Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138312e33322e302f32322d3234203d3e20323031333431.roa
File:                     352e3138312e33322e302f32322d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          q1NxIDuE0BqAKrLC40r4t//nrLQbeKTRfZmureOw99U=
Subject key identifier:   BC:8E:CB:F5:80:1A:F8:49:AD:EB:0C:76:9A:6D:01:D5:17:3E:37:54
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       791C3C90D68879E3ADE8A7D54C2506F6E7371300
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138312e33322e302f32322d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:49 +0000
ROA not before:           Mon 26 Feb 2024 08:48:49 +0000
ROA not after:            Mon 24 Feb 2025 08:53:49 +0000
asID:                     201341
IP address blocks:        5.181.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:1c:3c:90:d6:88:79:e3:ad:e8:a7:d5:4c:25:06:f6:e7:37:13:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:49 2024 GMT
            Not After : Feb 24 08:53:49 2025 GMT
        Subject: CN=BC8ECBF5801AF849ADEB0C769A6D01D5173E3754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:8d:e4:e0:83:c2:52:48:96:9d:a9:de:30:f7:
                    0d:e7:72:38:49:bd:5d:a8:3a:8d:c4:7f:1c:a9:16:
                    3b:b4:d3:1d:cf:61:f1:e7:7f:c1:44:cc:09:b3:eb:
                    87:54:35:41:06:a5:64:4e:06:e7:5a:0b:26:62:e2:
                    3c:78:a7:73:d2:8c:1a:7d:9b:fd:46:49:9c:3e:8c:
                    23:d3:83:66:53:f5:b4:31:21:b6:02:ef:03:e8:01:
                    48:d0:5a:b7:eb:74:8a:8c:95:d4:e7:49:ef:50:55:
                    f8:5b:e5:d2:ac:bb:0b:17:ef:82:16:97:4d:8b:39:
                    c7:0a:13:a8:e9:74:13:eb:4a:7c:a4:30:cf:58:cf:
                    3d:63:4a:b9:37:84:a7:57:b3:08:75:37:3c:4a:75:
                    c3:09:0a:e9:fc:9e:80:20:09:be:80:47:52:17:f1:
                    62:88:62:2f:4b:31:91:89:d0:68:76:b7:49:f2:bd:
                    57:63:4f:33:b5:fc:74:bd:0b:36:3a:05:b4:20:2f:
                    18:ee:12:3a:c8:59:02:d5:da:17:fb:33:13:0e:1d:
                    03:34:2d:d0:7a:2b:17:02:02:34:88:ed:fe:d6:80:
                    bc:dd:cf:73:ad:a9:1c:93:e5:43:44:e9:19:a0:ee:
                    50:0b:17:93:bd:eb:86:a0:56:2d:cc:cb:c1:40:88:
                    02:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8E:CB:F5:80:1A:F8:49:AD:EB:0C:76:9A:6D:01:D5:17:3E:37:54
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138312e33322e302f32322d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:82:40:21:48:cd:b1:55:dc:94:5a:b7:53:5a:d7:91:1c:0e:
         57:dc:04:1b:49:76:9a:6c:f1:34:f6:c9:e4:45:d7:d3:62:92:
         29:26:de:f5:1b:2f:56:7b:96:a5:b6:30:a7:30:c1:17:9c:aa:
         1e:78:43:ab:7d:7b:81:43:4e:5a:d5:c0:27:ce:f9:00:5e:06:
         27:7d:29:a2:17:a6:47:d2:32:cc:21:a4:d2:c7:d5:17:89:4e:
         3b:75:5f:53:02:6b:61:86:2c:46:01:59:01:49:5d:df:40:a2:
         dc:44:6c:b4:a5:5a:15:aa:2d:16:de:e5:4a:f2:4a:13:d5:db:
         d8:99:b6:56:c9:11:07:79:53:7c:9f:be:c8:a3:bd:33:04:b5:
         77:20:27:90:1f:e8:81:c4:8b:8e:17:07:67:38:5a:bb:4c:5f:
         0c:dd:2f:1e:6b:ea:44:05:e5:0b:6e:8c:05:ed:1c:ed:75:ea:
         ac:91:82:8d:db:11:12:e3:de:8e:62:27:8c:2f:5f:b8:ae:19:
         29:08:e0:87:4b:34:e6:c2:b2:95:ad:c6:d2:55:8c:fc:67:c3:
         df:8d:2e:2c:a9:84:4a:62:ca:6f:c2:45:d2:a9:ff:55:b7:29:
         93:ce:51:cd:36:43:0f:d4:72:92:47:9f:6c:90:81:f7:0d:ae:
         d6:ad:5a:19
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeRw8kNaIeeOt6KfVTCUG9uc3EwAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDlaFw0yNTAyMjQwODUzNDlaMDMxMTAvBgNV
BAMTKEJDOEVDQkY1ODAxQUY4NDlBREVCMEM3NjlBNkQwMUQ1MTczRTM3NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjjeTgg8JSSJadqd4w9w3ncjhJ
vV2oOo3EfxypFju00x3PYfHnf8FEzAmz64dUNUEGpWROBudaCyZi4jx4p3PSjBp9
m/1GSZw+jCPTg2ZT9bQxIbYC7wPoAUjQWrfrdIqMldTnSe9QVfhb5dKsuwsX74IW
l02LOccKE6jpdBPrSnykMM9Yzz1jSrk3hKdXswh1NzxKdcMJCun8noAgCb6AR1IX
8WKIYi9LMZGJ0Gh2t0nyvVdjTzO1/HS9CzY6BbQgLxjuEjrIWQLV2hf7MxMOHQM0
LdB6KxcCAjSI7f7WgLzdz3OtqRyT5UNE6Rmg7lALF5O964agVi3My8FAiAI5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvI7L9YAa+Emt6wx2mm0B1Rc+N1QwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzUyZTMxMzgzMTJlMzMzMjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgW1
IDANBgkqhkiG9w0BAQsFAAOCAQEAr4JAIUjNsVXclFq3U1rXkRwOV9wEG0l2mmzx
NPbJ5EXX02KSKSbe9RsvVnuWpbYwpzDBF5yqHnhDq317gUNOWtXAJ875AF4GJ30p
ohemR9IyzCGk0sfVF4lOO3VfUwJrYYYsRgFZAUld30Ci3ERstKVaFaotFt7lSvJK
E9Xb2Jm2VskRB3lTfJ++yKO9MwS1dyAnkB/ogcSLjhcHZzhau0xfDN0vHmvqRAXl
C26MBe0c7XXqrJGCjdsREuPejmInjC9fuK4ZKQjgh0s05sKyla3G0lWM/GfD340u
LKmESmLKb8JF0qn/Vbcpk85RzTZDD9RykkefbJCB9w2u1q1aGQ==
-----END CERTIFICATE-----