Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa
File:                     3138382e3136342e3135342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          F4WawlXiEuupvwaTZ3lzyGEtt6taVc6JO+wQhL9YGyU=
Subject key identifier:   5B:92:0F:DB:1F:45:BC:EE:C6:5B:50:B1:7C:55:E5:48:DA:D0:A3:E7
Certificate issuer:       /CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
Certificate serial:       11FB0716EEDA47CF447B37457C19C82012DA335D
Authority key identifier: 8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa
Signing time:             Wed 12 Feb 2025 00:02:37 +0000
ROA not before:           Tue 11 Feb 2025 23:57:37 +0000
ROA not after:            Wed 11 Feb 2026 00:02:37 +0000
asID:                     834
IP address blocks:        188.164.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 11:47:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:fb:07:16:ee:da:47:cf:44:7b:37:45:7c:19:c8:20:12:da:33:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
        Validity
            Not Before: Feb 11 23:57:37 2025 GMT
            Not After : Feb 11 00:02:37 2026 GMT
        Subject: CN=5B920FDB1F45BCEEC65B50B17C55E548DAD0A3E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8a:b4:bf:0d:5d:75:b7:85:6b:cd:f8:bd:42:
                    e4:a9:b2:28:a5:c5:d7:24:cf:3c:04:21:36:d2:2e:
                    5c:5f:49:7a:fe:34:a1:9d:f6:8d:75:0d:74:3f:7b:
                    4c:1e:98:08:04:e4:50:39:08:46:ce:ac:81:01:13:
                    86:19:f7:83:c1:3b:2b:bd:76:0b:a2:ff:8b:7a:95:
                    ee:ed:fc:24:82:f5:57:06:97:d4:42:2a:40:b8:71:
                    e9:ad:6a:93:b2:a7:66:6c:71:27:77:e1:fb:c6:c4:
                    50:a7:8e:9b:64:f2:61:72:be:54:00:01:a1:bc:6f:
                    7d:89:37:25:75:99:bc:5f:0d:33:96:76:97:48:06:
                    c8:76:ca:2a:79:65:5a:8d:b9:cf:fb:01:b7:76:74:
                    19:a1:0e:71:44:67:46:6f:9f:85:5f:b5:5b:a6:5b:
                    ee:70:1c:91:ba:92:16:36:a9:66:0f:4a:dd:58:d2:
                    b4:14:28:d7:9c:41:6a:a9:26:06:86:05:ef:ba:85:
                    49:81:89:24:ff:6c:90:6e:3b:90:d2:7c:c6:36:39:
                    a0:71:7a:09:6d:82:b7:74:43:0a:9a:a8:38:16:53:
                    24:a2:6b:34:68:fc:05:8c:ba:a8:f3:4c:b8:1c:c4:
                    9b:58:e0:32:67:a2:3a:9d:ab:0c:04:3a:e5:94:62:
                    4c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:92:0F:DB:1F:45:BC:EE:C6:5B:50:B1:7C:55:E5:48:DA:D0:A3:E7
            X509v3 Authority Key Identifier:
                keyid:8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:3b:76:b1:e7:02:1b:a4:34:13:59:5a:d4:5e:91:db:8b:03:
         f7:00:2d:d6:ae:8a:f9:15:83:c3:1f:90:b0:b5:fb:96:da:a0:
         66:ed:82:94:93:e8:cd:d0:b4:df:c1:78:32:aa:9a:d4:5b:25:
         61:91:20:fe:c9:b8:47:82:56:49:4f:5f:4e:7b:e2:9a:40:cf:
         33:b2:b0:3f:95:2e:b5:e7:7f:29:80:17:c6:4f:3b:68:f3:82:
         1f:f1:54:0c:8c:a2:c2:27:c3:e5:47:6a:fb:5a:0b:c3:e4:73:
         22:80:06:84:a5:22:55:bd:b0:ce:95:2d:d8:6c:d1:39:34:4d:
         d6:6f:95:44:da:6d:b5:04:4e:6d:31:55:15:f3:22:17:74:2c:
         0b:fb:e1:8d:70:5e:f2:d7:f8:12:ce:2a:36:f5:c6:c3:7a:17:
         d4:e0:6d:c5:16:e1:a8:ca:21:13:34:8c:fa:28:89:8e:34:63:
         09:92:0f:b9:cf:78:66:08:1a:a4:2e:a8:06:84:ab:7a:06:f5:
         d9:37:ef:21:19:67:8e:f7:c8:6e:ef:7c:2e:df:14:da:13:41:
         ab:b0:b7:35:2e:46:5b:8c:cb:6c:5d:e4:a0:fe:7e:bf:5a:b4:
         b5:68:1f:39:c6:19:89:87:32:9c:84:80:70:05:8f:c5:d5:75:
         e8:a3:8a:ef
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEfsHFu7aR89EezdFfBnIIBLaM10wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI5YmE5YWRkZTk2MzU3NzdiZjU4NmZkNDkzZTE0Y2Qz
MGY3YzRjYTAeFw0yNTAyMTEyMzU3MzdaFw0yNjAyMTEwMDAyMzdaMDMxMTAvBgNV
BAMTKDVCOTIwRkRCMUY0NUJDRUVDNjVCNTBCMTdDNTVFNTQ4REFEMEEzRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzirS/DV11t4Vrzfi9QuSpsiil
xdckzzwEITbSLlxfSXr+NKGd9o11DXQ/e0wemAgE5FA5CEbOrIEBE4YZ94PBOyu9
dgui/4t6le7t/CSC9VcGl9RCKkC4cemtapOyp2ZscSd34fvGxFCnjptk8mFyvlQA
AaG8b32JNyV1mbxfDTOWdpdIBsh2yip5ZVqNuc/7Abd2dBmhDnFEZ0Zvn4VftVum
W+5wHJG6khY2qWYPSt1Y0rQUKNecQWqpJgaGBe+6hUmBiST/bJBuO5DSfMY2OaBx
egltgrd0QwqaqDgWUySiazRo/AWMuqjzTLgcxJtY4DJnojqdqwwEOuWUYky/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW5IP2x9FvO7GW1CxfFXlSNrQo+cwHwYDVR0j
BBgwFoAUi5uprd6WNXd79Yb9ST4UzTD3xMowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAtZjZlMC00MTBjLWJjOTktYWYwOTIxZDFj
M2E0LzAvOEI5QkE5QURERTk2MzU3NzdCRjU4NkZENDkzRTE0Q0QzMEY3QzRDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2k1dXByZDZXTlhkNzlZYjlTVDRVelRE
M3hNby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAt
ZjZlMC00MTBjLWJjOTktYWYwOTIxZDFjM2E0LzAvMzEzODM4MmUzMTM2MzQyZTMx
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALyk
mjANBgkqhkiG9w0BAQsFAAOCAQEAUTt2secCG6Q0E1la1F6R24sD9wAt1q6K+RWD
wx+QsLX7ltqgZu2ClJPozdC038F4Mqqa1FslYZEg/sm4R4JWSU9fTnvimkDPM7Kw
P5Uuted/KYAXxk87aPOCH/FUDIyiwifD5Udq+1oLw+RzIoAGhKUiVb2wzpUt2GzR
OTRN1m+VRNpttQRObTFVFfMiF3QsC/vhjXBe8tf4Es4qNvXGw3oX1OBtxRbhqMoh
EzSM+iiJjjRjCZIPuc94ZggapC6oBoSregb12TfvIRlnjvfIbu98Lt8U2hNBq7C3
NS5GW4zLbF3koP5+v1q0tWgfOcYZiYcynISAcAWPxdV16KOK7w==
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:22:58 2025 by rpki-client