Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20323136303437.roa
File:                     352e3138322e33352e302f32342d3234203d3e20323136303437.roa (raw, json)
Hash identifier:          +r83/o4HKlXxuUgGkVJcWAWKUK7t/kj5oFuS4+wXbWo=
Subject key identifier:   EF:6F:58:51:EB:B4:CD:3E:37:2C:B3:E0:21:97:B9:8A:63:78:C9:17
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       21D52F9CCC957E85EFEFC4B1986115368D19667A
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20323136303437.roa
Signing time:             Mon 29 Jul 2024 17:02:38 +0000
ROA not before:           Mon 29 Jul 2024 16:57:38 +0000
ROA not after:            Mon 28 Jul 2025 17:02:38 +0000
asID:                     216047
IP address blocks:        5.182.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:d5:2f:9c:cc:95:7e:85:ef:ef:c4:b1:98:61:15:36:8d:19:66:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jul 29 16:57:38 2024 GMT
            Not After : Jul 28 17:02:38 2025 GMT
        Subject: CN=EF6F5851EBB4CD3E372CB3E02197B98A6378C917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:da:59:09:65:c1:6b:d9:71:85:00:5f:4a:83:
                    be:19:0f:42:e1:5b:77:a4:0b:33:94:00:5f:7c:ff:
                    7a:90:9c:0e:ff:15:0b:45:ee:30:2f:42:d7:c7:46:
                    f0:69:4b:2c:f1:c5:a6:c7:ca:34:01:d9:81:24:a7:
                    98:1a:0a:db:6a:de:96:3e:8c:1e:54:38:b2:19:48:
                    54:d9:d4:12:5b:4b:63:e9:80:11:61:47:ff:1a:5c:
                    61:5f:f4:40:e6:49:89:37:8a:9c:9e:6f:a0:fa:57:
                    2e:8a:f1:12:d7:1d:53:81:98:9e:4e:5d:e5:6f:fe:
                    18:28:78:f4:b7:3e:66:9d:1f:6a:ea:f4:7f:84:b1:
                    82:ae:12:5e:47:7b:ab:ea:8d:02:4b:70:2c:e7:5a:
                    8b:5d:1c:e1:23:80:b4:d9:0d:71:a9:1f:ae:26:68:
                    b8:56:66:cc:e7:c7:f5:80:74:c1:0d:97:58:1b:02:
                    9e:59:42:35:30:ea:d2:c0:75:20:67:ac:66:7f:3d:
                    84:4e:ef:5b:c6:50:d0:9e:b5:c0:cd:cd:cc:ca:3f:
                    6b:5f:65:c5:bd:ec:f8:cc:b3:63:dc:33:ec:32:85:
                    5b:c2:52:59:97:54:55:8e:7c:f4:45:bb:ef:41:00:
                    99:3c:7e:c8:12:15:c3:f5:15:14:ed:20:61:fd:ff:
                    f0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:6F:58:51:EB:B4:CD:3E:37:2C:B3:E0:21:97:B9:8A:63:78:C9:17
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33352e302f32342d3234203d3e20323136303437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d2:df:63:d3:0b:ab:04:f5:1a:45:65:40:1b:ca:3a:1c:af:
         44:bd:50:03:d3:04:f1:bc:3f:1d:b9:87:9e:34:5c:15:8e:c9:
         4f:aa:43:f0:85:0b:a1:cd:91:32:36:02:47:26:f8:05:30:ca:
         23:c5:7f:f1:5f:21:3b:9a:1e:69:6f:69:37:fb:78:79:af:8f:
         6d:dc:8b:83:11:5f:d0:08:c1:ed:60:19:cd:13:01:d5:67:42:
         ab:ef:9d:cd:e1:c7:75:0f:ca:7f:2b:45:ea:7a:f4:bd:07:f3:
         40:b7:ba:1e:38:4c:79:e0:58:b1:e5:c6:f7:a8:d0:d7:c1:83:
         8f:5b:48:ab:06:22:a6:03:1f:5a:bf:94:47:16:0d:e9:54:c2:
         bd:98:ea:c0:96:66:40:1f:f5:10:dd:c9:c7:9e:50:58:f4:d9:
         9d:f5:cb:c8:d7:0c:73:71:3e:df:14:93:b9:1c:c6:fd:13:82:
         30:08:6b:16:fc:bc:6e:14:a4:d4:f8:ce:6d:31:39:78:62:9c:
         09:aa:d0:ee:9d:e9:21:53:54:b4:0d:11:08:2f:7a:40:ef:5f:
         a1:b5:fd:40:01:07:11:da:28:4d:c2:08:31:fe:1a:a7:1c:fb:
         ab:07:e3:64:fa:3c:e1:80:00:54:d2:22:09:a7:9d:38:46:79:
         e2:3a:50:7a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIdUvnMyVfoXv78SxmGEVNo0ZZnowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA3MjkxNjU3MzhaFw0yNTA3MjgxNzAyMzhaMDMxMTAvBgNV
BAMTKEVGNkY1ODUxRUJCNENEM0UzNzJDQjNFMDIxOTdCOThBNjM3OEM5MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT2lkJZcFr2XGFAF9Kg74ZD0Lh
W3ekCzOUAF98/3qQnA7/FQtF7jAvQtfHRvBpSyzxxabHyjQB2YEkp5gaCttq3pY+
jB5UOLIZSFTZ1BJbS2PpgBFhR/8aXGFf9EDmSYk3ipyeb6D6Vy6K8RLXHVOBmJ5O
XeVv/hgoePS3PmadH2rq9H+EsYKuEl5He6vqjQJLcCznWotdHOEjgLTZDXGpH64m
aLhWZsznx/WAdMENl1gbAp5ZQjUw6tLAdSBnrGZ/PYRO71vGUNCetcDNzczKP2tf
ZcW97PjMs2PcM+wyhVvCUlmXVFWOfPRFu+9BAJk8fsgSFcP1FRTtIGH9//BZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU729YUeu0zT43LLPgIZe5imN4yRcwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMjJlMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNjMwMzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW2
IzANBgkqhkiG9w0BAQsFAAOCAQEAitLfY9MLqwT1GkVlQBvKOhyvRL1QA9ME8bw/
HbmHnjRcFY7JT6pD8IULoc2RMjYCRyb4BTDKI8V/8V8hO5oeaW9pN/t4ea+PbdyL
gxFf0AjB7WAZzRMB1WdCq++dzeHHdQ/KfytF6nr0vQfzQLe6HjhMeeBYseXG96jQ
18GDj1tIqwYipgMfWr+URxYN6VTCvZjqwJZmQB/1EN3Jx55QWPTZnfXLyNcMc3E+
3xSTuRzG/ROCMAhrFvy8bhSk1PjObTE5eGKcCarQ7p3pIVNUtA0RCC96QO9fobX9
QAEHEdooTcIIMf4apxz7qwfjZPo84YAAVNIiCaedOEZ54jpQeg==
-----END CERTIFICATE-----