Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135372e302f32342d3234203d3e203631333137.roa
File:                     3138382e3136342e3135372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Ro18PefiTAGdw1SOvEDVaS9dKWyyeeYzC3U6uYOXFoQ=
Subject key identifier:   13:E5:26:5D:B5:20:C0:38:EE:C4:34:28:76:1B:09:BB:F6:FB:09:D3
Certificate issuer:       /CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
Certificate serial:       1AE7D8E36F153B4616B191F7F756AAF64DBB27BF
Authority key identifier: 8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135372e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 18 Apr 2024 14:05:16 +0000
ROA not before:           Thu 18 Apr 2024 14:00:16 +0000
ROA not after:            Thu 17 Apr 2025 14:05:16 +0000
asID:                     61317
IP address blocks:        188.164.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:e7:d8:e3:6f:15:3b:46:16:b1:91:f7:f7:56:aa:f6:4d:bb:27:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
        Validity
            Not Before: Apr 18 14:00:16 2024 GMT
            Not After : Apr 17 14:05:16 2025 GMT
        Subject: CN=13E5265DB520C038EEC43428761B09BBF6FB09D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ab:78:82:9c:ba:79:fc:14:67:0b:60:32:8c:
                    40:3d:79:a9:3c:39:7e:00:0e:54:42:dd:81:df:fc:
                    06:3a:92:81:d9:0e:48:50:cb:b3:9b:3c:52:d0:51:
                    da:04:47:ae:4e:f1:eb:b5:24:df:f2:57:f4:55:ce:
                    36:1e:55:90:d7:04:19:2e:e9:64:5f:9b:d7:25:fd:
                    da:ce:19:05:b4:51:bd:69:9a:a1:6a:46:75:8e:30:
                    a8:c5:1e:ad:68:a1:90:9a:69:e7:6c:c9:24:23:15:
                    5b:af:64:e0:2f:22:00:86:3b:99:dc:3f:05:09:af:
                    8a:6c:a8:4f:53:cb:1f:62:da:bf:a5:f9:4f:98:6d:
                    32:df:eb:d9:25:f0:cd:9b:dc:9c:ac:ec:0e:47:01:
                    89:16:4b:aa:a2:15:82:d4:39:4e:4b:0f:28:d7:3b:
                    91:54:45:96:ca:34:f5:82:5c:92:99:6b:ae:83:ab:
                    62:b1:71:a9:76:68:33:d8:db:a8:6e:d6:95:38:da:
                    a6:dd:dc:75:de:d4:ba:cd:78:e7:35:70:44:b2:d2:
                    f5:9c:c6:0b:02:91:22:4c:04:08:8b:3c:d5:29:11:
                    ec:ff:c3:2b:98:96:43:57:99:88:63:0f:b4:49:00:
                    ad:51:0f:4a:0b:00:85:76:1e:b6:de:d9:29:7b:e2:
                    03:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:E5:26:5D:B5:20:C0:38:EE:C4:34:28:76:1B:09:BB:F6:FB:09:D3
            X509v3 Authority Key Identifier:
                keyid:8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:5e:0a:d4:4e:2d:48:0d:1a:d7:a2:8f:dd:39:39:b9:7b:2d:
         b4:cf:23:da:16:0a:50:7b:45:be:4e:a8:91:d0:b8:50:2d:eb:
         8f:7e:2f:12:8e:64:e2:00:6f:11:52:57:04:59:bb:0d:a1:99:
         17:60:ef:7c:29:8c:f9:70:df:ef:28:e6:79:16:35:17:47:53:
         f4:32:b2:36:3f:1e:fc:ce:87:2f:51:f2:7d:de:85:a9:92:04:
         5d:42:d0:5f:61:5a:d8:78:9b:5e:d6:4c:e9:15:cf:ac:07:5a:
         96:3c:28:2b:34:9d:2a:31:91:e6:b8:35:92:f0:a3:1a:83:80:
         f7:39:f1:c9:41:1f:11:8a:11:7a:f8:c9:ca:c8:f3:1c:05:01:
         74:b9:03:d5:53:be:0d:d3:37:9b:27:0d:17:1d:cb:5a:af:3f:
         45:8c:0b:c3:2f:24:b5:89:75:ff:fc:18:5d:5e:1b:e1:25:3a:
         88:2b:8b:bb:9e:b6:66:a4:02:bb:88:db:9a:87:df:36:3c:5a:
         27:74:95:36:99:a5:cb:7a:7e:83:9a:d5:83:01:19:f7:f8:20:
         b0:5c:39:10:4f:00:e8:da:61:13:b4:8a:32:02:b4:de:d4:7e:
         20:00:5b:a7:80:88:2d:8f:50:9b:4f:04:83:b2:1e:11:53:dc:
         94:22:b3:21
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUGufY428VO0YWsZH391aq9k27J78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI5YmE5YWRkZTk2MzU3NzdiZjU4NmZkNDkzZTE0Y2Qz
MGY3YzRjYTAeFw0yNDA0MTgxNDAwMTZaFw0yNTA0MTcxNDA1MTZaMDMxMTAvBgNV
BAMTKDEzRTUyNjVEQjUyMEMwMzhFRUM0MzQyODc2MUIwOUJCRjZGQjA5RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpq3iCnLp5/BRnC2AyjEA9eak8
OX4ADlRC3YHf/AY6koHZDkhQy7ObPFLQUdoER65O8eu1JN/yV/RVzjYeVZDXBBku
6WRfm9cl/drOGQW0Ub1pmqFqRnWOMKjFHq1ooZCaaedsySQjFVuvZOAvIgCGO5nc
PwUJr4psqE9Tyx9i2r+l+U+YbTLf69kl8M2b3Jys7A5HAYkWS6qiFYLUOU5LDyjX
O5FURZbKNPWCXJKZa66Dq2Kxcal2aDPY26hu1pU42qbd3HXe1LrNeOc1cESy0vWc
xgsCkSJMBAiLPNUpEez/wyuYlkNXmYhjD7RJAK1RD0oLAIV2Hrbe2Sl74gOJAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUE+UmXbUgwDjuxDQodhsJu/b7CdMwHwYDVR0j
BBgwFoAUi5uprd6WNXd79Yb9ST4UzTD3xMowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAtZjZlMC00MTBjLWJjOTktYWYwOTIxZDFj
M2E0LzAvOEI5QkE5QURERTk2MzU3NzdCRjU4NkZENDkzRTE0Q0QzMEY3QzRDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2k1dXByZDZXTlhkNzlZYjlTVDRVelRE
M3hNby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAt
ZjZlMC00MTBjLWJjOTktYWYwOTIxZDFjM2E0LzAvMzEzODM4MmUzMTM2MzQyZTMx
MzUzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC8pJ0wDQYJKoZIhvcNAQELBQADggEBAKReCtROLUgNGteij905Obl7LbTPI9oW
ClB7Rb5OqJHQuFAt649+LxKOZOIAbxFSVwRZuw2hmRdg73wpjPlw3+8o5nkWNRdH
U/QysjY/HvzOhy9R8n3ehamSBF1C0F9hWth4m17WTOkVz6wHWpY8KCs0nSoxkea4
NZLwoxqDgPc58clBHxGKEXr4ycrI8xwFAXS5A9VTvg3TN5snDRcdy1qvP0WMC8Mv
JLWJdf/8GF1eG+ElOogri7uetmakAruI25qH3zY8Wid0lTaZpct6foOa1YMBGff4
ILBcORBPAOjaYRO0ijICtN7UfiAAW6eAiC2PUJtPBIOyHhFT3JQisyE=
-----END CERTIFICATE-----
Generated at Thu Nov 21 17:13:49 2024 by rpki-client on console-ams.rpki-client.org