Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3137372e302f32342d3234203d3e203438393235.roa
File:                     3137382e3230382e3137372e302f32342d3234203d3e203438393235.roa (raw, json)
Hash identifier:          Z1490i9doL5m2PgcNC/WXHPQM/Tn89UV1N9Meu7L6k4=
Subject key identifier:   39:7C:6C:9C:42:40:EF:D2:03:9B:16:FF:DE:10:25:27:4C:E6:94:05
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0C05B1BD433470B11DF70537C16E9ADE5122CA45
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3137372e302f32342d3234203d3e203438393235.roa
Signing time:             Wed 10 Apr 2024 20:03:32 +0000
ROA not before:           Wed 10 Apr 2024 19:58:32 +0000
ROA not after:            Wed 09 Apr 2025 20:03:32 +0000
asID:                     48925
IP address blocks:        178.208.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:05:b1:bd:43:34:70:b1:1d:f7:05:37:c1:6e:9a:de:51:22:ca:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Apr 10 19:58:32 2024 GMT
            Not After : Apr  9 20:03:32 2025 GMT
        Subject: CN=397C6C9C4240EFD2039B16FFDE1025274CE69405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e1:20:61:1b:67:f5:34:29:34:da:69:14:cc:
                    4b:03:e9:35:58:d4:08:03:de:0a:0a:2e:46:46:12:
                    63:1a:ed:1a:77:5b:c6:13:cc:e5:d3:5e:8c:05:3b:
                    52:29:98:e5:86:08:59:db:bd:55:af:53:33:19:bf:
                    52:0c:94:e4:56:b1:68:02:ed:31:72:c5:79:f0:b4:
                    72:b7:dc:d4:d9:91:3a:0d:d9:fe:c8:e1:30:1b:af:
                    62:29:07:9c:a5:6d:22:00:71:f5:19:18:59:ef:ec:
                    ea:9a:09:54:f2:4d:98:cd:50:e3:19:0d:4e:2d:5a:
                    35:84:ca:62:a1:85:fa:f4:af:fa:8e:3d:1c:04:b9:
                    2e:84:07:82:55:ff:1d:51:19:44:c9:c7:93:51:1a:
                    a5:0d:47:a4:2b:c0:05:d9:00:02:fc:50:c6:da:1e:
                    5c:2e:fc:56:d4:e0:cf:81:77:af:f4:0f:df:a2:ae:
                    7e:b3:2f:87:f4:2e:71:7c:42:cd:47:2d:b8:31:41:
                    fc:1d:a5:3c:51:17:bf:a8:64:03:68:8d:a9:fe:f8:
                    c2:cd:d7:bb:b3:5c:49:1a:07:b7:90:ca:55:85:00:
                    41:da:09:ce:5f:0f:c3:a9:53:bb:e5:ac:f6:86:a0:
                    f8:ee:11:a6:db:34:66:12:80:7c:a2:61:61:9e:81:
                    b5:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7C:6C:9C:42:40:EF:D2:03:9B:16:FF:DE:10:25:27:4C:E6:94:05
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3137372e302f32342d3234203d3e203438393235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:d2:81:3c:af:6c:ef:a4:2e:c2:4e:f5:0b:1e:30:d6:54:e0:
         65:da:51:de:a2:60:9f:26:63:72:2a:f1:92:2f:e7:0d:97:99:
         ff:3f:56:2f:35:11:9c:d6:a9:bc:32:2f:ed:d3:78:5b:59:b5:
         80:23:22:0c:43:0f:fe:d9:d2:99:d3:e4:c5:84:d3:f4:8e:1a:
         e3:a3:43:3f:a1:1a:7b:67:43:5c:88:c7:bc:52:26:64:63:e9:
         56:6e:a5:0c:f2:ce:af:38:d9:9e:6e:7a:b9:63:f8:3c:86:6c:
         a1:e1:63:d6:76:80:c8:91:58:08:36:2f:d3:f9:70:25:66:ae:
         1e:65:91:42:f7:a3:90:ad:67:30:54:42:eb:f4:5b:59:61:ed:
         20:1c:17:ed:2c:95:76:1a:2a:4a:5e:db:fc:7c:16:fc:5d:ff:
         a2:74:02:97:99:09:01:c1:90:42:d2:3a:ea:26:86:c2:40:48:
         4b:c1:7c:32:92:5f:8d:89:b6:eb:47:7d:db:17:29:ac:df:1b:
         31:0d:99:7b:b4:b7:10:2f:75:15:dd:ee:a0:69:39:5c:78:f2:
         ab:b8:af:3d:26:f4:b2:bf:9b:62:20:9c:81:a5:b8:84:08:82:
         0a:79:f2:95:75:e3:7b:80:e9:c8:6f:97:20:c4:1a:97:f9:1b:
         c6:a2:b1:f8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUDAWxvUM0cLEd9wU3wW6a3lEiykUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNDA0MTAxOTU4MzJaFw0yNTA0MDkyMDAzMzJaMDMxMTAvBgNV
BAMTKDM5N0M2QzlDNDI0MEVGRDIwMzlCMTZGRkRFMTAyNTI3NENFNjk0MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF4SBhG2f1NCk02mkUzEsD6TVY
1AgD3goKLkZGEmMa7Rp3W8YTzOXTXowFO1IpmOWGCFnbvVWvUzMZv1IMlORWsWgC
7TFyxXnwtHK33NTZkToN2f7I4TAbr2IpB5ylbSIAcfUZGFnv7OqaCVTyTZjNUOMZ
DU4tWjWEymKhhfr0r/qOPRwEuS6EB4JV/x1RGUTJx5NRGqUNR6QrwAXZAAL8UMba
Hlwu/FbU4M+Bd6/0D9+irn6zL4f0LnF8Qs1HLbgxQfwdpTxRF7+oZANojan++MLN
17uzXEkaB7eQylWFAEHaCc5fD8OpU7vlrPaGoPjuEabbNGYSgHyiYWGegbVzAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUOXxsnEJA79IDmxb/3hAlJ0zmlAUwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzNzM4MmUzMjMwMzgyZTMx
MzczNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzgzOTMyMzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACy0LEwDQYJKoZIhvcNAQELBQADggEBAIbSgTyvbO+kLsJO9QseMNZU4GXaUd6i
YJ8mY3Iq8ZIv5w2Xmf8/Vi81EZzWqbwyL+3TeFtZtYAjIgxDD/7Z0pnT5MWE0/SO
GuOjQz+hGntnQ1yIx7xSJmRj6VZupQzyzq842Z5uerlj+DyGbKHhY9Z2gMiRWAg2
L9P5cCVmrh5lkUL3o5CtZzBUQuv0W1lh7SAcF+0slXYaKkpe2/x8Fvxd/6J0ApeZ
CQHBkELSOuomhsJASEvBfDKSX42JtutHfdsXKazfGzENmXu0txAvdRXd7qBpOVx4
8qu4rz0m9LK/m2IgnIGluIQIggp58pV143uA6chvlyDEGpf5G8aisfg=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:13 2024 by rpki-client on console-fra.rpki-client.org