Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137382e302f32342d3234203d3e20383334.roa
File:                     352e3138312e3137382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          JHL4+bzFvsz7wZ0YFVTcboj0UoktvZ0HlQOCtSgBlww=
Subject key identifier:   EB:E5:0C:F7:16:BD:4A:F6:3B:37:76:FE:F9:0C:D0:D8:82:A6:93:A5
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       3F82191599A0B1B222D3915B6584971A9300D526
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137382e302f32342d3234203d3e20383334.roa
Signing time:             Sun 30 Jun 2024 00:02:07 +0000
ROA not before:           Sat 29 Jun 2024 23:57:07 +0000
ROA not after:            Sun 29 Jun 2025 00:02:07 +0000
asID:                     834
IP address blocks:        5.181.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:82:19:15:99:a0:b1:b2:22:d3:91:5b:65:84:97:1a:93:00:d5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 29 23:57:07 2024 GMT
            Not After : Jun 29 00:02:07 2025 GMT
        Subject: CN=EBE50CF716BD4AF63B3776FEF90CD0D882A693A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:34:8a:17:4c:7c:e8:c9:f6:76:2e:fa:b0:80:
                    ef:ed:26:d0:86:2a:ce:f5:c9:ec:dd:4b:54:3d:b8:
                    cb:05:a4:90:aa:f0:1d:ef:bd:92:57:2e:ea:0b:16:
                    7a:6e:fb:4f:96:ec:bc:38:9d:90:40:63:02:27:0c:
                    2b:a1:bb:3a:2d:a7:16:ab:f8:25:d4:81:a1:ba:d2:
                    20:71:d0:8e:b0:70:0b:0b:ec:cf:16:7a:d8:9f:e7:
                    87:25:3c:3a:91:f5:64:b6:db:ed:6d:aa:2b:bf:45:
                    3c:c3:ec:97:09:3d:cc:2b:5e:90:21:31:f9:89:2f:
                    71:71:f7:8c:f2:1c:ae:04:6e:0d:b5:36:7e:5b:f6:
                    5d:17:c6:5f:57:ea:2d:55:7e:64:7b:32:c3:9e:e3:
                    7a:c8:43:2d:65:6b:6e:f2:ec:79:44:56:6b:04:3a:
                    ed:af:93:54:ed:01:f9:6e:7d:70:ef:88:33:ff:d8:
                    ad:e6:36:f5:4a:6f:79:9c:f6:9a:84:75:36:67:35:
                    3f:41:cf:28:78:72:fa:e1:7a:a8:d1:2b:7d:db:86:
                    bd:af:10:c5:88:1c:97:12:aa:de:43:9d:50:43:19:
                    52:9b:91:3c:ba:6f:94:24:03:a4:6f:07:35:bc:b3:
                    49:6b:f9:2c:41:cb:7d:ee:67:d4:9b:36:3c:23:08:
                    9a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:E5:0C:F7:16:BD:4A:F6:3B:37:76:FE:F9:0C:D0:D8:82:A6:93:A5
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/352e3138312e3137382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:00:99:75:8b:41:1b:7c:58:bd:8d:f0:a6:65:28:cd:38:27:
         4d:24:23:36:49:48:d9:7e:3b:f8:15:1c:ba:b3:d2:f2:8c:68:
         32:8c:1d:67:30:6b:95:0f:b9:54:12:a4:dd:c8:c5:68:98:37:
         a4:d4:a1:41:dc:7f:90:2e:11:d6:5f:53:ae:c7:4d:cf:b7:8a:
         aa:9e:d8:d2:c5:40:dc:60:7e:d2:a5:78:17:6d:13:c2:87:9f:
         77:5f:d1:82:4d:db:9e:cd:e6:25:3d:1d:0c:e1:24:f2:51:24:
         36:76:d1:a5:76:01:23:dd:22:44:2f:c1:20:08:ef:80:1e:0b:
         e6:f3:80:82:e7:92:f6:04:01:03:03:eb:c7:63:0d:98:f7:d9:
         c0:bd:b3:ae:88:a7:1b:3b:08:5b:f7:fc:67:57:ae:c3:91:6d:
         5f:00:67:58:b2:a3:e1:18:83:14:a3:20:f1:dc:1b:1c:f4:53:
         ef:c5:f1:e0:f3:47:a2:3b:8a:9c:79:39:75:04:00:4e:e1:b5:
         76:ba:00:14:10:f1:de:79:90:bc:6b:1e:cf:f6:0c:14:bd:95:
         f6:88:61:e9:55:46:b7:f4:54:9f:43:a8:ba:75:ae:be:ea:3f:
         61:98:e1:e2:91:32:0e:9e:10:c9:fc:11:62:d5:b5:7b:1b:97:
         6a:3e:93:6c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUP4IZFZmgsbIi05FbZYSXGpMA1SYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA2MjkyMzU3MDdaFw0yNTA2MjkwMDAyMDdaMDMxMTAvBgNV
BAMTKEVCRTUwQ0Y3MTZCRDRBRjYzQjM3NzZGRUY5MENEMEQ4ODJBNjkzQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjNIoXTHzoyfZ2LvqwgO/tJtCG
Ks71yezdS1Q9uMsFpJCq8B3vvZJXLuoLFnpu+0+W7Lw4nZBAYwInDCuhuzotpxar
+CXUgaG60iBx0I6wcAsL7M8Wetif54clPDqR9WS22+1tqiu/RTzD7JcJPcwrXpAh
MfmJL3Fx94zyHK4Ebg21Nn5b9l0Xxl9X6i1VfmR7MsOe43rIQy1la27y7HlEVmsE
Ou2vk1TtAflufXDviDP/2K3mNvVKb3mc9pqEdTZnNT9Bzyh4cvrheqjRK33bhr2v
EMWIHJcSqt5DnVBDGVKbkTy6b5QkA6RvBzW8s0lr+SxBy33uZ9SbNjwjCJqnAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU6+UM9xa9SvY7N3b++QzQ2IKmk6UwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzUyZTMxMzgzMTJlMzEzNzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWyMA0G
CSqGSIb3DQEBCwUAA4IBAQBdAJl1i0EbfFi9jfCmZSjNOCdNJCM2SUjZfjv4FRy6
s9LyjGgyjB1nMGuVD7lUEqTdyMVomDek1KFB3H+QLhHWX1Oux03Pt4qqntjSxUDc
YH7SpXgXbRPCh593X9GCTduezeYlPR0M4STyUSQ2dtGldgEj3SJEL8EgCO+AHgvm
84CC55L2BAEDA+vHYw2Y99nAvbOuiKcbOwhb9/xnV67DkW1fAGdYsqPhGIMUoyDx
3Bsc9FPvxfHg80eiO4qceTl1BABO4bV2ugAUEPHeeZC8ax7P9gwUvZX2iGHpVUa3
9FSfQ6i6da6+6j9hmOHikTIOnhDJ/BFi1bV7G5dqPpNs
-----END CERTIFICATE-----