Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33322e302f32342d3234203d3e20313431303339.roa
File:                     352e3138322e33322e302f32342d3234203d3e20313431303339.roa (raw, json)
Hash identifier:          aEcGObSxbltk96yvAUwrM+vSPMZn2RqNGrhjpkw8l5k=
Subject key identifier:   61:A8:E9:C9:08:45:94:8E:34:7A:AD:2B:E2:5D:84:D4:32:49:01:80
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3C293D4E7BB477F9B9E9C412CDBCAB1E71B11D60
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33322e302f32342d3234203d3e20313431303339.roa
Signing time:             Mon 27 Jan 2025 09:44:50 +0000
ROA not before:           Mon 27 Jan 2025 09:39:50 +0000
ROA not after:            Mon 26 Jan 2026 09:44:50 +0000
asID:                     141039
IP address blocks:        5.182.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:29:3d:4e:7b:b4:77:f9:b9:e9:c4:12:cd:bc:ab:1e:71:b1:1d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:50 2025 GMT
            Not After : Jan 26 09:44:50 2026 GMT
        Subject: CN=61A8E9C90845948E347AAD2BE25D84D432490180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bc:73:ff:0d:0f:bf:ec:9e:6e:64:c9:fc:a2:
                    5d:c7:db:be:3b:6e:5a:c6:86:2b:de:3c:13:ea:43:
                    5f:3f:3d:60:14:34:fc:e6:43:26:42:bc:f0:e3:7b:
                    24:b9:b3:25:4d:b6:b0:19:24:7f:6c:97:f5:c1:66:
                    6f:37:8d:e7:1f:46:bd:52:95:a1:14:5f:9d:7c:94:
                    a6:01:1b:80:4f:c7:1d:d8:10:bf:55:2b:04:30:25:
                    ab:90:9a:f9:dc:11:91:39:43:f7:ff:66:f3:51:5a:
                    ad:bd:1d:aa:ad:e2:cf:0c:57:81:7b:55:07:3d:ec:
                    95:90:19:d9:0a:06:ae:fa:be:2c:a1:d1:35:f9:fd:
                    77:f2:e5:5c:22:c8:57:c5:c6:bd:de:11:84:e4:7f:
                    49:cc:be:50:79:d0:3f:8b:4f:fc:0b:15:dd:0d:4c:
                    56:ff:44:ac:ba:d8:45:ee:f6:3c:54:aa:88:1f:e0:
                    cb:e1:cd:d9:e1:a9:b2:b9:37:7a:5b:db:0f:26:a7:
                    13:cf:a3:5d:46:ef:36:cf:d0:47:eb:e4:80:52:22:
                    de:98:51:3b:f4:2e:79:54:16:f0:64:55:08:4d:ef:
                    30:84:f3:dd:33:1f:5f:e8:6e:3b:7d:89:12:d8:3a:
                    ec:a5:51:21:da:e6:84:dd:66:ef:fd:3a:7c:ce:e0:
                    95:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A8:E9:C9:08:45:94:8E:34:7A:AD:2B:E2:5D:84:D4:32:49:01:80
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33322e302f32342d3234203d3e20313431303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f6:c6:fc:19:0e:b0:a1:49:b0:f8:f4:31:48:1a:2c:e4:65:
         b5:19:06:75:24:f5:e7:8c:ad:85:4b:87:09:b6:12:6e:0f:dc:
         91:7c:7e:5c:5f:3f:8b:d6:78:5e:f2:c2:c2:6c:e5:71:60:62:
         57:52:58:6d:8f:c9:ac:b9:c6:56:33:0b:f5:d8:54:9a:8a:a8:
         ad:90:95:16:fa:cd:59:7d:c7:d0:b1:ea:6f:c5:04:76:82:d2:
         7b:55:c4:6c:44:4b:df:f5:83:4f:46:63:c8:dc:1c:29:aa:e6:
         15:e6:82:0f:b2:08:53:f2:92:7c:2a:e0:ea:58:ec:76:f8:2f:
         03:40:ab:ea:9f:e3:f2:a0:51:7c:b4:bb:92:8e:cc:54:fe:fb:
         83:15:e4:48:b8:36:b9:01:54:59:d3:7f:cb:5a:f6:ad:9e:ff:
         27:f0:f4:1b:eb:34:86:05:f1:ab:88:b2:aa:e8:98:27:3e:f4:
         41:46:86:bc:48:e1:78:e5:84:5f:7d:c9:fd:6b:de:2c:cd:12:
         6e:31:e5:fb:ec:50:0b:7e:a7:ff:ab:73:d6:66:0e:e8:8f:f0:
         d5:1d:96:38:c6:2b:bb:ce:ae:4c:59:0c:c0:0f:26:65:2c:3d:
         32:7a:b9:c3:f5:73:4a:e9:2a:ae:cf:ad:fe:19:bf:07:4e:07:
         c3:bb:7f:e2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPCk9Tnu0d/m56cQSzbyrHnGxHWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NTBaFw0yNjAxMjYwOTQ0NTBaMDMxMTAvBgNV
BAMTKDYxQThFOUM5MDg0NTk0OEUzNDdBQUQyQkUyNUQ4NEQ0MzI0OTAxODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNvHP/DQ+/7J5uZMn8ol3H2747
blrGhivePBPqQ18/PWAUNPzmQyZCvPDjeyS5syVNtrAZJH9sl/XBZm83jecfRr1S
laEUX518lKYBG4BPxx3YEL9VKwQwJauQmvncEZE5Q/f/ZvNRWq29Haqt4s8MV4F7
VQc97JWQGdkKBq76viyh0TX5/Xfy5VwiyFfFxr3eEYTkf0nMvlB50D+LT/wLFd0N
TFb/RKy62EXu9jxUqogf4MvhzdnhqbK5N3pb2w8mpxPPo11G7zbP0Efr5IBSIt6Y
UTv0LnlUFvBkVQhN7zCE890zH1/objt9iRLYOuylUSHa5oTdZu/9OnzO4JVtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYajpyQhFlI40eq0r4l2E1DJJAYAwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMjJlMzMzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzMTMwMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW2
IDANBgkqhkiG9w0BAQsFAAOCAQEAK/bG/BkOsKFJsPj0MUgaLORltRkGdST154yt
hUuHCbYSbg/ckXx+XF8/i9Z4XvLCwmzlcWBiV1JYbY/JrLnGVjML9dhUmoqorZCV
FvrNWX3H0LHqb8UEdoLSe1XEbERL3/WDT0ZjyNwcKarmFeaCD7IIU/KSfCrg6ljs
dvgvA0Cr6p/j8qBRfLS7ko7MVP77gxXkSLg2uQFUWdN/y1r2rZ7/J/D0G+s0hgXx
q4iyquiYJz70QUaGvEjheOWEX33J/WveLM0SbjHl++xQC36n/6tz1mYO6I/w1R2W
OMYru86uTFkMwA8mZSw9Mnq5w/VzSukqrs+t/hm/B04Hw7t/4g==
-----END CERTIFICATE-----