Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33322e302f32342d3234203d3e20313336373837.roa
File:                     352e3138332e33322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          3t+i8c/uRwcphgOObn/9ZEIhF67KonXmK60hcGdJixE=
Subject key identifier:   B0:0C:E4:0E:D0:77:11:D1:67:D7:B5:A0:A7:3B:3B:0F:2D:A2:64:C0
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       455EE1808117CA87A1B672C16D3E10AB3EA4CE56
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33322e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:36 +0000
ROA not before:           Tue 13 Feb 2024 12:49:36 +0000
ROA not after:            Tue 11 Feb 2025 12:54:36 +0000
asID:                     136787
IP address blocks:        5.183.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:5e:e1:80:81:17:ca:87:a1:b6:72:c1:6d:3e:10:ab:3e:a4:ce:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:36 2024 GMT
            Not After : Feb 11 12:54:36 2025 GMT
        Subject: CN=B00CE40ED07711D167D7B5A0A73B3B0F2DA264C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:a0:24:39:d2:31:3f:b1:7d:b2:d9:6a:e6:f8:
                    d8:a8:26:df:a7:f5:08:8d:eb:5d:2e:b1:f4:ed:ed:
                    a4:15:0b:aa:36:d1:56:93:95:28:e1:b0:bb:95:dc:
                    4f:88:67:89:57:33:28:4e:f5:41:b6:c7:2e:32:66:
                    03:fb:cf:c5:ad:05:7b:7f:93:78:21:01:ac:e0:6e:
                    60:8b:0f:67:7c:2e:96:37:48:94:02:3a:5a:fb:f8:
                    8f:79:56:e0:88:cc:73:80:6d:7c:21:db:2b:dd:94:
                    06:b9:05:ba:9f:dd:64:05:54:12:26:40:d0:24:20:
                    3c:22:b0:04:94:85:b6:1d:5b:6f:d0:74:a0:ad:74:
                    99:06:e7:5c:31:a3:a8:fd:75:61:0b:9f:7b:df:2d:
                    52:dc:b3:7d:46:66:a1:59:79:a5:ad:3f:f6:6a:9e:
                    81:3d:4e:6e:2a:0c:1a:65:44:59:ac:72:af:0d:03:
                    6b:f5:41:0d:d1:31:8b:0d:6b:ad:7a:27:31:6b:2c:
                    56:cd:fa:04:79:5c:82:25:a3:9c:c7:f9:78:34:2d:
                    60:20:d2:37:11:8e:12:e8:5f:b0:31:1c:28:ad:82:
                    92:19:d6:99:74:8e:21:57:a4:07:a7:b9:ae:b3:2d:
                    6a:88:0c:e9:88:b5:c9:92:44:02:8c:f2:27:b2:c5:
                    e0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0C:E4:0E:D0:77:11:D1:67:D7:B5:A0:A7:3B:3B:0F:2D:A2:64:C0
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:aa:b3:ce:9b:41:87:1a:fb:1a:9f:ce:1a:76:28:8e:dc:df:
         f7:4a:9c:13:1e:b5:ba:bf:ed:67:48:20:8e:33:11:fe:86:17:
         8a:0c:e0:b2:c2:12:d7:f0:9c:60:e4:1b:97:48:66:c8:61:3b:
         6f:7f:6c:04:62:14:8c:05:6c:8e:ef:ec:b2:ce:75:2f:3c:71:
         5f:66:69:97:ce:38:c6:ad:1b:77:49:46:0a:0e:b4:4f:e0:32:
         50:9f:e8:24:d0:f3:b7:62:3c:48:39:ef:33:94:49:13:cd:f0:
         fe:b7:b1:e7:3e:08:73:03:bb:7c:29:1f:d4:75:42:57:d5:c7:
         47:54:d9:90:5b:bf:bf:bd:24:60:2b:1e:26:30:48:02:be:f1:
         f6:19:60:08:2e:f0:86:35:d9:f0:27:77:4a:a0:f0:4e:36:7d:
         a8:a5:1c:46:34:5a:c9:05:c1:6d:28:93:26:ab:2c:b4:cc:58:
         f8:7b:a6:67:29:b7:a8:c4:b5:d5:47:00:0c:e6:72:bc:a8:4f:
         f0:b0:bb:55:0b:3f:e9:23:0a:4c:63:be:d4:47:3f:35:4d:46:
         69:c4:be:92:64:7d:55:1d:5f:f8:61:27:43:75:3f:89:1e:aa:
         a5:e7:a5:17:3a:bf:96:69:66:9e:70:19:2c:d4:ff:09:59:d0:
         1b:1e:f4:c8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURV7hgIEXyoehtnLBbT4Qqz6kzlYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MzZaFw0yNTAyMTExMjU0MzZaMDMxMTAvBgNV
BAMTKEIwMENFNDBFRDA3NzExRDE2N0Q3QjVBMEE3M0IzQjBGMkRBMjY0QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvoCQ50jE/sX2y2Wrm+NioJt+n
9QiN610usfTt7aQVC6o20VaTlSjhsLuV3E+IZ4lXMyhO9UG2xy4yZgP7z8WtBXt/
k3ghAazgbmCLD2d8LpY3SJQCOlr7+I95VuCIzHOAbXwh2yvdlAa5Bbqf3WQFVBIm
QNAkIDwisASUhbYdW2/QdKCtdJkG51wxo6j9dWELn3vfLVLcs31GZqFZeaWtP/Zq
noE9Tm4qDBplRFmscq8NA2v1QQ3RMYsNa616JzFrLFbN+gR5XIIlo5zH+Xg0LWAg
0jcRjhLoX7AxHCitgpIZ1pl0jiFXpAenua6zLWqIDOmItcmSRAKM8ieyxeCTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUsAzkDtB3EdFn17Wgpzs7Dy2iZMAwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzUyZTMxMzgzMzJlMzMzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW3
IDANBgkqhkiG9w0BAQsFAAOCAQEAd6qzzptBhxr7Gp/OGnYojtzf90qcEx61ur/t
Z0ggjjMR/oYXigzgssIS1/CcYOQbl0hmyGE7b39sBGIUjAVsju/sss51LzxxX2Zp
l844xq0bd0lGCg60T+AyUJ/oJNDzt2I8SDnvM5RJE83w/rex5z4IcwO7fCkf1HVC
V9XHR1TZkFu/v70kYCseJjBIAr7x9hlgCC7whjXZ8Cd3SqDwTjZ9qKUcRjRayQXB
bSiTJqsstMxY+HumZym3qMS11UcADOZyvKhP8LC7VQs/6SMKTGO+1Ec/NU1GacS+
kmR9VR1f+GEnQ3U/iR6qpeelFzq/lmlmnnAZLNT/CVnQGx70yA==
-----END CERTIFICATE-----