Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3232362e3135322e302f32342d3234203d3e2037303138.roa
File:                     3138352e3232362e3135322e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          eFwqDrcXPOq51WhlPfPNotpgKZnDi0IknYbfgX3GC/4=
Subject key identifier:   A8:0B:79:C8:F6:9A:7F:7D:B2:6C:57:3B:2D:C8:1F:CC:3C:4F:23:A2
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       21B56D43ECCE9CAAE9C96F33BCA5C23ACFE6D100
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3232362e3135322e302f32342d3234203d3e2037303138.roa
Signing time:             Sun 14 Apr 2024 08:05:44 +0000
ROA not before:           Sun 14 Apr 2024 08:00:44 +0000
ROA not after:            Sun 13 Apr 2025 08:05:44 +0000
asID:                     7018
IP address blocks:        185.226.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 10:43:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b5:6d:43:ec:ce:9c:aa:e9:c9:6f:33:bc:a5:c2:3a:cf:e6:d1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Apr 14 08:00:44 2024 GMT
            Not After : Apr 13 08:05:44 2025 GMT
        Subject: CN=A80B79C8F69A7F7DB26C573B2DC81FCC3C4F23A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d6:8d:cd:32:67:39:53:9b:b4:55:be:55:e5:
                    4d:b7:2f:bd:b5:df:26:1e:62:fe:07:91:3d:cf:39:
                    54:0a:5d:ec:5f:00:c1:97:62:8d:98:bb:30:99:26:
                    f8:97:9d:5e:4f:ad:a0:2d:7a:c1:39:d5:f1:96:a6:
                    01:5a:1c:21:ca:75:9e:c4:d5:f2:b3:33:8d:a6:b2:
                    16:b7:59:cc:e2:c9:06:53:64:07:a7:21:c1:9b:3a:
                    d1:19:a7:80:af:4b:51:eb:50:4e:2b:08:f9:5b:cd:
                    0b:1d:83:6b:08:98:5d:ac:3a:e8:99:9e:03:21:83:
                    73:c9:f9:15:f4:94:e1:82:64:b3:35:b3:76:c4:45:
                    e7:04:d9:7f:4f:45:8b:98:ca:f1:f3:53:06:0b:2e:
                    47:b4:2f:9d:a6:b9:4a:7f:a1:a7:b1:ff:8a:95:0d:
                    85:03:71:0c:d6:8c:14:e5:7d:71:42:05:80:ad:ff:
                    fe:3b:a9:53:28:08:2a:07:4b:9e:00:b8:bb:55:1e:
                    f0:b4:9e:19:41:eb:98:84:f3:c4:e1:36:a9:de:88:
                    d6:c2:ac:68:73:0d:3d:d9:5e:71:35:f5:7d:ba:13:
                    2e:77:4a:82:c5:9f:db:79:e1:6e:a9:4d:44:fa:64:
                    c5:62:d8:2d:5e:ee:83:45:58:b8:18:3f:b7:1b:10:
                    e3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:0B:79:C8:F6:9A:7F:7D:B2:6C:57:3B:2D:C8:1F:CC:3C:4F:23:A2
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3232362e3135322e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:02:dd:83:a6:50:bb:85:c6:be:da:6a:55:5b:94:20:d8:fa:
         cf:ad:7f:c4:fa:30:18:a4:56:32:3c:0d:cd:2e:6c:98:2a:d7:
         ae:44:2e:0d:da:5a:2c:15:28:7f:f4:33:76:fa:36:e8:e6:34:
         d3:28:c0:93:c4:85:0d:8e:47:dd:b4:29:64:ba:56:d6:0e:f5:
         d0:81:19:d7:83:fb:a4:f6:77:42:d2:37:b7:f2:af:15:e0:71:
         47:01:a3:71:6d:cd:17:bb:cb:ea:89:cd:ca:65:8e:11:e2:c8:
         60:4b:6b:07:96:e5:87:27:5c:d0:58:32:b0:ed:b7:c1:12:df:
         6d:f6:0a:8f:15:8b:0b:2c:f2:73:2b:5d:f9:f6:67:e7:eb:3a:
         88:87:c1:fb:3c:b2:7f:85:76:8f:e6:8b:eb:be:c8:ad:22:41:
         2a:f0:51:d6:79:35:db:73:dc:06:5a:83:00:d0:2a:08:66:88:
         35:39:b8:32:a8:73:0c:94:91:f2:71:57:87:e5:e5:2e:a0:f9:
         19:8e:d4:b4:9a:44:e7:59:3e:b8:85:1e:67:b4:74:2d:60:e4:
         78:da:48:2e:89:1e:45:69:18:e5:1e:25:3d:15:50:96:7a:49:
         e9:6a:0e:37:b2:46:7e:50:f1:c4:f4:cc:e6:bf:13:79:fa:20:
         b6:0d:78:ad
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUIbVtQ+zOnKrpyW8zvKXCOs/m0QAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA0MTQwODAwNDRaFw0yNTA0MTMwODA1NDRaMDMxMTAvBgNV
BAMTKEE4MEI3OUM4RjY5QTdGN0RCMjZDNTczQjJEQzgxRkNDM0M0RjIzQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCH1o3NMmc5U5u0Vb5V5U23L721
3yYeYv4HkT3POVQKXexfAMGXYo2YuzCZJviXnV5PraAtesE51fGWpgFaHCHKdZ7E
1fKzM42msha3WcziyQZTZAenIcGbOtEZp4CvS1HrUE4rCPlbzQsdg2sImF2sOuiZ
ngMhg3PJ+RX0lOGCZLM1s3bERecE2X9PRYuYyvHzUwYLLke0L52muUp/oaex/4qV
DYUDcQzWjBTlfXFCBYCt//47qVMoCCoHS54AuLtVHvC0nhlB65iE88ThNqneiNbC
rGhzDT3ZXnE19X26Ey53SoLFn9t54W6pTUT6ZMVi2C1e7oNFWLgYP7cbEOPrAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUqAt5yPaaf32ybFc7LcgfzDxPI6IwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzODM1MmUzMjMyMzYyZTMx
MzUzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzAzMTM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
ueKYMA0GCSqGSIb3DQEBCwUAA4IBAQCgAt2DplC7hca+2mpVW5Qg2PrPrX/E+jAY
pFYyPA3NLmyYKteuRC4N2losFSh/9DN2+jbo5jTTKMCTxIUNjkfdtClkulbWDvXQ
gRnXg/uk9ndC0je38q8V4HFHAaNxbc0Xu8vqic3KZY4R4shgS2sHluWHJ1zQWDKw
7bfBEt9t9gqPFYsLLPJzK1359mfn6zqIh8H7PLJ/hXaP5ovrvsitIkEq8FHWeTXb
c9wGWoMA0CoIZog1ObgyqHMMlJHycVeH5eUuoPkZjtS0mkTnWT64hR5ntHQtYOR4
2kguiR5FaRjlHiU9FVCWeknpag43skZ+UPHE9MzmvxN5+iC2DXit
-----END CERTIFICATE-----
Generated at Wed Jun 12 14:31:00 2024 by rpki-client on console-ams.rpki-client.org