Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3138312e36342e302f32322d3234203d3e20323031333431.roa
File:                     352e3138312e36342e302f32322d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          Yq/+QNRDOLhXDbnsGddGQaJYP3A/yNRZFTIV/o7xT1c=
Subject key identifier:   76:56:12:EB:24:0E:6D:74:99:4D:13:6C:32:A5:88:D6:C8:78:F6:10
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       7AE68B2236C7C1B1CABC3F2BC4E2B0338A0B503B
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3138312e36342e302f32322d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:38 +0000
ROA not before:           Mon 26 Feb 2024 08:48:38 +0000
ROA not after:            Mon 24 Feb 2025 08:53:38 +0000
asID:                     201341
IP address blocks:        5.181.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:e6:8b:22:36:c7:c1:b1:ca:bc:3f:2b:c4:e2:b0:33:8a:0b:50:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:38 2024 GMT
            Not After : Feb 24 08:53:38 2025 GMT
        Subject: CN=765612EB240E6D74994D136C32A588D6C878F610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:74:53:13:ad:6a:cb:5d:22:a7:0c:0f:d9:e1:
                    fb:9a:1d:1c:b7:8a:57:7e:64:e9:81:39:76:b0:12:
                    b8:b9:b1:0c:90:a3:65:a0:0c:d2:6d:56:61:1f:5e:
                    e7:26:31:fe:fa:17:87:04:09:6b:c1:be:1a:dc:10:
                    e0:08:f7:4c:d1:a9:3e:16:f3:b8:f2:19:4a:e4:39:
                    06:2c:14:79:8a:20:37:0c:f5:f4:7f:f2:e7:41:8f:
                    19:37:fa:e9:46:77:df:69:51:1f:ee:d0:5a:38:cc:
                    5b:b2:9b:48:20:5d:7e:78:46:dd:46:fa:ca:af:32:
                    fa:33:e4:d6:f3:02:f1:6b:79:d0:37:33:12:62:fa:
                    36:a2:35:75:e8:97:9c:c0:e8:5b:70:2b:4f:bb:cb:
                    ed:6e:40:1c:c7:31:0b:61:10:53:ee:06:91:22:a3:
                    a0:fd:95:07:ca:74:8b:04:96:a5:5d:2f:d1:6d:fa:
                    41:2a:d9:a9:f7:9a:3b:24:a0:01:4c:a2:0d:f5:f5:
                    fe:e8:c5:c8:83:0a:8c:70:36:b8:32:d5:02:86:31:
                    25:db:9f:21:20:26:a1:e6:aa:54:6a:a2:21:83:52:
                    9d:ce:e5:08:06:54:44:c6:9f:87:17:ba:02:50:a6:
                    45:0c:f1:4a:36:0f:48:39:54:ad:e2:fa:ab:11:54:
                    16:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:56:12:EB:24:0E:6D:74:99:4D:13:6C:32:A5:88:D6:C8:78:F6:10
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/352e3138312e36342e302f32322d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:35:3f:98:7c:e6:02:8e:39:0a:e8:92:86:24:2e:c8:a9:f4:
         e0:36:f1:b9:5b:28:10:7a:ef:73:59:f6:c8:5c:a3:24:de:9f:
         7a:14:72:df:ec:44:9c:2b:5f:14:ea:c0:de:c6:2d:39:e7:fd:
         f4:b7:bf:5e:23:51:cb:83:fd:ee:33:a2:3d:92:ed:94:84:c9:
         9b:cc:34:6d:83:16:e9:04:9b:f1:a5:c9:41:9f:3e:b5:cd:09:
         64:9e:07:29:b3:a3:24:0f:13:ee:cb:81:8b:f8:e8:94:2b:a4:
         ca:c8:37:f1:a9:69:d9:0f:b1:b8:c5:57:87:0d:c9:92:42:7d:
         19:ec:be:e3:5a:c5:af:f6:a7:80:7a:2f:d5:3d:e4:c6:23:63:
         ad:ce:fc:5f:1d:28:dd:da:dc:f5:40:1e:2b:f1:58:58:df:6f:
         eb:dd:e8:e0:af:c0:29:ff:e4:b3:bc:23:ad:db:35:62:b3:20:
         90:7d:9f:84:c6:6d:77:cc:db:4e:f5:ee:03:3e:5d:60:8f:5b:
         10:c9:bb:a1:94:a1:fb:a1:e3:40:fb:94:5d:94:a9:87:b0:29:
         cf:dc:77:5b:bf:c9:92:e6:2b:d7:1c:04:7f:9a:c5:e7:4d:57:
         03:f3:a0:84:78:a7:f7:fc:93:30:b3:0c:8c:8c:a1:88:2b:fc:
         e1:6e:3b:1e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeuaLIjbHwbHKvD8rxOKwM4oLUDswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzhaFw0yNTAyMjQwODUzMzhaMDMxMTAvBgNV
BAMTKDc2NTYxMkVCMjQwRTZENzQ5OTREMTM2QzMyQTU4OEQ2Qzg3OEY2MTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpdFMTrWrLXSKnDA/Z4fuaHRy3
ild+ZOmBOXawEri5sQyQo2WgDNJtVmEfXucmMf76F4cECWvBvhrcEOAI90zRqT4W
87jyGUrkOQYsFHmKIDcM9fR/8udBjxk3+ulGd99pUR/u0Fo4zFuym0ggXX54Rt1G
+sqvMvoz5NbzAvFredA3MxJi+jaiNXXol5zA6FtwK0+7y+1uQBzHMQthEFPuBpEi
o6D9lQfKdIsElqVdL9Ft+kEq2an3mjskoAFMog319f7oxciDCoxwNrgy1QKGMSXb
nyEgJqHmqlRqoiGDUp3O5QgGVETGn4cXugJQpkUM8Uo2D0g5VK3i+qsRVBY7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdlYS6yQObXSZTRNsMqWI1sh49hAwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzUyZTMxMzgzMTJlMzYzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgW1
QDANBgkqhkiG9w0BAQsFAAOCAQEAGzU/mHzmAo45CuiShiQuyKn04DbxuVsoEHrv
c1n2yFyjJN6fehRy3+xEnCtfFOrA3sYtOef99Le/XiNRy4P97jOiPZLtlITJm8w0
bYMW6QSb8aXJQZ8+tc0JZJ4HKbOjJA8T7suBi/jolCukysg38alp2Q+xuMVXhw3J
kkJ9Gey+41rFr/angHov1T3kxiNjrc78Xx0o3drc9UAeK/FYWN9v693o4K/AKf/k
s7wjrds1YrMgkH2fhMZtd8zbTvXuAz5dYI9bEMm7oZSh+6HjQPuUXZSph7Apz9x3
W7/JkuYr1xwEf5rF501XA/OghHin9/yTMLMMjIyhiCv84W47Hg==
-----END CERTIFICATE-----