Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e38392e37362e302f32342d3234203d3e203536353430.roa
File:                     3138352e38392e37362e302f32342d3234203d3e203536353430.roa (raw, json)
Hash identifier:          Vy9226mSM/m221E8dEmvw0RcqE1S0tSWMupGKaxLfTM=
Subject key identifier:   05:AE:72:6E:57:FF:D7:8D:4F:75:13:7C:B4:5A:34:43:FD:F1:AB:A2
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       1DB4350C21A5CF38E0538F927C8A2A95E74F6BC0
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e38392e37362e302f32342d3234203d3e203536353430.roa
Signing time:             Tue 28 Jan 2025 00:53:52 +0000
ROA not before:           Tue 28 Jan 2025 00:48:52 +0000
ROA not after:            Tue 27 Jan 2026 00:53:52 +0000
asID:                     56540
IP address blocks:        185.89.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Feb 2025 05:53:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:b4:35:0c:21:a5:cf:38:e0:53:8f:92:7c:8a:2a:95:e7:4f:6b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jan 28 00:48:52 2025 GMT
            Not After : Jan 27 00:53:52 2026 GMT
        Subject: CN=05AE726E57FFD78D4F75137CB45A3443FDF1ABA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:62:3e:98:b4:04:99:54:bb:90:c1:4a:d1:2a:
                    de:ea:96:a1:30:45:3f:43:b2:1e:4e:5a:7e:53:fc:
                    e4:d5:79:bf:17:29:ec:1f:7b:8b:c3:b5:c7:48:00:
                    75:dc:53:44:00:4b:37:2f:e6:26:6d:3b:14:07:a9:
                    b8:04:5c:0c:d7:01:e8:44:38:3e:25:9b:2e:a4:a8:
                    a0:fd:72:f3:e1:60:c7:7f:82:a2:c0:86:6c:c7:d6:
                    0a:40:72:35:01:2f:8c:07:cf:9b:40:e7:ea:ab:64:
                    05:43:c5:04:3e:75:c9:10:df:f1:fd:ff:45:17:8b:
                    88:86:5e:fe:55:21:63:92:80:43:2c:c6:27:ef:15:
                    03:5b:31:2d:b9:0c:60:6d:2c:e6:ed:b1:f6:39:3a:
                    00:6a:46:d2:ac:eb:92:b5:f7:c8:2a:cd:76:c2:82:
                    11:e8:bb:d8:3f:2f:27:94:35:9d:9c:96:f3:22:53:
                    c3:75:52:49:9e:e0:71:65:fb:76:d2:0d:9f:11:dc:
                    19:a1:36:60:19:f8:b1:7c:96:2d:38:72:f0:ca:6c:
                    50:02:f1:08:da:96:1b:cb:98:5b:ae:e6:0f:c4:97:
                    ab:28:21:6d:85:d2:e0:44:af:37:c5:9f:77:51:10:
                    3a:39:61:73:d9:6c:c1:23:f6:7e:4f:8c:77:6f:87:
                    67:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:AE:72:6E:57:FF:D7:8D:4F:75:13:7C:B4:5A:34:43:FD:F1:AB:A2
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e38392e37362e302f32342d3234203d3e203536353430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:6e:90:42:43:a2:b6:b0:68:57:13:98:75:0e:0c:48:c1:82:
         33:98:a8:52:0b:b8:07:ff:15:d4:ef:46:da:69:13:c2:79:ff:
         0e:a0:3b:bb:44:f0:03:e0:d3:23:22:9a:a5:74:45:ea:05:de:
         7a:11:d3:e6:2b:8c:5d:38:8e:cf:dd:9f:cc:b9:93:93:2d:82:
         a2:5c:01:d1:f4:ae:e5:78:06:6b:c7:68:84:90:1c:5a:f5:3b:
         68:a9:63:40:37:d0:d7:21:26:50:70:62:8f:f1:76:b7:57:14:
         e3:6c:8b:6d:b3:81:19:44:a6:23:3c:8d:f4:d5:7b:6e:11:8a:
         74:ec:03:82:ed:b6:c0:6d:b8:ef:af:16:bf:26:e2:63:23:3f:
         f6:bc:9d:ab:06:c6:a6:b6:37:ab:d4:bd:27:89:cd:03:fa:48:
         88:1a:1a:dc:0a:d4:fd:b3:89:ec:bc:a4:1c:df:b5:b6:f1:26:
         c8:9a:b6:48:37:90:3a:34:54:2f:48:98:58:19:73:5b:e7:b0:
         2d:0d:30:91:0f:a3:3d:b8:94:51:e4:b6:f4:8f:9c:ba:f3:8c:
         c0:ae:9a:d4:7b:86:54:67:cd:b2:22:ca:85:df:1a:81:51:bb:
         d2:2e:bb:21:d9:6d:a5:91:1b:a1:d8:36:15:03:e6:66:19:65:
         29:fd:05:92
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHbQ1DCGlzzjgU4+SfIoqledPa8AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAxMjgwMDQ4NTJaFw0yNjAxMjcwMDUzNTJaMDMxMTAvBgNV
BAMTKDA1QUU3MjZFNTdGRkQ3OEQ0Rjc1MTM3Q0I0NUEzNDQzRkRGMUFCQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqYj6YtASZVLuQwUrRKt7qlqEw
RT9Dsh5OWn5T/OTVeb8XKewfe4vDtcdIAHXcU0QASzcv5iZtOxQHqbgEXAzXAehE
OD4lmy6kqKD9cvPhYMd/gqLAhmzH1gpAcjUBL4wHz5tA5+qrZAVDxQQ+dckQ3/H9
/0UXi4iGXv5VIWOSgEMsxifvFQNbMS25DGBtLObtsfY5OgBqRtKs65K198gqzXbC
ghHou9g/LyeUNZ2clvMiU8N1Ukme4HFl+3bSDZ8R3BmhNmAZ+LF8li04cvDKbFAC
8QjalhvLmFuu5g/El6soIW2F0uBErzfFn3dREDo5YXPZbMEj9n5PjHdvh2cRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBa5yblf/141PdRN8tFo0Q/3xq6IwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzODM5MmUzNzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNjM1MzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlZ
TDANBgkqhkiG9w0BAQsFAAOCAQEAGW6QQkOitrBoVxOYdQ4MSMGCM5ioUgu4B/8V
1O9G2mkTwnn/DqA7u0TwA+DTIyKapXRF6gXeehHT5iuMXTiOz92fzLmTky2ColwB
0fSu5XgGa8dohJAcWvU7aKljQDfQ1yEmUHBij/F2t1cU42yLbbOBGUSmIzyN9NV7
bhGKdOwDgu22wG24768WvybiYyM/9rydqwbGprY3q9S9J4nNA/pIiBoa3ArU/bOJ
7LykHN+1tvEmyJq2SDeQOjRUL0iYWBlzW+ewLQ0wkQ+jPbiUUeS29I+cuvOMwK6a
1HuGVGfNsiLKhd8agVG70i67IdltpZEbodg2FQPmZhllKf0Fkg==
-----END CERTIFICATE-----
Generated at Fri Feb 14 15:01:40 2025 by rpki-client