Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36352.roa
File:                     AS36352.roa (raw, json)
Hash identifier:          mrTc8yKb3biZ7HOO1KKlSZY5uBicDcKwuiIu6XNSH5U=
Subject key identifier:   BD:72:59:0F:2F:B2:3C:11:D4:80:83:D9:44:DD:C1:70:73:C8:AD:1F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       35013AD72EC134B62E267BA3C81F011ADAFC12E8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36352.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     36352
IP address blocks:        185.142.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:01:3a:d7:2e:c1:34:b6:2e:26:7b:a3:c8:1f:01:1a:da:fc:12:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=BD72590F2FB23C11D48083D944DDC17073C8AD1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7e:78:8e:9a:7c:a9:2b:84:0f:f7:30:fd:32:
                    3b:2d:80:98:93:d0:02:16:2a:59:28:d4:72:90:35:
                    07:99:b3:a4:d9:eb:3d:9c:42:cd:63:2c:63:23:ea:
                    c1:05:33:82:7c:e8:8b:9e:8e:66:8a:e0:fd:8e:11:
                    fc:03:60:e7:03:72:17:0a:7b:c2:ea:5d:85:44:2a:
                    76:94:44:1f:c5:e7:09:b7:28:9a:4d:06:08:2a:29:
                    10:e6:40:2f:f3:7c:f1:61:e9:3e:97:82:37:e9:82:
                    70:20:30:87:4f:a0:d4:fc:98:ea:fa:98:97:67:1c:
                    9a:68:c9:e7:fb:ea:5b:ed:5a:79:ba:4d:49:32:a7:
                    82:3f:59:8a:ea:45:59:96:15:a6:0c:86:fd:8c:37:
                    7d:47:25:7f:d2:a5:51:be:7d:28:92:9f:72:51:2a:
                    c6:b5:e0:62:a4:06:5b:f0:f6:d3:d8:2b:c4:da:5e:
                    c6:32:5e:5f:ba:5f:94:1b:40:d1:5e:4f:ff:ea:4a:
                    84:65:05:44:85:ce:77:87:e4:2a:f3:31:8a:5a:99:
                    0d:34:6d:77:c6:9f:20:9d:dc:dd:98:48:f2:7d:29:
                    42:63:2f:5b:23:60:82:45:75:6c:ac:21:ef:bf:5b:
                    35:5c:cb:c4:77:f8:2e:f7:99:79:17:95:4d:28:ec:
                    79:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:72:59:0F:2F:B2:3C:11:D4:80:83:D9:44:DD:C1:70:73:C8:AD:1F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:16:5b:ac:c7:7c:e9:05:64:0d:76:98:47:3b:b3:3e:db:3d:
         18:3d:cc:a2:58:02:19:78:dd:d8:53:d8:66:09:39:bc:b2:18:
         c3:f8:b9:fc:09:c6:22:48:2e:13:ef:c2:e0:a9:59:76:70:07:
         21:69:41:31:d4:8a:2d:cb:f2:bd:88:ef:5b:60:6e:62:7a:db:
         70:ae:ba:94:9b:04:f1:b3:5b:67:c8:6b:57:0f:cb:28:a6:0d:
         10:fd:97:35:39:85:06:7e:e6:54:ea:e2:43:7e:42:7b:60:2d:
         15:c1:0e:f6:1d:29:d4:94:a2:77:b1:ff:9c:f9:59:24:c6:33:
         96:ca:99:59:34:0d:71:db:14:53:04:89:a1:0c:3b:50:e0:0b:
         28:14:2a:17:ec:d1:03:25:f8:b7:3e:37:a2:7c:8e:9f:81:e8:
         8b:ac:63:4b:7a:25:73:8a:4a:fa:d8:ff:4f:f9:d2:a6:63:c0:
         d4:42:5d:9b:b2:fb:f6:64:a6:9c:4d:f0:c6:76:56:58:35:f7:
         5c:50:0a:20:1c:4f:f1:2b:bf:dc:51:91:32:c8:90:5c:a2:00:
         ce:32:fe:d8:93:7f:40:87:12:11:f4:b3:d9:d3:37:68:f3:a4:
         93:db:86:d5:f4:48:e4:15:1f:3a:06:ba:84:5f:c1:a8:e1:8a:
         d1:7d:02:d2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNQE61y7BNLYuJnujyB8BGtr8EugwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKEJENzI1OTBGMkZCMjNDMTFENDgwODNEOTQ0RERDMTcwNzNDOEFEMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtfniOmnypK4QP9zD9MjstgJiT
0AIWKlko1HKQNQeZs6TZ6z2cQs1jLGMj6sEFM4J86IuejmaK4P2OEfwDYOcDchcK
e8LqXYVEKnaURB/F5wm3KJpNBggqKRDmQC/zfPFh6T6XgjfpgnAgMIdPoNT8mOr6
mJdnHJpoyef76lvtWnm6TUkyp4I/WYrqRVmWFaYMhv2MN31HJX/SpVG+fSiSn3JR
Ksa14GKkBlvw9tPYK8TaXsYyXl+6X5QbQNFeT//qSoRlBUSFzneH5CrzMYpamQ00
bXfGnyCd3N2YSPJ9KUJjL1sjYIJFdWysIe+/WzVcy8R3+C73mXkXlU0o7HmhAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvXJZDy+yPBHUgIPZRN3BcHPIrR8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzYzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5jhkw
DQYJKoZIhvcNAQELBQADggEBAHYWW6zHfOkFZA12mEc7sz7bPRg9zKJYAhl43dhT
2GYJObyyGMP4ufwJxiJILhPvwuCpWXZwByFpQTHUii3L8r2I71tgbmJ623CuupSb
BPGzW2fIa1cPyyimDRD9lzU5hQZ+5lTq4kN+QntgLRXBDvYdKdSUonex/5z5WSTG
M5bKmVk0DXHbFFMEiaEMO1DgCygUKhfs0QMl+Lc+N6J8jp+B6IusY0t6JXOKSvrY
/0/50qZjwNRCXZuy+/ZkppxN8MZ2Vlg191xQCiAcT/Erv9xRkTLIkFyiAM4y/tiT
f0CHEhH0s9nTN2jzpJPbhtX0SOQVHzoGuoRfwajhitF9AtI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:44:47 2024 by rpki-client on console-fra.rpki-client.org