Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS8100.roa
File:                     AS8100.roa (raw, json)
Hash identifier:          zzxe7bhGHdN00C3FSMk/UyFtB/T3zY26r3qZ27vuH/o=
Subject key identifier:   BC:40:99:82:A5:4E:64:06:4C:E8:A9:22:32:36:20:88:DA:E4:B2:DD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6FBC176A8C72EA56F0AA73DDD2D6B6A2C12ABFF4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS8100.roa
Signing time:             Tue 30 Jan 2024 12:26:49 +0000
ROA not before:           Tue 30 Jan 2024 12:21:49 +0000
ROA not after:            Tue 28 Jan 2025 12:26:49 +0000
asID:                     8100
IP address blocks:        191.101.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:bc:17:6a:8c:72:ea:56:f0:aa:73:dd:d2:d6:b6:a2:c1:2a:bf:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 30 12:21:49 2024 GMT
            Not After : Jan 28 12:26:49 2025 GMT
        Subject: CN=BC409982A54E64064CE8A92232362088DAE4B2DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:19:fe:e5:4c:f6:6d:1f:1c:41:6f:5d:09:ca:
                    55:06:c4:03:f8:87:44:1d:f7:5b:dd:f3:4e:dd:89:
                    65:b5:e0:86:1f:f3:de:29:98:08:69:07:35:0a:01:
                    4e:d1:39:f3:16:e0:ac:bc:95:6b:db:f6:15:91:d1:
                    f3:c8:83:a7:35:12:07:ca:d5:34:22:c2:a6:f4:10:
                    3e:74:68:99:ed:dd:11:d7:63:e4:f5:31:42:85:f8:
                    57:a3:23:22:53:db:d6:fa:b7:b6:ff:e9:92:8e:6f:
                    75:a6:f9:fb:60:03:fa:0b:d5:a6:ca:ab:c9:ea:bd:
                    92:55:84:81:b1:9f:54:ac:7a:9a:a1:c8:e5:a0:31:
                    0e:96:31:0a:62:16:53:e1:47:00:55:4f:83:e6:53:
                    ec:82:bc:b3:5a:a8:96:e2:58:f0:4f:b2:b3:35:e7:
                    a4:b7:f8:e3:4b:c7:d6:13:08:ca:51:e0:8a:4b:68:
                    ad:4e:b9:46:27:9b:44:5b:14:a2:bc:8c:f1:c7:e0:
                    7c:cd:19:83:51:15:62:9d:00:22:8f:19:77:d8:43:
                    9e:80:27:78:4b:80:c9:7b:1b:ee:cf:33:e3:df:11:
                    85:57:98:c6:9e:12:09:0b:2b:f9:82:9d:17:85:71:
                    c6:c9:b2:d9:5e:a0:07:13:da:32:6f:f2:fa:9a:50:
                    ba:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:40:99:82:A5:4E:64:06:4C:E8:A9:22:32:36:20:88:DA:E4:B2:DD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS8100.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:29:f8:ba:5a:ff:46:05:55:df:27:31:f9:72:88:00:85:bd:
         9c:6a:a5:3c:c2:02:3d:5c:12:9c:44:38:fe:01:f6:91:20:d6:
         db:77:37:3d:6a:90:70:93:fd:cc:2b:9a:6f:4d:66:e5:fb:2d:
         99:1f:8b:47:4d:03:58:1a:0c:5e:87:58:b8:20:3e:fa:52:e0:
         c3:a7:3a:a1:05:0f:12:b7:fe:90:50:e9:95:8c:f0:4a:7b:dd:
         a6:a7:04:6b:36:55:4b:3f:ce:b2:15:87:c9:af:f2:ea:e5:07:
         85:53:75:65:3e:d6:8a:38:b8:5a:d8:55:1d:9a:09:42:14:9d:
         75:d7:2b:ff:1c:57:13:5f:ab:cb:60:74:3e:c0:05:d2:13:f3:
         fc:b6:37:89:fb:86:4b:18:04:9d:df:7b:a1:30:76:fa:bd:b7:
         9b:b9:d5:67:2d:dc:12:26:55:46:57:e7:96:6f:6f:9a:8b:10:
         88:a8:61:b2:ee:83:c8:60:ca:69:e5:ff:78:ea:c8:d3:65:1a:
         41:69:dc:52:40:b5:7f:22:20:70:60:87:61:cf:7d:da:fa:cc:
         8d:ed:26:b8:40:d9:a7:2b:94:f6:07:86:b1:9c:1b:ab:1f:5c:
         63:d6:14:f8:10:bd:8d:9f:1b:73:8a:37:e7:c2:c1:9f:c5:d6:
         73:ae:44:15
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUb7wXaoxy6lbwqnPd0ta2osEqv/QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzAxMjIxNDlaFw0yNTAxMjgxMjI2NDlaMDMxMTAvBgNV
BAMTKEJDNDA5OTgyQTU0RTY0MDY0Q0U4QTkyMjMyMzYyMDg4REFFNEIyREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYGf7lTPZtHxxBb10JylUGxAP4
h0Qd91vd807diWW14IYf894pmAhpBzUKAU7ROfMW4Ky8lWvb9hWR0fPIg6c1EgfK
1TQiwqb0ED50aJnt3RHXY+T1MUKF+FejIyJT29b6t7b/6ZKOb3Wm+ftgA/oL1abK
q8nqvZJVhIGxn1SsepqhyOWgMQ6WMQpiFlPhRwBVT4PmU+yCvLNaqJbiWPBPsrM1
56S3+ONLx9YTCMpR4IpLaK1OuUYnm0RbFKK8jPHH4HzNGYNRFWKdACKPGXfYQ56A
J3hLgMl7G+7PM+PfEYVXmMaeEgkLK/mCnReFccbJstleoAcT2jJv8vqaULpzAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUvECZgqVOZAZM6KkiMjYgiNrkst0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTODEwMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAL9lhDAN
BgkqhkiG9w0BAQsFAAOCAQEATCn4ulr/RgVV3ycx+XKIAIW9nGqlPMICPVwSnEQ4
/gH2kSDW23c3PWqQcJP9zCuab01m5fstmR+LR00DWBoMXodYuCA++lLgw6c6oQUP
Erf+kFDplYzwSnvdpqcEazZVSz/OshWHya/y6uUHhVN1ZT7Wiji4WthVHZoJQhSd
ddcr/xxXE1+ry2B0PsAF0hPz/LY3ifuGSxgEnd97oTB2+r23m7nVZy3cEiZVRlfn
lm9vmosQiKhhsu6DyGDKaeX/eOrI02UaQWncUkC1fyIgcGCHYc992vrMje0muEDZ
pyuU9geGsZwbqx9cY9YU+BC9jZ8bc4o358LBn8XWc65EFQ==
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:12:49 2024 by rpki-client on console-fra.rpki-client.org