Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3135322e38392e38382e302f32322d3232203d3e203536333736.roa
File:                     3135322e38392e38382e302f32322d3232203d3e203536333736.roa (raw, json)
Hash identifier:          PeC4ETPg8zImzhzBuJpdVj6YxrA8ChkKerhHYPQRO/w=
Subject key identifier:   B8:57:AB:12:9B:2F:B0:7C:76:F1:56:DF:6C:10:A4:11:EA:B9:6E:44
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       5D878ACB53FF5692ED9477F32C30C82466EEDD85
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3135322e38392e38382e302f32322d3232203d3e203536333736.roa
Signing time:             Mon 26 Feb 2024 08:53:50 +0000
ROA not before:           Mon 26 Feb 2024 08:48:50 +0000
ROA not after:            Mon 24 Feb 2025 08:53:50 +0000
asID:                     56376
IP address blocks:        152.89.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:87:8a:cb:53:ff:56:92:ed:94:77:f3:2c:30:c8:24:66:ee:dd:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:50 2024 GMT
            Not After : Feb 24 08:53:50 2025 GMT
        Subject: CN=B857AB129B2FB07C76F156DF6C10A411EAB96E44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2a:82:d0:f7:a2:f8:9a:06:88:74:78:9e:6c:
                    8c:1d:46:0f:06:e0:ba:1e:49:ef:f5:01:9f:20:a1:
                    1d:39:de:7a:1f:ef:bc:12:39:b0:e4:b6:26:c2:d5:
                    3c:33:47:19:66:29:8c:66:33:20:6f:34:95:c4:16:
                    81:a7:d7:6f:35:d5:19:ba:aa:ad:2c:bf:83:4a:cd:
                    6c:56:4a:01:1a:d7:ef:21:78:24:ae:5d:31:82:15:
                    1a:c2:61:66:df:92:6e:f7:c6:6c:70:70:87:0b:9f:
                    61:e0:2c:bb:80:80:6a:79:29:46:37:5a:6a:50:90:
                    35:f0:d8:86:b9:3b:dd:a1:d0:94:c8:8c:da:fe:76:
                    dc:40:7c:1e:10:b8:20:40:27:ca:29:fc:20:93:98:
                    7a:2a:77:9a:45:89:f1:b9:ca:e6:7f:09:2c:75:f5:
                    81:0f:1f:ce:f1:eb:a6:de:eb:b4:ff:3d:ac:52:0e:
                    cf:78:fb:2a:13:15:ca:2b:de:63:b9:ed:51:39:02:
                    47:b0:16:39:02:54:77:5d:dc:f3:70:42:50:3d:3a:
                    51:fe:5b:8c:a4:e4:ee:61:44:00:11:fa:3e:8e:29:
                    3b:26:5c:16:e5:d5:20:00:c6:31:5e:98:67:7c:4f:
                    46:e7:ec:88:08:bf:b0:e6:72:6e:71:5b:49:58:09:
                    f6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:57:AB:12:9B:2F:B0:7C:76:F1:56:DF:6C:10:A4:11:EA:B9:6E:44
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3135322e38392e38382e302f32322d3232203d3e203536333736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:7f:f8:2d:61:cb:7a:72:4c:14:00:51:97:86:51:82:6b:1e:
         8e:01:26:36:08:29:a5:68:da:6a:1d:dd:bf:7d:6c:83:94:93:
         d6:7b:57:d9:24:e2:2f:22:6f:1b:59:9b:8a:94:76:a9:a7:c4:
         7f:b3:40:2c:e9:0c:cc:45:cd:dd:e4:76:6e:ae:44:8b:d0:c5:
         18:b2:32:6d:58:02:1e:2c:3b:f4:ef:41:26:18:c9:8f:8b:d7:
         c4:96:95:5f:fb:a3:d7:b9:ad:4a:1d:2f:09:1f:f4:69:e0:07:
         35:af:23:26:7d:38:b3:e4:de:bf:9f:ba:1e:30:c2:00:91:43:
         aa:9d:4a:dc:25:ae:45:13:14:40:7c:88:5e:ee:e0:18:e6:d6:
         2c:c2:96:8c:b7:f9:6d:16:da:05:2f:90:bd:fd:5e:e8:03:fb:
         86:c2:81:72:d4:c7:b2:2b:5f:82:96:2b:1a:67:b7:57:8d:98:
         d8:d1:b1:00:ba:ca:6f:72:c6:09:7e:91:9b:29:8f:8f:1f:7d:
         5d:c8:9c:7a:d7:47:5e:04:45:4b:e2:b2:f3:68:84:43:c6:0b:
         7d:a7:d1:28:4c:54:f6:d0:13:b3:2e:10:53:c1:22:88:48:b7:
         f6:6f:83:86:af:e2:a4:a1:2f:20:11:51:88:e8:41:81:f2:af:
         25:b3:47:b1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXYeKy1P/VpLtlHfzLDDIJGbu3YUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NTBaFw0yNTAyMjQwODUzNTBaMDMxMTAvBgNV
BAMTKEI4NTdBQjEyOUIyRkIwN0M3NkYxNTZERjZDMTBBNDExRUFCOTZFNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPKoLQ96L4mgaIdHiebIwdRg8G
4LoeSe/1AZ8goR053nof77wSObDktibC1TwzRxlmKYxmMyBvNJXEFoGn12811Rm6
qq0sv4NKzWxWSgEa1+8heCSuXTGCFRrCYWbfkm73xmxwcIcLn2HgLLuAgGp5KUY3
WmpQkDXw2Ia5O92h0JTIjNr+dtxAfB4QuCBAJ8op/CCTmHoqd5pFifG5yuZ/CSx1
9YEPH87x66be67T/PaxSDs94+yoTFcor3mO57VE5AkewFjkCVHdd3PNwQlA9OlH+
W4yk5O5hRAAR+j6OKTsmXBbl1SAAxjFemGd8T0bn7IgIv7Dmcm5xW0lYCfZNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuFerEpsvsHx28VbfbBCkEeq5bkQwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzNTMyMmUzODM5MmUzODM4
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzUzNjMzMzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAphZ
WDANBgkqhkiG9w0BAQsFAAOCAQEAM3/4LWHLenJMFABRl4ZRgmsejgEmNggppWja
ah3dv31sg5ST1ntX2STiLyJvG1mbipR2qafEf7NALOkMzEXN3eR2bq5Ei9DFGLIy
bVgCHiw79O9BJhjJj4vXxJaVX/uj17mtSh0vCR/0aeAHNa8jJn04s+Tev5+6HjDC
AJFDqp1K3CWuRRMUQHyIXu7gGObWLMKWjLf5bRbaBS+Qvf1e6AP7hsKBctTHsitf
gpYrGme3V42Y2NGxALrKb3LGCX6RmymPjx99XcicetdHXgRFS+Ky82iEQ8YLfafR
KExU9tATsy4QU8EiiEi39m+Dhq/ipKEvIBFRiOhBgfKvJbNHsQ==
-----END CERTIFICATE-----