Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33332e302f32342d3234203d3e20313336373837.roa
File:                     352e3138332e33332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          bzycmh26dOLX5SPPXOvSOROg5uFAhgzLpdMfrgxtds4=
Subject key identifier:   92:05:6E:45:1F:F6:DF:84:6B:BB:3C:AB:2E:9C:4F:4D:CA:00:FD:FB
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       5A5F8AA2548B8C0941FCDDAB5DE4F7FBE6EA4E1C
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33332e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:38 +0000
ROA not before:           Tue 13 Feb 2024 12:49:38 +0000
ROA not after:            Tue 11 Feb 2025 12:54:38 +0000
asID:                     136787
IP address blocks:        5.183.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 16:15:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:5f:8a:a2:54:8b:8c:09:41:fc:dd:ab:5d:e4:f7:fb:e6:ea:4e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:38 2024 GMT
            Not After : Feb 11 12:54:38 2025 GMT
        Subject: CN=92056E451FF6DF846BBB3CAB2E9C4F4DCA00FDFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ad:3e:3f:69:b8:39:60:21:ef:39:7c:98:cb:
                    01:03:e0:7e:34:9a:11:89:29:b2:7e:22:31:90:b1:
                    5a:d7:e8:db:13:31:7b:f0:3a:e1:0f:85:05:d2:a8:
                    7d:9c:66:25:dd:2f:8e:9d:c8:f8:ff:e2:11:63:53:
                    6d:3d:f9:09:53:49:70:fa:07:6b:46:bb:69:81:52:
                    3d:89:50:ad:17:15:6d:1f:4e:94:e6:0c:e1:da:56:
                    28:3c:c0:68:49:bc:3f:58:e4:d7:13:f7:a2:9a:56:
                    c0:a0:87:24:b4:d7:3e:1a:a8:b1:34:c3:ca:cd:3c:
                    04:08:f1:56:10:e3:a3:4d:30:76:2c:8a:e5:71:6e:
                    60:6c:3c:3b:4d:59:7c:6a:fa:dc:2d:d2:c5:ae:9a:
                    36:ce:44:59:4a:21:2d:61:5a:99:b7:fa:89:c1:67:
                    06:37:d0:55:59:24:86:90:1d:95:5a:ee:e0:3d:50:
                    90:31:ad:7b:66:51:86:4e:15:98:e2:1d:23:79:5d:
                    9d:6f:e7:5e:50:40:f6:64:bc:9a:65:21:ce:84:b1:
                    9e:9f:97:75:2a:d0:86:e0:f4:2d:e8:84:38:0f:2e:
                    94:80:97:97:f6:a3:f9:73:a7:76:c9:54:4f:89:8e:
                    ef:1d:e3:21:ce:14:ca:d4:3a:e6:31:78:dd:9f:b5:
                    87:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:05:6E:45:1F:F6:DF:84:6B:BB:3C:AB:2E:9C:4F:4D:CA:00:FD:FB
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:c8:d2:2a:8b:df:e1:88:56:7b:6c:89:74:f8:2a:7e:78:30:
         b2:6c:d3:3e:a5:8b:bf:a3:6d:45:d8:54:37:c0:ff:85:32:a9:
         cb:a6:9a:34:e4:b8:d4:0d:df:b1:1e:41:49:e7:63:d0:04:ae:
         f0:a0:5c:ee:84:4a:3f:16:03:5c:1f:2c:fe:47:68:bc:78:79:
         93:38:73:70:3a:c5:54:f5:30:90:2f:3a:96:5e:36:8f:bb:fa:
         72:27:af:bc:dc:6e:2c:43:79:de:e4:78:68:c8:34:dd:85:84:
         c9:2f:28:68:74:6a:c1:78:02:b0:c4:22:5d:21:bb:9b:d5:ed:
         5e:01:36:68:ad:85:71:7a:0e:71:85:a5:21:25:8b:07:cd:f1:
         dd:73:db:dc:6b:b7:24:39:2f:bd:d5:41:ff:8f:ae:82:eb:d9:
         52:5f:b5:68:c7:93:15:0e:2c:48:df:cc:65:0d:03:03:3f:8c:
         34:ff:fe:60:3d:cb:97:24:63:8c:e5:e2:89:74:bd:1b:f5:02:
         6b:26:39:b7:c7:8e:c3:73:7a:30:2f:17:e1:e4:ac:b1:c1:16:
         40:a9:d8:d9:ec:78:2f:80:ae:14:da:ba:95:4d:de:25:ba:c0:
         10:28:66:50:29:81:fc:9e:1a:ed:b2:89:b6:1c:6a:79:c5:1c:
         63:53:ee:5f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWl+KolSLjAlB/N2rXeT3++bqThwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MzhaFw0yNTAyMTExMjU0MzhaMDMxMTAvBgNV
BAMTKDkyMDU2RTQ1MUZGNkRGODQ2QkJCM0NBQjJFOUM0RjREQ0EwMEZERkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXrT4/abg5YCHvOXyYywED4H40
mhGJKbJ+IjGQsVrX6NsTMXvwOuEPhQXSqH2cZiXdL46dyPj/4hFjU209+QlTSXD6
B2tGu2mBUj2JUK0XFW0fTpTmDOHaVig8wGhJvD9Y5NcT96KaVsCghyS01z4aqLE0
w8rNPAQI8VYQ46NNMHYsiuVxbmBsPDtNWXxq+twt0sWumjbORFlKIS1hWpm3+onB
ZwY30FVZJIaQHZVa7uA9UJAxrXtmUYZOFZjiHSN5XZ1v515QQPZkvJplIc6EsZ6f
l3Uq0Ibg9C3ohDgPLpSAl5f2o/lzp3bJVE+Jju8d4yHOFMrUOuYxeN2ftYc7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkgVuRR/234RruzyrLpxPTcoA/fswHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzUyZTMxMzgzMzJlMzMzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW3
ITANBgkqhkiG9w0BAQsFAAOCAQEAPsjSKovf4YhWe2yJdPgqfngwsmzTPqWLv6Nt
RdhUN8D/hTKpy6aaNOS41A3fsR5BSedj0ASu8KBc7oRKPxYDXB8s/kdovHh5kzhz
cDrFVPUwkC86ll42j7v6cievvNxuLEN53uR4aMg03YWEyS8oaHRqwXgCsMQiXSG7
m9XtXgE2aK2FcXoOcYWlISWLB83x3XPb3Gu3JDkvvdVB/4+uguvZUl+1aMeTFQ4s
SN/MZQ0DAz+MNP/+YD3LlyRjjOXiiXS9G/UCayY5t8eOw3N6MC8X4eSsscEWQKnY
2ex4L4CuFNq6lU3eJbrAEChmUCmB/J4a7bKJthxqecUcY1PuXw==
-----END CERTIFICATE-----