e6:58:
         95:56:18:a5:50:5d:66:af:6a:c5:8f:03:0a:4b:21:51:3b:38:
         87:be:8c:0a:dd:22:e5:72:1f:a5:65:8b:5b:b8:92:1f:49:4f:
         60:b9:ea:57:1d:8c:7b:9e:23:29:80:7a:52:91:71:fb:90:65:
         d2:49:e8:14:c2:ae:44:94:97:6b:de:73:1e:09:7b:52:4a:10:
         48:bf:d7:45:be:11:6d:a7:82:48:45:6b:81:47:84:e1:13:13:
         31:81:ef:64:96:bd:4c:45:05:9e:03:6c:8a:ab:bf:c3:a3:5d:
         92:0c:a3:b1:2e:52:77:ed:a4:f9:47:d2:c4:0b:bd:4d:53:1b:
         5d:54:d6:df:89:87:9d:38:49:6a:f8:9c:4e:a3:9e:11:a6:b4:
         62:1f:01:cd:a0:0e:2f:ae:f1:7c:ac:6f:93:ed:a0:98:00:77:
         e2:d4:5a:26:65:44:4b:9f:c9:90:53:95:3c:69:2d:29:3a:c5:
         ec:48:45:61:92:1c:d1:f4:7a:f8:c0:53:d8:22:6b:68:f2:6d:
         60:f0:8b:b2:df:79:f0:0f:aa:c3:ff:c2:c7:ee:3a:bf:0d:42:
         94:d0:47:5e:71:1a:70:da:f5:eb:d2:b1:57:d2:d6:f4:d6:51:
         2d:97:d2:31
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKZFOZc/+THZpWaWmhv6MC8MEfhMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDhaFw0yNjAxMjYwOTQ0NDhaMDMxMTAvBgNV
BAMTKDExNTRDNTkwRDQ0NDJBRjgxN0FDOUFENTMwOTFBMEYwQUEzQTVDMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZdvjE5GxNXQeSyxQYExzOUnF3
70wZ4cOCx9r16n1O9Umr+pOg6YtyAO0a0wp1QKcODflPgdCUaQPQbpmJ4nTg1kl9
t/TqQqFIEssk9aFtO4BXDxl7j9Lay9y6f7LpnOHMt3aLJPZo6Lznc424EiYp3+z6
CveBzdsTesst3EgbYTfyLI+JAhD5okfzGzp4cBqeodS1PVM62lg55vcAhXr2hXXk
IrZr8HwLScXIbtYHzL4W9vOPoueSpD396FZitTZLmFaltO0yeG5uWPkKR4bZK9Db
ir6nMuFUnaQdDGbclZiQoxHmXWR+dGM6gPzMommmbHeqxny4dueYhBQWjjPVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEVTFkNREKvgXrJrVMJGg8Ko6XDAwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMDJlMzYzMjJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM2MzIzMjM0MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFtD4w
DQYJKoZIhvcNAQELBQADggEBAEVQMnmbnI0+3kSw+9xQKkXmWJVWGKVQXWavasWP
AwpLIVE7OIe+jArdIuVyH6Vli1u4kh9JT2C56lcdjHueIymAelKRcfuQZdJJ6BTC
rkSUl2vecx4Je1JKEEi/10W+EW2ngkhFa4FHhOETEzGB72SWvUxFBZ4DbIqrv8Oj
XZIMo7EuUnftpPlH0sQLvU1TG11U1t+Jh504SWr4nE6jnhGmtGIfAc2gDi+u8Xys
b5PtoJgAd+LUWiZlREufyZBTlTxpLSk6xexIRWGSHNH0evjAU9gia2jybWDwi7Lf
efAPqsP/wsfuOr8NQpTQR15xGnDa9evSsVfS1vTWUS2X0jE=
-----END CERTIFICATE-----