Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138352e302f32342d3234203d3e20323131333733.roa
File:                     352e3138312e3138352e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          Jcj6Q6hffLq9mVMv6ZE1OGTsaSIAKmWUVH3PL5R7nSM=
Subject key identifier:   04:2D:7F:6E:02:6B:BD:09:37:B6:56:46:4A:AD:D4:69:10:90:97:B0
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       3591A98061B029F967F0B1073927106F2C5F3A28
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138352e302f32342d3234203d3e20323131333733.roa
Signing time:             Fri 05 Jul 2024 12:07:44 +0000
ROA not before:           Fri 05 Jul 2024 12:02:44 +0000
ROA not after:            Fri 04 Jul 2025 12:07:44 +0000
asID:                     211373
IP address blocks:        5.181.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Dec 2024 22:59:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:91:a9:80:61:b0:29:f9:67:f0:b1:07:39:27:10:6f:2c:5f:3a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jul  5 12:02:44 2024 GMT
            Not After : Jul  4 12:07:44 2025 GMT
        Subject: CN=042D7F6E026BBD0937B656464AADD469109097B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0a:b8:e3:3a:9c:5d:fa:ce:8d:79:cc:77:5f:
                    ff:5c:79:fc:61:04:b7:02:4c:73:3e:37:ad:2e:bb:
                    33:00:55:54:80:1d:76:4f:fa:43:28:cb:e7:13:d3:
                    54:73:11:d7:21:6c:8e:8f:aa:ea:73:78:26:f9:25:
                    4c:de:b1:b1:28:10:01:4b:7c:37:81:4c:5a:fd:65:
                    39:3a:61:8b:a8:8c:f8:b1:ec:7d:25:12:44:ec:43:
                    f5:e4:30:af:6f:32:10:87:9a:c7:a9:da:18:9e:30:
                    59:25:a8:7e:c2:81:8f:cd:b4:83:75:76:c6:1d:70:
                    26:dd:e5:82:4e:09:76:09:7e:0e:bf:f4:fc:ac:96:
                    89:df:e3:8c:fc:00:2c:cd:27:4c:c9:9a:23:b6:4c:
                    fe:09:c9:74:4e:85:d9:3f:30:7e:86:45:2b:6e:c6:
                    b8:d3:f3:6e:1f:c5:1d:56:11:ca:61:be:ad:90:c2:
                    e1:b7:b8:fc:49:fb:77:7a:7a:5c:8f:6a:fb:29:8c:
                    65:a0:c0:95:b9:75:51:b6:97:f5:ef:9b:10:7a:3a:
                    85:41:3f:ba:fc:99:3b:91:ba:5f:3f:2d:2e:58:d8:
                    ee:01:b7:a4:27:00:13:fd:63:06:0b:ec:38:0d:76:
                    7b:36:02:4a:74:60:eb:e3:0c:4e:9b:6d:84:53:f8:
                    04:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:2D:7F:6E:02:6B:BD:09:37:B6:56:46:4A:AD:D4:69:10:90:97:B0
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/352e3138312e3138352e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:42:16:10:d5:b1:2b:11:b5:2d:9f:fa:03:f2:44:11:26:b4:
         45:51:3c:f5:05:0d:e0:d4:47:5b:24:cf:82:54:05:7d:60:a4:
         c8:d9:af:45:54:95:ec:36:8b:95:a1:30:a1:85:1e:45:c9:f8:
         c4:b4:82:36:ae:5f:77:ee:ae:d1:48:89:35:f0:98:b9:e4:ba:
         09:c6:3e:24:c3:2f:87:40:7c:e3:10:b6:49:d8:5a:ec:ca:e3:
         b2:39:3c:1c:22:b1:e6:f3:26:1b:22:19:e4:e2:e8:e3:8a:d3:
         e9:cd:ef:3e:18:96:6b:7a:da:76:82:20:b8:f8:66:ae:27:47:
         34:69:46:40:42:2e:19:b4:50:a8:ae:8d:15:98:b3:9e:45:ab:
         e3:91:47:1d:9d:2d:57:83:3b:d3:98:27:6e:82:14:c6:23:d6:
         a0:66:6a:c0:e6:bd:f7:c7:cd:c8:12:42:14:dd:15:3f:bf:b6:
         0e:8f:4f:43:a4:9d:81:fa:f5:88:b0:0b:f9:f1:c7:43:21:7c:
         3e:4f:f4:e7:96:85:d9:c7:c3:2f:e5:90:0d:f6:1c:4f:cf:18:
         28:c1:f9:9d:02:27:4a:2d:60:03:b6:51:04:c0:b9:22:66:6c:
         07:e0:be:bf:e6:d6:e3:17:6b:f9:c9:5a:aa:44:f1:3e:75:9c:
         82:ac:ab:88
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUNZGpgGGwKfln8LEHOScQbyxfOigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDA3MDUxMjAyNDRaFw0yNTA3MDQxMjA3NDRaMDMxMTAvBgNV
BAMTKDA0MkQ3RjZFMDI2QkJEMDkzN0I2NTY0NjRBQURENDY5MTA5MDk3QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9CrjjOpxd+s6Necx3X/9cefxh
BLcCTHM+N60uuzMAVVSAHXZP+kMoy+cT01RzEdchbI6PqupzeCb5JUzesbEoEAFL
fDeBTFr9ZTk6YYuojPix7H0lEkTsQ/XkMK9vMhCHmsep2hieMFklqH7CgY/NtIN1
dsYdcCbd5YJOCXYJfg6/9Pyslonf44z8ACzNJ0zJmiO2TP4JyXROhdk/MH6GRStu
xrjT824fxR1WEcphvq2QwuG3uPxJ+3d6elyPavspjGWgwJW5dVG2l/XvmxB6OoVB
P7r8mTuRul8/LS5Y2O4Bt6QnABP9YwYL7DgNdns2Akp0YOvjDE6bbYRT+AQdAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUBC1/bgJrvQk3tlZGSq3UaRCQl7AwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzUyZTMxMzgzMTJlMzEzODM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMxMzMzNzMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
BbW5MA0GCSqGSIb3DQEBCwUAA4IBAQCTQhYQ1bErEbUtn/oD8kQRJrRFUTz1BQ3g
1EdbJM+CVAV9YKTI2a9FVJXsNouVoTChhR5FyfjEtII2rl937q7RSIk18Ji55LoJ
xj4kwy+HQHzjELZJ2FrsyuOyOTwcIrHm8yYbIhnk4ujjitPpze8+GJZretp2giC4
+GauJ0c0aUZAQi4ZtFCoro0VmLOeRavjkUcdnS1XgzvTmCdughTGI9agZmrA5r33
x83IEkIU3RU/v7YOj09DpJ2B+vWIsAv58cdDIXw+T/TnloXZx8Mv5ZAN9hxPzxgo
wfmdAidKLWADtlEEwLkiZmwH4L6/5tbjF2v5yVqqRPE+dZyCrKuI
-----END CERTIFICATE-----
Generated at Fri Dec 13 02:51:57 2024 by rpki-client on console-ams.rpki-client.org