Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138392e302f32342d3234203d3e2039333034.roa
File:                     352e3232362e3138392e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          KMYDoKnPWH3TUSOlAA/wzDsC66Y3O5PlUt+i9WMB8YA=
Subject key identifier:   3D:EA:1C:38:01:B3:03:06:E2:DF:EF:EF:24:C4:E1:00:69:5B:3A:E1
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       5E715DDCE677D28BDA48521F119CC5F35209841D
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138392e302f32342d3234203d3e2039333034.roa
Signing time:             Fri 13 Jun 2025 12:24:51 +0000
ROA not before:           Fri 13 Jun 2025 12:19:51 +0000
ROA not after:            Fri 12 Jun 2026 12:24:51 +0000
asID:                     9304
IP address blocks:        5.226.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:71:5d:dc:e6:77:d2:8b:da:48:52:1f:11:9c:c5:f3:52:09:84:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jun 13 12:19:51 2025 GMT
            Not After : Jun 12 12:24:51 2026 GMT
        Subject: CN=3DEA1C3801B30306E2DFEFEF24C4E100695B3AE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ae:e9:0f:c3:9c:2c:d2:62:d1:23:3e:67:fb:
                    6e:0c:de:c8:57:3e:90:e8:e7:50:c9:9c:43:84:fc:
                    47:7f:67:6a:ec:db:81:68:a5:57:95:3b:28:d5:87:
                    e9:f3:01:c8:a9:4b:81:a6:9b:6a:c8:c3:90:c4:e3:
                    66:b5:e6:2a:2b:3e:87:84:95:a7:57:1b:11:7e:cd:
                    68:de:51:e0:b9:40:0e:53:fa:53:b4:b3:e9:45:ca:
                    60:b0:45:ef:0c:ec:81:8c:97:b9:05:77:b9:a5:3e:
                    33:d3:d0:10:4d:f4:40:07:b5:28:09:4a:b7:7f:5a:
                    13:c4:f4:16:c4:55:7a:78:43:96:75:81:ea:32:c3:
                    68:64:02:41:33:e0:14:ea:41:1d:bf:1b:fa:af:ea:
                    88:3f:8c:e4:8c:f9:f7:8d:08:ce:3e:b3:7e:14:1e:
                    cc:6e:23:00:4e:74:95:2b:37:b8:ed:a5:48:7b:d2:
                    2b:8e:66:51:2c:68:80:99:e9:3d:2e:c1:bc:0e:22:
                    98:d9:5f:11:24:f4:9a:65:e2:f1:4e:4c:45:5d:53:
                    3a:e2:e8:db:90:00:fd:ee:72:ea:63:a7:60:09:ed:
                    49:69:7d:ca:d2:3d:f6:b4:cc:2c:1f:83:59:5d:ed:
                    e6:27:1a:c6:ff:3b:60:ae:d5:8c:7c:5a:a0:62:9f:
                    3e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:EA:1C:38:01:B3:03:06:E2:DF:EF:EF:24:C4:E1:00:69:5B:3A:E1
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138392e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:6b:81:a4:bb:09:e2:95:f8:33:7b:6b:c4:59:95:39:ea:92:
         1f:2c:30:1a:33:92:44:15:21:24:32:b5:a6:2b:3c:8a:da:e3:
         13:45:38:d2:51:b0:72:d8:7e:46:28:31:3b:41:28:30:13:e5:
         6b:71:04:38:c9:75:40:17:ea:50:75:f8:67:88:66:fc:33:dc:
         f5:56:6e:73:6a:b9:7f:c9:b8:4f:0f:50:ce:7f:f0:6c:8a:f3:
         07:6b:f0:25:bf:cc:1f:be:77:51:53:5b:80:29:79:36:a9:eb:
         7f:3b:44:1b:14:0b:86:93:d7:71:71:d0:b0:da:93:22:87:68:
         83:7a:7c:62:c0:2d:51:ee:db:f4:d4:e4:ab:ee:bd:8b:50:c3:
         b4:45:2f:fb:7c:0d:09:d2:4f:73:d4:4d:af:2a:0b:7e:fb:fa:
         6e:6e:26:a8:25:00:e7:60:2a:60:e2:bd:56:aa:0e:a8:82:22:
         1c:63:34:4e:f8:4e:98:1d:52:28:04:0e:da:7c:cd:15:03:d1:
         98:9a:bc:ae:09:65:3c:78:d6:9b:ba:14:9d:96:67:cc:2c:77:
         65:fe:d1:9d:a1:11:ba:4c:fa:02:65:c9:ae:f9:4c:80:6b:d4:
         4d:6b:a4:81:25:a7:ab:d1:60:8c:d9:1e:63:8d:73:4f:be:f8:
         6b:08:1a:ce
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXnFd3OZ30ovaSFIfEZzF81IJhB0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTA2MTMxMjE5NTFaFw0yNjA2MTIxMjI0NTFaMDMxMTAvBgNV
BAMTKDNERUExQzM4MDFCMzAzMDZFMkRGRUZFRjI0QzRFMTAwNjk1QjNBRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzrukPw5ws0mLRIz5n+24M3shX
PpDo51DJnEOE/Ed/Z2rs24FopVeVOyjVh+nzAcipS4Gmm2rIw5DE42a15iorPoeE
ladXGxF+zWjeUeC5QA5T+lO0s+lFymCwRe8M7IGMl7kFd7mlPjPT0BBN9EAHtSgJ
Srd/WhPE9BbEVXp4Q5Z1geoyw2hkAkEz4BTqQR2/G/qv6og/jOSM+feNCM4+s34U
HsxuIwBOdJUrN7jtpUh70iuOZlEsaICZ6T0uwbwOIpjZXxEk9Jpl4vFOTEVdUzri
6NuQAP3ucupjp2AJ7UlpfcrSPfa0zCwfg1ld7eYnGsb/O2Cu1Yx8WqBinz7VAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUPeocOAGzAwbi3+/vJMThAGlbOuEwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF4r0w
DQYJKoZIhvcNAQELBQADggEBALJrgaS7CeKV+DN7a8RZlTnqkh8sMBozkkQVISQy
taYrPIra4xNFONJRsHLYfkYoMTtBKDAT5WtxBDjJdUAX6lB1+GeIZvwz3PVWbnNq
uX/JuE8PUM5/8GyK8wdr8CW/zB++d1FTW4ApeTap6387RBsUC4aT13Fx0LDakyKH
aIN6fGLALVHu2/TU5KvuvYtQw7RFL/t8DQnST3PUTa8qC377+m5uJqglAOdgKmDi
vVaqDqiCIhxjNE74TpgdUigEDtp8zRUD0ZiavK4JZTx41pu6FJ2WZ8wsd2X+0Z2h
EbpM+gJlya75TIBr1E1rpIElp6vRYIzZHmONc0+++GsIGs4=
-----END CERTIFICATE-----