Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3235322e35322e302f32322d3332203d3e203430303231.roa
File:                     352e3235322e35322e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier:          DbuaI3JPj5bF5pfO2EcfMMDjipfOBZvDwYP6u8PuOr4=
Subject key identifier:   BA:1F:85:2F:CA:33:94:C0:0E:75:90:D8:78:80:62:4C:57:9A:51:21
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3CAAAC08AEE9B444E9EC555867D8FB63922E8908
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3235322e35322e302f32322d3332203d3e203430303231.roa
Signing time:             Sat 04 May 2024 09:29:24 +0000
ROA not before:           Sat 04 May 2024 09:24:24 +0000
ROA not after:            Sat 03 May 2025 09:29:24 +0000
asID:                     40021
IP address blocks:        5.252.52.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:aa:ac:08:ae:e9:b4:44:e9:ec:55:58:67:d8:fb:63:92:2e:89:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May  4 09:24:24 2024 GMT
            Not After : May  3 09:29:24 2025 GMT
        Subject: CN=BA1F852FCA3394C00E7590D87880624C579A5121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d7:36:80:65:36:58:1f:eb:76:8e:7a:45:0e:
                    65:3a:89:81:1f:be:bb:f0:af:76:d6:72:75:1a:a8:
                    cb:e7:97:93:ed:00:06:4b:54:e5:3c:47:ad:d8:b5:
                    0f:19:69:0f:01:ae:56:da:ed:25:0b:dc:82:f6:37:
                    cb:7e:52:f9:54:36:0e:ee:8b:0b:60:b2:27:5a:71:
                    ee:80:a7:7d:00:ae:8e:ba:e0:84:7e:d2:1c:e0:c6:
                    ef:53:dc:62:2f:17:1b:cc:a2:15:98:81:24:7b:d9:
                    57:8c:b5:a8:0f:a4:63:5d:7b:70:80:eb:d3:b8:fc:
                    8d:e4:5b:e2:07:31:4d:21:3e:b1:4c:ea:a2:ee:9b:
                    f8:67:0f:76:30:17:db:28:c1:be:1e:a3:58:d4:26:
                    89:fb:96:b0:ce:96:e3:c9:70:41:ff:c6:be:08:30:
                    8b:62:9b:90:d6:16:02:b2:7f:a4:65:58:47:d0:95:
                    82:df:c9:87:9c:3a:1c:d0:05:d6:4a:a7:89:79:c6:
                    c8:d7:d0:b2:61:d2:9c:c4:dd:f3:fc:ab:b6:84:ba:
                    77:94:cc:2f:d9:fb:08:7c:da:69:39:e4:51:50:db:
                    2f:f4:b3:9d:16:f6:f5:ad:c2:7b:f8:8f:a7:6b:fc:
                    d2:4a:a5:57:65:2b:fc:ca:6d:cf:0e:2c:3c:1f:89:
                    56:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1F:85:2F:CA:33:94:C0:0E:75:90:D8:78:80:62:4C:57:9A:51:21
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3235322e35322e302f32322d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:7d:fd:6d:46:74:80:15:95:7c:66:c7:61:28:fe:f5:32:d9:
         b2:ae:10:b4:e8:d0:d0:79:8a:c4:b2:03:4f:6e:c3:4a:7f:23:
         60:49:6f:84:09:81:14:9e:1b:a7:74:ff:b5:17:3a:a6:a4:76:
         45:42:45:ae:d2:4d:a8:ba:00:7a:c6:6a:f9:54:44:b2:e0:21:
         78:e4:0f:40:22:c4:04:5e:56:4d:72:f1:bd:52:9c:d1:e3:d5:
         97:a0:fc:13:3d:ce:b1:47:e5:9b:87:95:0c:89:1d:08:99:4b:
         8a:d1:3b:5b:c8:ce:2b:bb:77:74:71:5a:e6:a8:98:4e:44:d4:
         29:85:ef:b3:3f:99:ab:ed:c2:bd:ef:e9:f1:da:1a:39:38:bc:
         d5:68:d5:76:36:c7:20:af:e1:a7:e4:4e:5b:42:a6:c7:f2:e4:
         e0:f4:73:c3:55:d4:84:94:0f:da:5e:29:16:22:b2:4b:c3:8b:
         e3:73:77:c5:c1:17:ca:f8:3a:0b:6a:f7:d2:33:43:d4:14:b4:
         1d:01:0f:91:f5:36:4c:a8:58:d9:f8:d8:df:63:b1:9e:b3:52:
         fa:13:8b:a7:2e:70:40:47:58:ad:64:56:6b:f2:c9:da:23:44:
         78:c0:bd:72:15:ca:f5:b7:02:f7:1b:da:4c:bf:cb:cd:ea:d5:
         1f:28:9e:8a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPKqsCK7ptETp7FVYZ9j7Y5IuiQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MDQwOTI0MjRaFw0yNTA1MDMwOTI5MjRaMDMxMTAvBgNV
BAMTKEJBMUY4NTJGQ0EzMzk0QzAwRTc1OTBEODc4ODA2MjRDNTc5QTUxMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo1zaAZTZYH+t2jnpFDmU6iYEf
vrvwr3bWcnUaqMvnl5PtAAZLVOU8R63YtQ8ZaQ8Brlba7SUL3IL2N8t+UvlUNg7u
iwtgsidace6Ap30Aro664IR+0hzgxu9T3GIvFxvMohWYgSR72VeMtagPpGNde3CA
69O4/I3kW+IHMU0hPrFM6qLum/hnD3YwF9sowb4eo1jUJon7lrDOluPJcEH/xr4I
MItim5DWFgKyf6RlWEfQlYLfyYecOhzQBdZKp4l5xsjX0LJh0pzE3fP8q7aEuneU
zC/Z+wh82mk55FFQ2y/0s50W9vWtwnv4j6dr/NJKpVdlK/zKbc8OLDwfiVYdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUuh+FL8ozlMAOdZDYeIBiTFeaUSEwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMyMzUzMjJlMzUzMjJl
MzAyZjMyMzIyZDMzMzIyMDNkM2UyMDM0MzAzMDMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIF/DQw
DQYJKoZIhvcNAQELBQADggEBAC59/W1GdIAVlXxmx2Eo/vUy2bKuELTo0NB5isSy
A09uw0p/I2BJb4QJgRSeG6d0/7UXOqakdkVCRa7STai6AHrGavlURLLgIXjkD0Ai
xAReVk1y8b1SnNHj1Zeg/BM9zrFH5ZuHlQyJHQiZS4rRO1vIziu7d3RxWuaomE5E
1CmF77M/mavtwr3v6fHaGjk4vNVo1XY2xyCv4afkTltCpsfy5OD0c8NV1ISUD9pe
KRYiskvDi+Nzd8XBF8r4Ogtq99IzQ9QUtB0BD5H1NkyoWNn42N9jsZ6zUvoTi6cu
cEBHWK1kVmvyydojRHjAvXIVyvW3Avcb2ky/y83q1R8onoo=
-----END CERTIFICATE-----