Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138342e302f32342d3234203d3e20323132333335.roa
File:                     352e3138312e3138342e302f32342d3234203d3e20323132333335.roa (raw, json)
Hash identifier:          Kz/abfokUDctsVWWtfFi3DZJ1fVN1kVVNGP7sW31/H0=
Subject key identifier:   94:5C:B5:93:E1:F8:6D:60:8B:54:6E:A4:84:F9:3C:35:A0:E0:73:C1
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       50C7989A7DCE4BF8EDA13DD40FBCD22B6E1FEF3C
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138342e302f32342d3234203d3e20323132333335.roa
Signing time:             Tue 06 Feb 2024 13:16:51 +0000
ROA not before:           Tue 06 Feb 2024 13:11:51 +0000
ROA not after:            Tue 04 Feb 2025 13:16:51 +0000
asID:                     212335
IP address blocks:        5.181.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:c7:98:9a:7d:ce:4b:f8:ed:a1:3d:d4:0f:bc:d2:2b:6e:1f:ef:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Feb  6 13:11:51 2024 GMT
            Not After : Feb  4 13:16:51 2025 GMT
        Subject: CN=945CB593E1F86D608B546EA484F93C35A0E073C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:15:3d:0d:d2:ac:38:42:9a:0a:f1:34:a4:ae:
                    64:ff:d7:e9:5e:67:24:82:eb:74:f4:e3:0f:b1:c8:
                    23:b6:00:ef:d4:13:f8:9a:3e:a8:9b:7a:80:29:06:
                    a6:da:41:80:b2:d1:25:ff:fa:9e:15:7a:6d:02:23:
                    ab:ac:d9:fd:c1:06:a4:29:64:f8:b1:c7:e6:7a:fc:
                    74:c1:03:08:46:18:8d:11:33:5f:e7:ec:fa:55:dc:
                    44:c0:80:75:16:be:77:53:ba:f1:18:c1:cb:52:0e:
                    55:29:f7:35:de:c3:f6:04:f0:e3:79:c5:79:dc:f2:
                    8e:21:bd:e8:e8:f3:f6:c1:9d:61:62:07:44:1b:c9:
                    a7:04:df:31:90:db:ff:90:99:9d:02:8b:83:e4:c8:
                    ee:74:c2:b6:c2:c2:b9:11:ea:8a:4f:5f:0f:8a:46:
                    85:fb:11:f4:89:de:7a:f0:63:e8:47:89:7e:ec:02:
                    f3:1c:14:6f:93:ab:c7:b2:1a:f8:ef:8e:a9:fa:53:
                    f2:a2:52:8c:cf:4e:67:ac:57:6d:af:f9:59:d9:f5:
                    c5:53:95:da:c0:45:df:db:ab:42:d4:09:e6:22:b9:
                    9f:6c:75:19:00:8f:a8:e2:d2:bd:04:10:1f:85:96:
                    1c:95:a0:e2:84:ec:16:d9:3f:99:cc:1b:79:8a:96:
                    3f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:5C:B5:93:E1:F8:6D:60:8B:54:6E:A4:84:F9:3C:35:A0:E0:73:C1
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138342e302f32342d3234203d3e20323132333335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:c3:94:4b:9d:a5:94:c2:49:b6:a7:a9:62:55:49:3e:6a:a5:
         a5:70:a7:bf:0c:84:83:fb:e2:d9:bc:b9:77:67:c2:7b:71:e1:
         39:f4:a7:84:b3:7c:0b:eb:ca:88:72:35:8f:4f:a3:44:58:cc:
         71:d7:fb:6a:39:40:3a:b8:f7:a4:bd:e3:3d:af:06:e6:80:6d:
         53:00:de:00:64:96:20:fa:99:02:8c:df:67:66:fa:3d:0c:44:
         f8:6f:7d:75:ea:86:47:90:e3:c5:95:d1:fb:f3:0c:df:46:85:
         ca:c3:e4:2a:e1:38:63:7d:5a:93:05:ab:70:86:ff:f7:06:6c:
         82:e9:89:ec:41:0a:6b:97:c7:b7:3f:fb:82:05:6e:ca:a9:c3:
         83:09:63:da:db:bb:35:f3:55:bc:c3:26:e7:35:fd:33:50:a2:
         1a:d7:45:a7:3e:8b:13:42:04:0b:2c:3d:4e:8e:bc:c2:47:a9:
         01:e2:65:83:83:b4:6a:62:df:00:e3:09:ba:de:8c:e6:96:0a:
         e3:8a:ae:aa:e4:23:ea:b6:28:c8:38:42:1c:8b:a5:12:0e:77:
         12:2b:e8:64:77:04:59:2a:01:98:2a:cd:d5:7f:69:7d:f8:8b:
         c4:2e:c4:b7:6b:b4:51:27:17:7a:3c:11:21:5b:93:d4:0f:84:
         6c:1e:d7:78
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUUMeYmn3OS/jtoT3UD7zSK24f7zwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDAyMDYxMzExNTFaFw0yNTAyMDQxMzE2NTFaMDMxMTAvBgNV
BAMTKDk0NUNCNTkzRTFGODZENjA4QjU0NkVBNDg0RjkzQzM1QTBFMDczQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyFT0N0qw4QpoK8TSkrmT/1+le
ZySC63T04w+xyCO2AO/UE/iaPqibeoApBqbaQYCy0SX/+p4Vem0CI6us2f3BBqQp
ZPixx+Z6/HTBAwhGGI0RM1/n7PpV3ETAgHUWvndTuvEYwctSDlUp9zXew/YE8ON5
xXnc8o4hvejo8/bBnWFiB0QbyacE3zGQ2/+QmZ0Ci4PkyO50wrbCwrkR6opPXw+K
RoX7EfSJ3nrwY+hHiX7sAvMcFG+Tq8eyGvjvjqn6U/KiUozPTmesV22v+VnZ9cVT
ldrARd/bq0LUCeYiuZ9sdRkAj6ji0r0EEB+FlhyVoOKE7BbZP5nMG3mKlj95AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUlFy1k+H4bWCLVG6khPk8NaDgc8EwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzUyZTMxMzgzMTJlMzEzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzMzMzM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
BbW4MA0GCSqGSIb3DQEBCwUAA4IBAQBpw5RLnaWUwkm2p6liVUk+aqWlcKe/DISD
++LZvLl3Z8J7ceE59KeEs3wL68qIcjWPT6NEWMxx1/tqOUA6uPekveM9rwbmgG1T
AN4AZJYg+pkCjN9nZvo9DET4b3116oZHkOPFldH78wzfRoXKw+Qq4ThjfVqTBatw
hv/3BmyC6YnsQQprl8e3P/uCBW7KqcODCWPa27s181W8wybnNf0zUKIa10WnPosT
QgQLLD1OjrzCR6kB4mWDg7RqYt8A4wm63ozmlgrjiq6q5CPqtijIOEIci6USDncS
K+hkdwRZKgGYKs3Vf2l9+IvELsS3a7RRJxd6PBEhW5PUD4RsHtd4
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:42 2024 by rpki-client on console-ams.rpki-client.org