Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33342e302f32342d3234203d3e20313336373837.roa
File:                     352e3138332e33342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          CD2jPaM18t+Gwck8IO3GuXmw/sq4vd1bgZwC2eWz21g=
Subject key identifier:   A8:7E:C6:1C:02:5A:58:4C:51:26:58:39:15:04:7C:89:10:05:58:C6
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       45F8EB9620C9B1891267BFBBFA53FAA9524CB01E
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33342e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:39 +0000
ROA not before:           Tue 13 Feb 2024 12:49:39 +0000
ROA not after:            Tue 11 Feb 2025 12:54:39 +0000
asID:                     136787
IP address blocks:        5.183.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:f8:eb:96:20:c9:b1:89:12:67:bf:bb:fa:53:fa:a9:52:4c:b0:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:39 2024 GMT
            Not After : Feb 11 12:54:39 2025 GMT
        Subject: CN=A87EC61C025A584C5126583915047C89100558C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:82:38:90:b4:5f:c9:38:88:1e:e8:35:42:75:
                    88:61:ed:52:b2:bb:35:0f:80:54:1a:d3:6f:9c:70:
                    f1:7a:5f:ba:7e:77:c9:62:80:5b:df:60:c0:54:26:
                    3f:b1:b8:50:80:8c:97:73:08:11:fd:50:7e:96:19:
                    e5:3c:6a:9e:9f:57:a9:59:37:54:6e:8e:6d:45:65:
                    05:51:71:d1:4b:75:61:16:4d:6f:d6:b4:d4:19:dd:
                    c1:7b:61:38:d0:1d:b9:88:0c:cf:e6:c2:9e:2c:1e:
                    14:8c:b8:96:bb:5b:94:3b:f7:44:37:59:2e:28:1c:
                    50:f2:97:e7:32:e7:88:68:21:1e:e2:ab:e8:24:1b:
                    b4:05:34:0e:b2:39:0e:e6:89:0d:f9:81:40:ec:77:
                    7d:9b:30:ea:0e:77:da:76:67:23:82:db:25:8f:54:
                    92:80:e9:d2:e7:67:82:1a:bb:64:c9:cf:e8:77:17:
                    90:b3:3d:c7:4a:a6:72:b6:8e:f6:34:af:d9:ec:fb:
                    d7:27:51:08:f9:b7:94:fd:03:d4:f4:51:84:84:a1:
                    f1:dc:2a:2f:af:7d:5c:de:37:4c:38:ff:17:0d:9a:
                    57:41:5e:1c:f4:80:6f:75:92:a5:6c:1f:3e:ea:f8:
                    d9:30:75:69:ac:de:a2:f6:01:b7:58:15:9d:cb:56:
                    0f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:7E:C6:1C:02:5A:58:4C:51:26:58:39:15:04:7C:89:10:05:58:C6
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:91:46:2f:71:3e:8b:f8:58:8c:10:ee:69:c4:d6:77:93:7c:
         1e:9a:07:24:74:a6:4b:5f:b3:84:2d:8c:6c:b5:f4:98:88:d8:
         08:28:ec:b3:93:8c:da:59:cc:e0:bd:58:85:04:7c:3b:07:68:
         59:39:51:13:99:3c:8a:47:a5:49:84:aa:01:be:41:92:95:8d:
         a6:48:2a:d6:38:61:f6:d2:b6:79:8b:49:5a:74:53:65:50:63:
         56:91:0f:4c:bf:88:5a:2e:af:fa:46:ba:2d:a0:c3:5c:c3:f2:
         87:0d:db:88:07:ce:a3:55:21:51:0f:56:5c:4e:15:fd:82:50:
         51:98:b4:ae:5f:60:d0:cc:c6:38:47:f5:33:11:82:7c:b6:1d:
         40:ee:82:d1:18:1c:03:48:aa:d0:c1:fa:43:31:9f:07:e2:a5:
         83:00:2e:b0:76:87:ee:37:6b:79:30:c4:31:38:6e:22:01:d1:
         2b:35:e9:52:4c:b8:c3:7f:b9:cc:36:f1:e2:77:6f:a2:7f:ce:
         67:c3:aa:3f:db:fc:09:f4:ac:0b:4a:e9:0d:5d:ad:a8:3f:b1:
         78:6b:63:f5:ad:f4:f0:22:f9:13:bc:e0:ef:ad:9c:08:f5:48:
         9e:4f:78:b9:9d:73:f7:37:ca:96:81:48:78:84:96:e3:b7:dd:
         cb:2c:f4:50
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURfjrliDJsYkSZ7+7+lP6qVJMsB4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MzlaFw0yNTAyMTExMjU0MzlaMDMxMTAvBgNV
BAMTKEE4N0VDNjFDMDI1QTU4NEM1MTI2NTgzOTE1MDQ3Qzg5MTAwNTU4QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfgjiQtF/JOIge6DVCdYhh7VKy
uzUPgFQa02+ccPF6X7p+d8ligFvfYMBUJj+xuFCAjJdzCBH9UH6WGeU8ap6fV6lZ
N1Rujm1FZQVRcdFLdWEWTW/WtNQZ3cF7YTjQHbmIDM/mwp4sHhSMuJa7W5Q790Q3
WS4oHFDyl+cy54hoIR7iq+gkG7QFNA6yOQ7miQ35gUDsd32bMOoOd9p2ZyOC2yWP
VJKA6dLnZ4Iau2TJz+h3F5CzPcdKpnK2jvY0r9ns+9cnUQj5t5T9A9T0UYSEofHc
Ki+vfVzeN0w4/xcNmldBXhz0gG91kqVsHz7q+NkwdWms3qL2AbdYFZ3LVg+ZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqH7GHAJaWExRJlg5FQR8iRAFWMYwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzUyZTMxMzgzMzJlMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW3
IjANBgkqhkiG9w0BAQsFAAOCAQEAE5FGL3E+i/hYjBDuacTWd5N8HpoHJHSmS1+z
hC2MbLX0mIjYCCjss5OM2lnM4L1YhQR8OwdoWTlRE5k8ikelSYSqAb5BkpWNpkgq
1jhh9tK2eYtJWnRTZVBjVpEPTL+IWi6v+ka6LaDDXMPyhw3biAfOo1UhUQ9WXE4V
/YJQUZi0rl9g0MzGOEf1MxGCfLYdQO6C0RgcA0iq0MH6QzGfB+KlgwAusHaH7jdr
eTDEMThuIgHRKzXpUky4w3+5zDbx4ndvon/OZ8OqP9v8CfSsC0rpDV2tqD+xeGtj
9a308CL5E7zg762cCPVInk94uZ1z9zfKloFIeISW47fdyyz0UA==
-----END CERTIFICATE-----