Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33352e302f32342d3234203d3e20313336373837.roa
File:                     352e3138332e33352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          PIzAY8LlzX3YnYxyMPAQr6yT7+ymbNLU0FvRKHJVLIk=
Subject key identifier:   08:95:FA:01:9F:B9:35:D4:6E:24:B6:FE:CD:AC:6A:AD:71:12:CD:8F
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       6DAAB0FCC797C583AB94B3BE745C86D1FEA6C2FC
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33352e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:41 +0000
ROA not before:           Tue 13 Feb 2024 12:49:41 +0000
ROA not after:            Tue 11 Feb 2025 12:54:41 +0000
asID:                     136787
IP address blocks:        5.183.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:aa:b0:fc:c7:97:c5:83:ab:94:b3:be:74:5c:86:d1:fe:a6:c2:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:41 2024 GMT
            Not After : Feb 11 12:54:41 2025 GMT
        Subject: CN=0895FA019FB935D46E24B6FECDAC6AAD7112CD8F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7f:36:79:77:50:6c:90:4b:7f:fc:10:8a:49:
                    84:6b:88:48:0d:46:1a:fb:39:ed:28:06:95:37:37:
                    97:3f:3a:f0:cf:99:31:bb:00:91:e1:9b:92:39:1f:
                    84:33:01:cd:79:f5:78:d6:09:0c:9d:4b:c9:89:60:
                    89:d0:9b:41:85:e8:f3:3a:6b:20:7f:84:88:fa:34:
                    bb:7a:0f:c1:c5:06:d1:2a:95:2a:04:44:0d:32:bc:
                    8c:42:0b:0e:47:7d:17:b2:76:8f:08:6e:ac:27:0b:
                    79:ae:fe:3e:74:bf:44:bf:1a:55:0e:db:43:74:0e:
                    8d:54:83:73:e0:02:e4:05:8e:28:7d:72:34:d7:2e:
                    0e:ef:b2:c6:ab:ef:07:c4:73:7e:a3:49:03:26:e2:
                    ae:72:75:1a:0b:59:e5:07:2f:52:a4:6b:4e:47:ef:
                    e0:d4:3a:83:8c:53:f9:7c:65:b6:8b:23:ae:c7:b1:
                    f5:08:7b:bb:66:f6:93:fb:2e:a0:8b:fa:87:95:27:
                    80:cb:7e:5d:da:28:50:89:7d:9f:4e:e3:f0:65:14:
                    cb:fd:bd:a9:7f:03:73:bc:a9:42:30:db:ec:19:58:
                    2f:46:aa:16:8f:06:fa:ab:d7:f7:69:ff:8d:36:b1:
                    6a:98:9e:01:4e:97:81:43:70:c2:91:db:3e:70:a5:
                    0f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:95:FA:01:9F:B9:35:D4:6E:24:B6:FE:CD:AC:6A:AD:71:12:CD:8F
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/352e3138332e33352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:1b:a8:e5:25:f3:17:c2:81:b3:31:29:66:cf:ff:b8:8e:bc:
         04:a1:b3:90:8d:0d:ac:e2:c6:dc:09:72:5a:cf:9c:5b:4a:c6:
         06:7d:d7:eb:f2:9d:36:00:9c:9b:e1:5a:f7:30:64:8f:ee:2c:
         6b:d2:97:5d:d6:69:b7:00:0c:53:66:11:c4:8e:6b:65:a3:db:
         3d:de:24:cf:e0:13:35:b7:cf:31:59:78:91:64:59:6b:0e:46:
         12:38:ac:92:55:8c:67:8f:7e:f3:52:a6:39:d4:08:e9:cc:42:
         c2:fe:92:c0:c0:f3:2d:73:6a:2e:0e:c2:04:27:91:08:98:c8:
         c1:11:99:e5:4c:b9:ff:14:1a:e4:a3:d1:ca:e4:3c:78:17:80:
         f3:10:10:90:01:05:11:c9:9c:6d:3b:80:2f:2a:52:29:59:2b:
         e2:71:7d:2c:d4:53:fa:91:74:ff:82:76:b1:af:15:84:81:a7:
         6a:eb:1e:a3:db:b7:02:14:54:d0:28:97:4b:5a:bf:17:56:19:
         5f:6a:7e:dc:e3:cf:19:42:08:84:00:32:f3:e6:66:10:c5:49:
         19:30:c9:33:f2:90:47:b0:d4:35:1d:4a:57:56:a8:a2:9e:42:
         e1:5a:e4:15:7f:fb:ff:e8:6f:90:ac:28:c0:36:17:97:4d:36:
         07:9f:77:53
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbaqw/MeXxYOrlLO+dFyG0f6mwvwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5NDFaFw0yNTAyMTExMjU0NDFaMDMxMTAvBgNV
BAMTKDA4OTVGQTAxOUZCOTM1RDQ2RTI0QjZGRUNEQUM2QUFENzExMkNEOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxfzZ5d1BskEt//BCKSYRriEgN
Rhr7Oe0oBpU3N5c/OvDPmTG7AJHhm5I5H4QzAc159XjWCQydS8mJYInQm0GF6PM6
ayB/hIj6NLt6D8HFBtEqlSoERA0yvIxCCw5HfReydo8IbqwnC3mu/j50v0S/GlUO
20N0Do1Ug3PgAuQFjih9cjTXLg7vssar7wfEc36jSQMm4q5ydRoLWeUHL1Kka05H
7+DUOoOMU/l8ZbaLI67HsfUIe7tm9pP7LqCL+oeVJ4DLfl3aKFCJfZ9O4/BlFMv9
val/A3O8qUIw2+wZWC9GqhaPBvqr1/dp/402sWqYngFOl4FDcMKR2z5wpQ+jAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCJX6AZ+5NdRuJLb+zaxqrXESzY8wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzUyZTMxMzgzMzJlMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW3
IzANBgkqhkiG9w0BAQsFAAOCAQEANBuo5SXzF8KBszEpZs//uI68BKGzkI0NrOLG
3AlyWs+cW0rGBn3X6/KdNgCcm+Fa9zBkj+4sa9KXXdZptwAMU2YRxI5rZaPbPd4k
z+ATNbfPMVl4kWRZaw5GEjisklWMZ49+81KmOdQI6cxCwv6SwMDzLXNqLg7CBCeR
CJjIwRGZ5Uy5/xQa5KPRyuQ8eBeA8xAQkAEFEcmcbTuALypSKVkr4nF9LNRT+pF0
/4J2sa8VhIGnauseo9u3AhRU0CiXS1q/F1YZX2p+3OPPGUIIhAAy8+ZmEMVJGTDJ
M/KQR7DUNR1KV1aoop5C4VrkFX/7/+hvkKwowDYXl002B593Uw==
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:59:03 2024 by rpki-client on console-ams.rpki-client.org