Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/352e3138322e31392e302f32342d3234203d3e20383334.roa
File:                     352e3138322e31392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          9bzJMhgoEQCJyYWo89Ye+a58ae8y+aFzAqfe4ddeuB0=
Subject key identifier:   10:62:95:71:3F:4B:B4:3D:9F:CD:DD:0E:B8:31:FD:31:FA:6F:1E:75
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       166EBCABB6D652DAAAB9B8063183AEC069469B08
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/352e3138322e31392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Jun 2025 10:31:04 +0000
ROA not before:           Fri 20 Jun 2025 10:26:04 +0000
ROA not after:            Fri 19 Jun 2026 10:31:04 +0000
asID:                     834
IP address blocks:        5.182.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 22:11:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:6e:bc:ab:b6:d6:52:da:aa:b9:b8:06:31:83:ae:c0:69:46:9b:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Jun 20 10:26:04 2025 GMT
            Not After : Jun 19 10:31:04 2026 GMT
        Subject: CN=106295713F4BB43D9FCDDD0EB831FD31FA6F1E75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:91:98:54:e1:21:b3:8f:30:d5:42:8e:dc:00:
                    25:66:16:fc:01:29:44:28:6e:7a:3c:84:a1:6b:76:
                    50:f7:a8:f2:a1:31:f6:74:2c:13:6f:48:29:6a:f3:
                    f1:27:b5:16:18:3b:b1:02:e5:b7:b3:40:55:61:96:
                    61:46:d7:1c:51:31:9d:1b:41:d8:a6:db:d3:aa:dc:
                    95:e9:98:17:5a:ba:ee:d9:27:6c:39:99:a8:97:bc:
                    78:ec:a6:5a:86:2a:10:41:39:73:1c:cf:87:33:14:
                    9e:25:5f:0b:83:0c:82:43:4a:4a:74:34:77:e5:2d:
                    6a:42:a5:89:d8:f1:ff:6e:dc:f3:31:e4:3f:58:37:
                    da:3e:ba:23:f6:fc:1f:5c:7b:2a:d3:3e:45:cf:6b:
                    5e:93:b3:6b:57:b2:bd:77:fb:09:35:95:da:b4:ae:
                    80:b5:c1:fa:d6:9b:2d:22:c6:5a:8b:1c:64:fe:55:
                    d2:f2:a4:49:8e:5c:1d:57:36:f3:fa:42:99:be:e7:
                    d5:fe:34:d1:f0:46:f8:24:20:b0:87:9f:26:52:58:
                    0d:a4:59:a5:9c:f9:91:6a:16:aa:58:f0:55:47:03:
                    b0:38:76:50:bf:fa:6f:80:e2:73:63:2c:14:66:b6:
                    9a:94:fc:ea:d6:ea:ad:cb:2d:b0:b2:d1:d3:0b:58:
                    b1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:62:95:71:3F:4B:B4:3D:9F:CD:DD:0E:B8:31:FD:31:FA:6F:1E:75
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/352e3138322e31392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:24:7e:19:92:f2:41:5e:84:61:01:e9:80:a8:29:c0:13:1c:
         4c:1b:ce:37:63:87:2d:8d:2a:8e:af:58:08:87:1c:be:28:f5:
         ef:d2:b5:9b:71:37:e3:bc:a1:2c:ef:0a:67:84:31:fe:75:f9:
         86:b2:da:77:e3:f8:cb:9a:5a:c2:90:0b:8f:e2:cb:18:e0:30:
         dc:29:b4:c8:b2:52:df:85:f2:46:77:15:0b:e1:e9:e0:4e:f1:
         e8:ee:f2:b0:35:00:c2:41:40:f4:72:6d:3d:d7:86:06:1e:d6:
         3d:56:7c:a6:b6:d0:cf:72:13:1c:93:bd:99:d8:be:39:b6:03:
         12:d1:52:74:05:60:d7:fe:19:b9:2b:1c:16:22:f0:5a:3e:2f:
         d8:15:61:c0:ad:5a:a1:7a:02:04:02:80:92:c7:16:fc:40:06:
         ee:40:4d:8d:2f:2e:18:cc:b0:a3:18:7a:10:84:0f:74:80:21:
         a1:6e:e9:f1:c6:80:cd:2c:40:72:4d:3c:41:99:83:45:2a:ad:
         87:55:fc:a0:7b:5f:57:84:15:8e:c4:32:15:b9:2b:a3:60:ae:
         63:d8:9f:2e:c4:94:eb:ff:b5:a3:da:d6:61:a2:94:02:88:b8:
         da:c8:05:bf:67:1a:f7:95:58:58:92:61:e7:8d:4d:7f:cd:7b:
         08:83:3c:f8
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUFm68q7bWUtqqubgGMYOuwGlGmwgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNTA2MjAxMDI2MDRaFw0yNjA2MTkxMDMxMDRaMDMxMTAvBgNV
BAMTKDEwNjI5NTcxM0Y0QkI0M0Q5RkNEREQwRUI4MzFGRDMxRkE2RjFFNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdkZhU4SGzjzDVQo7cACVmFvwB
KUQobno8hKFrdlD3qPKhMfZ0LBNvSClq8/EntRYYO7EC5bezQFVhlmFG1xxRMZ0b
Qdim29Oq3JXpmBdauu7ZJ2w5maiXvHjsplqGKhBBOXMcz4czFJ4lXwuDDIJDSkp0
NHflLWpCpYnY8f9u3PMx5D9YN9o+uiP2/B9ceyrTPkXPa16Ts2tXsr13+wk1ldq0
roC1wfrWmy0ixlqLHGT+VdLypEmOXB1XNvP6Qpm+59X+NNHwRvgkILCHnyZSWA2k
WaWc+ZFqFqpY8FVHA7A4dlC/+m+A4nNjLBRmtpqU/OrW6q3LLbCy0dMLWLFxAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUEGKVcT9LtD2fzd0OuDH9MfpvHnUwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3Jz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zNTJlMzEzODMyMmUz
MTM5MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYT
MA0GCSqGSIb3DQEBCwUAA4IBAQBLJH4ZkvJBXoRhAemAqCnAExxMG843Y4ctjSqO
r1gIhxy+KPXv0rWbcTfjvKEs7wpnhDH+dfmGstp34/jLmlrCkAuP4ssY4DDcKbTI
slLfhfJGdxUL4engTvHo7vKwNQDCQUD0cm0914YGHtY9VnymttDPchMck72Z2L45
tgMS0VJ0BWDX/hm5KxwWIvBaPi/YFWHArVqhegIEAoCSxxb8QAbuQE2NLy4YzLCj
GHoQhA90gCGhbunxxoDNLEByTTxBmYNFKq2HVfyge19XhBWOxDIVuSujYK5j2J8u
xJTr/7Wj2tZhopQCiLjayAW/Zxr3lVhYkmHnjU1/zXsIgzz4
-----END CERTIFICATE-----