Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33332e302f32342d3332203d3e203531313637.roa
File:                     352e3138322e33332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          E+EIUz8VH5LqKsuSDEnwlkMkh0XcBk8VO5+Hv7Mis7U=
Subject key identifier:   C0:23:97:61:DC:32:56:7F:2D:1D:E1:4F:1E:9F:89:8F:50:C9:79:8A
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       472B88929AD90E686ACFB7BE5956576BB47316F3
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33332e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:42 +0000
ROA not before:           Mon 26 Feb 2024 08:47:42 +0000
ROA not after:            Mon 24 Feb 2025 08:52:42 +0000
asID:                     51167
IP address blocks:        5.182.33.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:2b:88:92:9a:d9:0e:68:6a:cf:b7:be:59:56:57:6b:b4:73:16:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:42 2024 GMT
            Not After : Feb 24 08:52:42 2025 GMT
        Subject: CN=C0239761DC32567F2D1DE14F1E9F898F50C9798A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:16:2d:21:34:de:5d:66:e6:76:d1:e6:d6:46:
                    a8:20:40:48:13:d9:4d:0c:b3:1e:a0:8e:88:0c:f6:
                    f2:b6:e3:49:ae:8b:08:38:27:4e:8b:dc:02:e2:21:
                    c3:be:5a:65:83:2a:75:32:3a:55:6e:a8:76:88:27:
                    66:20:06:c1:e2:e3:51:50:b6:3c:76:7c:3f:33:bc:
                    6f:a8:4c:aa:8b:89:4e:7d:26:87:3e:7a:36:70:2b:
                    a3:02:9e:25:d8:ac:df:7a:a5:ab:f9:d3:e6:47:3f:
                    49:f3:f5:1f:b8:b4:e6:fc:5f:45:f0:db:d5:90:dd:
                    86:7b:f1:24:bd:44:b1:ea:32:b2:57:29:73:fe:16:
                    98:05:43:b3:2b:be:3a:ce:bb:17:45:f8:ab:f9:4a:
                    5c:44:a3:e3:0a:11:67:3e:a3:79:ca:2d:79:dc:28:
                    0a:d7:38:c1:68:65:3f:a3:63:c0:2d:b4:bb:fa:0a:
                    22:3d:3d:7e:cf:11:95:39:ec:aa:54:86:95:2b:ed:
                    d0:f9:9a:be:b6:15:e8:64:f2:14:65:a9:ed:c9:47:
                    f0:5f:28:3f:79:5e:47:4d:87:e1:41:35:b6:7d:ee:
                    b4:cb:e2:86:8d:97:95:c6:d2:38:10:e2:3a:e2:f6:
                    37:89:f4:71:ea:8c:a1:5b:ea:a7:55:c0:78:6e:45:
                    2e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:23:97:61:DC:32:56:7F:2D:1D:E1:4F:1E:9F:89:8F:50:C9:79:8A
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:22:a5:84:87:0c:63:c2:6a:c8:83:14:eb:ff:e2:6c:43:db:
         54:5a:aa:47:09:d0:ec:dd:5d:83:fd:b8:2b:e5:07:1c:2c:75:
         e8:2b:36:af:98:84:4e:ae:74:ae:90:92:73:58:b5:ab:9c:1e:
         85:bb:47:92:99:35:a0:8a:ed:fd:e7:00:37:23:97:b9:6b:ce:
         ec:94:7f:9a:0d:3d:c4:ee:8a:e4:10:15:a1:bc:8d:36:d7:1a:
         47:fb:ec:7e:3e:50:bf:1e:ad:df:e8:b5:2f:db:fd:99:b0:ad:
         3c:d9:5e:1d:fb:73:3a:42:6d:a2:3a:8e:1c:6f:79:45:ec:fd:
         37:f5:59:9c:89:1f:5a:20:16:fe:be:93:f2:7a:75:1b:9a:70:
         58:14:8e:c1:7d:58:57:01:68:32:30:b1:3f:0e:ef:3d:23:e2:
         c1:43:73:8f:78:40:39:e4:d0:50:1c:64:45:be:95:af:1f:cf:
         74:23:41:89:18:a2:d2:1b:7d:66:b3:e0:06:fe:95:59:5c:ea:
         2f:f8:fa:32:0d:46:33:63:71:d2:5c:eb:7a:9f:80:e7:b2:bb:
         1e:45:08:11:32:2d:32:7a:40:58:13:56:24:20:1a:8e:bc:40:
         34:f9:32:75:e0:3b:ee:43:29:70:42:fe:bd:fa:3c:f3:8c:17:
         7d:10:d1:37
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURyuIkprZDmhqz7e+WVZXa7RzFvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDJaFw0yNTAyMjQwODUyNDJaMDMxMTAvBgNV
BAMTKEMwMjM5NzYxREMzMjU2N0YyRDFERTE0RjFFOUY4OThGNTBDOTc5OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Fi0hNN5dZuZ20ebWRqggQEgT
2U0Msx6gjogM9vK240muiwg4J06L3ALiIcO+WmWDKnUyOlVuqHaIJ2YgBsHi41FQ
tjx2fD8zvG+oTKqLiU59Joc+ejZwK6MCniXYrN96pav50+ZHP0nz9R+4tOb8X0Xw
29WQ3YZ78SS9RLHqMrJXKXP+FpgFQ7MrvjrOuxdF+Kv5SlxEo+MKEWc+o3nKLXnc
KArXOMFoZT+jY8AttLv6CiI9PX7PEZU57KpUhpUr7dD5mr62Fehk8hRlqe3JR/Bf
KD95XkdNh+FBNbZ97rTL4oaNl5XG0jgQ4jri9jeJ9HHqjKFb6qdVwHhuRS4NAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUwCOXYdwyVn8tHeFPHp+Jj1DJeYowHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMjJlMzMzMzJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFtiEw
DQYJKoZIhvcNAQELBQADggEBAGYipYSHDGPCasiDFOv/4mxD21RaqkcJ0OzdXYP9
uCvlBxwsdegrNq+YhE6udK6QknNYtaucHoW7R5KZNaCK7f3nADcjl7lrzuyUf5oN
PcTuiuQQFaG8jTbXGkf77H4+UL8erd/otS/b/ZmwrTzZXh37czpCbaI6jhxveUXs
/Tf1WZyJH1ogFv6+k/J6dRuacFgUjsF9WFcBaDIwsT8O7z0j4sFDc494QDnk0FAc
ZEW+la8fz3QjQYkYotIbfWaz4Ab+lVlc6i/4+jINRjNjcdJc63qfgOeyux5FCBEy
LTJ6QFgTViQgGo68QDT5MnXgO+5DKXBC/r36PPOMF30Q0Tc=
-----END CERTIFICATE-----