Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e352e302f32342d3234203d3e203437353833.roa
File:                     3231332e3139302e352e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          wc3aZjPb6/8ohHcSahZdikxk83SwK6pO0vA9aBPUmrQ=
Subject key identifier:   6A:FF:19:35:55:29:8D:87:8C:60:F7:5D:C2:51:64:4E:8D:B2:9C:8E
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       5C3BDF1B936A2FB69B353E0A6A8E6F33F554698A
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e352e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:48 +0000
ROA not before:           Mon 26 Feb 2024 08:48:48 +0000
ROA not after:            Mon 24 Feb 2025 08:53:48 +0000
asID:                     47583
IP address blocks:        213.190.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:3b:df:1b:93:6a:2f:b6:9b:35:3e:0a:6a:8e:6f:33:f5:54:69:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:48 2024 GMT
            Not After : Feb 24 08:53:48 2025 GMT
        Subject: CN=6AFF193555298D878C60F75DC251644E8DB29C8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:9e:5e:36:b9:81:25:27:94:79:3c:60:65:be:
                    9c:17:fa:5d:cf:a3:47:7c:b4:b0:e1:39:09:e1:44:
                    60:07:60:2a:86:53:41:f2:22:16:3d:bd:ff:d9:7b:
                    fb:55:6d:0c:0f:4f:16:2f:fa:2f:4e:23:e5:16:10:
                    90:0a:1b:39:1a:99:32:05:7b:0e:8f:c9:ca:e3:c5:
                    d1:09:f2:91:e5:eb:71:e5:58:24:b1:b0:91:53:b7:
                    50:86:57:a7:7c:a8:1f:f9:43:2f:af:c6:92:51:69:
                    92:f2:d6:e5:6c:06:59:d9:b5:df:ee:b2:0f:64:68:
                    16:9c:5c:5c:15:f7:b7:67:09:74:21:06:48:3d:d3:
                    0a:43:1f:f3:ef:1e:5c:e2:53:6b:7b:c5:e1:79:56:
                    bb:a4:12:57:8e:50:50:78:a6:0f:d1:fc:17:92:6e:
                    83:68:86:5a:9b:61:5e:e5:a7:6d:ba:db:5b:81:0b:
                    fd:0c:9b:64:0f:1f:27:91:02:13:e0:36:f3:1b:0b:
                    1e:1c:cb:7a:d9:14:4b:97:1f:44:61:26:38:35:1d:
                    13:aa:67:42:d0:50:81:7a:09:fa:40:5b:3e:b1:e3:
                    d9:20:8c:55:40:d8:c9:81:54:af:5d:66:a6:15:ef:
                    03:98:3b:2e:57:f4:a0:51:7a:a7:9a:d2:64:fd:19:
                    8f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FF:19:35:55:29:8D:87:8C:60:F7:5D:C2:51:64:4E:8D:B2:9C:8E
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e352e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:10:96:ee:db:13:d6:1e:d8:60:9c:fa:a8:bf:39:4a:a8:cb:
         1c:92:ed:7d:54:7c:89:56:f3:f6:dc:8a:3b:e2:88:d5:09:95:
         10:23:75:3a:fe:1c:34:e8:6d:78:a6:63:ad:70:2d:c9:a2:db:
         0f:58:3e:c9:eb:cf:87:c9:3c:d5:aa:b5:b9:b9:ca:e7:bf:b9:
         68:e1:a5:70:79:de:c0:a8:a3:83:c1:c8:b9:23:ed:5e:1f:40:
         91:bb:d3:4b:64:3d:7d:42:b9:53:cd:d7:48:f9:cf:5b:ff:71:
         43:d3:9e:46:94:81:13:21:a4:a2:86:bb:13:24:ba:6b:66:7b:
         d0:a0:84:62:5a:55:75:09:6f:f6:2a:5e:c7:e7:e2:84:77:9d:
         13:dc:34:ae:15:46:84:cb:73:ee:a2:fd:20:4d:7b:84:eb:af:
         3a:dc:ec:30:2f:f0:ae:d4:3c:48:ad:e5:49:aa:21:8d:99:c5:
         b9:7e:c1:35:64:cb:dd:ea:a3:8d:63:5c:4a:33:1b:c4:f4:7e:
         26:79:53:f7:af:71:0a:31:b7:75:3b:9a:90:ad:ff:5c:7b:80:
         69:68:5f:dc:81:1b:59:c9:54:4e:3b:d2:d2:07:8d:52:ad:29:
         99:98:55:41:e5:81:ba:7c:46:e9:6c:f6:b3:6a:c6:00:41:c0:
         40:55:af:39
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXDvfG5NqL7abNT4Kao5vM/VUaYowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDhaFw0yNTAyMjQwODUzNDhaMDMxMTAvBgNV
BAMTKDZBRkYxOTM1NTUyOThEODc4QzYwRjc1REMyNTE2NDRFOERCMjlDOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjnl42uYElJ5R5PGBlvpwX+l3P
o0d8tLDhOQnhRGAHYCqGU0HyIhY9vf/Ze/tVbQwPTxYv+i9OI+UWEJAKGzkamTIF
ew6PycrjxdEJ8pHl63HlWCSxsJFTt1CGV6d8qB/5Qy+vxpJRaZLy1uVsBlnZtd/u
sg9kaBacXFwV97dnCXQhBkg90wpDH/PvHlziU2t7xeF5VrukEleOUFB4pg/R/BeS
boNohlqbYV7lp22621uBC/0Mm2QPHyeRAhPgNvMbCx4cy3rZFEuXH0RhJjg1HROq
Z0LQUIF6CfpAWz6x49kgjFVA2MmBVK9dZqYV7wOYOy5X9KBReqea0mT9GY/FAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUav8ZNVUpjYeMYPddwlFkTo2ynI4wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzIzMTMzMmUzMTM5MzAyZTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANW+
BTANBgkqhkiG9w0BAQsFAAOCAQEAfBCW7tsT1h7YYJz6qL85SqjLHJLtfVR8iVbz
9tyKO+KI1QmVECN1Ov4cNOhteKZjrXAtyaLbD1g+yevPh8k81aq1ubnK57+5aOGl
cHnewKijg8HIuSPtXh9AkbvTS2Q9fUK5U83XSPnPW/9xQ9OeRpSBEyGkooa7EyS6
a2Z70KCEYlpVdQlv9ipex+fihHedE9w0rhVGhMtz7qL9IE17hOuvOtzsMC/wrtQ8
SK3lSaohjZnFuX7BNWTL3eqjjWNcSjMbxPR+JnlT969xCjG3dTuakK3/XHuAaWhf
3IEbWclUTjvS0geNUq0pmZhVQeWBunxG6Wz2s2rGAEHAQFWvOQ==
-----END CERTIFICATE-----