Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138342e302f32342d3234203d3e20323131333733.roa
File:                     352e3138312e3138342e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          tJ6A7U51n+GmIhk14F2miBqIQAmoLzM8TwWGKyDUw/Q=
Subject key identifier:   0B:FF:23:3F:F3:0C:AE:16:29:C2:A9:81:73:A2:2D:20:65:32:50:2D
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       675791BF9772AD5FD076AD87A6B3FF1F7913F5BA
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138342e302f32342d3234203d3e20323131333733.roa
Signing time:             Fri 22 Nov 2024 08:43:28 +0000
ROA not before:           Fri 22 Nov 2024 08:38:28 +0000
ROA not after:            Fri 21 Nov 2025 08:43:28 +0000
asID:                     211373
IP address blocks:        5.181.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Dec 2024 14:48:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:57:91:bf:97:72:ad:5f:d0:76:ad:87:a6:b3:ff:1f:79:13:f5:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Nov 22 08:38:28 2024 GMT
            Not After : Nov 21 08:43:28 2025 GMT
        Subject: CN=0BFF233FF30CAE1629C2A98173A22D206532502D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3c:33:63:4b:0d:14:36:bf:72:c6:ab:f6:79:
                    0d:e9:03:14:e6:2f:05:f0:da:a9:6c:3b:7d:1c:27:
                    16:1b:ae:78:d3:55:50:7f:d3:a0:c0:ca:92:c6:43:
                    98:a8:6b:01:24:76:bf:25:37:3b:bf:40:50:c4:9f:
                    5b:8a:f5:7d:74:8e:45:17:e4:c3:4f:80:e9:1f:ba:
                    92:3b:96:50:7e:cc:a4:b9:7f:0f:dd:28:63:a0:0e:
                    de:af:db:30:1a:bd:44:25:1c:91:b3:b5:01:52:e6:
                    ba:c1:4e:09:77:9d:d0:6e:b8:19:41:f1:79:4c:1f:
                    a3:7e:69:4f:6c:91:45:13:56:26:b9:ea:72:af:c6:
                    6c:e3:fe:76:85:35:aa:9b:33:ce:6e:43:41:84:59:
                    ac:a7:ef:ec:47:91:6c:45:9f:db:26:60:21:3b:6d:
                    1d:27:2f:0e:2c:9c:4b:e5:81:1b:ba:b3:ef:40:3d:
                    3d:65:7e:d8:b9:68:38:c3:0a:2c:c2:d6:d7:c2:83:
                    c4:7d:a7:e6:ae:43:0e:33:d9:1b:96:d5:a7:db:af:
                    13:14:8e:b4:f7:81:fc:46:45:b4:e0:02:a2:86:d3:
                    43:38:d5:3e:1f:60:59:a3:8e:08:ad:72:e3:9e:85:
                    49:90:b0:d0:a0:7f:0b:51:6b:62:89:b5:7d:f6:61:
                    6b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FF:23:3F:F3:0C:AE:16:29:C2:A9:81:73:A2:2D:20:65:32:50:2D
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138342e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:dc:e7:1f:cf:1c:4d:53:a9:b7:44:7d:93:64:43:a9:e3:a3:
         2c:81:f8:e5:65:19:7c:4e:6b:d5:10:5e:66:26:bc:db:9f:fe:
         46:b9:84:97:38:5c:a6:4f:54:45:a5:ad:d3:06:30:08:da:83:
         79:7b:f1:7c:23:4d:4f:c2:09:75:75:88:5b:55:a0:9c:7b:0d:
         29:b2:16:02:fb:9a:d9:d7:4d:55:6c:16:a8:8b:2e:a5:53:5c:
         11:86:06:f5:e2:12:31:14:c6:79:40:22:46:12:19:26:ba:26:
         d1:79:45:ed:13:33:e5:8b:92:09:70:c2:f3:00:7a:89:fe:4e:
         4f:11:89:f9:d3:f9:a5:76:29:c0:cf:24:d7:f1:d7:38:03:ad:
         45:30:1d:e9:d8:c2:4a:ee:4b:7f:8d:f9:ad:e5:b9:0c:69:c3:
         6b:3b:d7:f7:7e:03:a6:fd:94:8b:69:73:ac:ac:17:28:a4:ce:
         ec:04:f4:81:92:b4:a1:e4:ca:cb:25:56:0a:1d:c4:82:43:c9:
         be:fd:5f:d8:59:f8:a3:b2:b3:d6:c2:06:f3:b9:1a:dd:2b:83:
         3e:e3:07:70:a7:99:a8:89:e5:14:e5:79:d3:a7:00:90:05:ac:
         e7:80:3c:a5:ee:2d:6e:e7:08:40:68:f2:95:c7:b4:6d:c4:74:
         16:39:ef:84
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUZ1eRv5dyrV/Qdq2HprP/H3kT9bowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDExMjIwODM4MjhaFw0yNTExMjEwODQzMjhaMDMxMTAvBgNV
BAMTKDBCRkYyMzNGRjMwQ0FFMTYyOUMyQTk4MTczQTIyRDIwNjUzMjUwMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzPDNjSw0UNr9yxqv2eQ3pAxTm
LwXw2qlsO30cJxYbrnjTVVB/06DAypLGQ5ioawEkdr8lNzu/QFDEn1uK9X10jkUX
5MNPgOkfupI7llB+zKS5fw/dKGOgDt6v2zAavUQlHJGztQFS5rrBTgl3ndBuuBlB
8XlMH6N+aU9skUUTVia56nKvxmzj/naFNaqbM85uQ0GEWayn7+xHkWxFn9smYCE7
bR0nLw4snEvlgRu6s+9APT1lfti5aDjDCizC1tfCg8R9p+auQw4z2RuW1afbrxMU
jrT3gfxGRbTgAqKG00M41T4fYFmjjgitcuOehUmQsNCgfwtRa2KJtX32YWv1AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUC/8jP/MMrhYpwqmBc6ItIGUyUC0wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzUyZTMxMzgzMTJlMzEzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMxMzMzNzMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
BbW4MA0GCSqGSIb3DQEBCwUAA4IBAQDA3OcfzxxNU6m3RH2TZEOp46MsgfjlZRl8
TmvVEF5mJrzbn/5GuYSXOFymT1RFpa3TBjAI2oN5e/F8I01Pwgl1dYhbVaCcew0p
shYC+5rZ101VbBaoiy6lU1wRhgb14hIxFMZ5QCJGEhkmuibReUXtEzPli5IJcMLz
AHqJ/k5PEYn50/mldinAzyTX8dc4A61FMB3p2MJK7kt/jfmt5bkMacNrO9f3fgOm
/ZSLaXOsrBcopM7sBPSBkrSh5MrLJVYKHcSCQ8m+/V/YWfijsrPWwgbzuRrdK4M+
4wdwp5moieUU5XnTpwCQBazngDyl7i1u5whAaPKVx7RtxHQWOe+E
-----END CERTIFICATE-----
Generated at Thu Dec 12 23:23:08 2024 by rpki-client on console-fra.rpki-client.org