Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/87ae25f3-706b-47ed-bb74-46684ae0ef2b/0/3138352e3138362e32352e302f32342d3234203d3e203135343430.roa
File:                     3138352e3138362e32352e302f32342d3234203d3e203135343430.roa (raw, json)
Hash identifier:          ILHMVutQqrUF6iiv8nR1xxWWhUx08z770HSNuw90qv4=
Subject key identifier:   B0:A0:45:52:02:8A:D3:25:B9:09:99:1A:83:E8:4E:AE:E1:9F:95:65
Certificate issuer:       /CN=b3d0280f500695a43204251c9830454ca8a2e7ac
Certificate serial:       729E8E5C598B2B737F7FB5060BFFEF5AD8FC3656
Authority key identifier: B3:D0:28:0F:50:06:95:A4:32:04:25:1C:98:30:45:4C:A8:A2:E7:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9AoD1AGlaQyBCUcmDBFTKii56w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/87ae25f3-706b-47ed-bb74-46684ae0ef2b/0/3138352e3138362e32352e302f32342d3234203d3e203135343430.roa
Signing time:             Tue 14 May 2024 09:36:04 +0000
ROA not before:           Tue 14 May 2024 09:31:04 +0000
ROA not after:            Tue 13 May 2025 09:36:04 +0000
asID:                     15440
IP address blocks:        185.186.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/87ae25f3-706b-47ed-bb74-46684ae0ef2b/0/B3D0280F500695A43204251C9830454CA8A2E7AC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/87ae25f3-706b-47ed-bb74-46684ae0ef2b/0/B3D0280F500695A43204251C9830454CA8A2E7AC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9AoD1AGlaQyBCUcmDBFTKii56w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:9e:8e:5c:59:8b:2b:73:7f:7f:b5:06:0b:ff:ef:5a:d8:fc:36:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d0280f500695a43204251c9830454ca8a2e7ac
        Validity
            Not Before: May 14 09:31:04 2024 GMT
            Not After : May 13 09:36:04 2025 GMT
        Subject: CN=B0A04552028AD325B909991A83E84EAEE19F9565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:37:8c:f6:60:5d:13:f3:0e:74:d2:71:f4:42:
                    a8:fe:2e:b1:e2:f0:26:b5:5b:50:c3:2c:e4:a7:ad:
                    cd:ef:5c:be:1e:bb:45:84:4b:91:d6:a3:c8:35:7d:
                    fd:2c:de:ac:88:6b:71:d6:d4:6e:52:f6:44:ff:9a:
                    5f:1f:b1:fd:ef:01:f2:0f:f0:f2:d6:3c:e4:ea:30:
                    dd:a8:75:cf:ad:3a:3e:6b:82:84:a0:08:e4:c4:ee:
                    1b:7f:26:8e:ea:09:5f:92:ef:4e:fa:e8:fa:4f:a7:
                    92:01:14:d4:39:c9:1f:6b:a5:d0:23:34:a3:2e:60:
                    a0:13:e6:3b:33:24:83:e5:5c:4a:47:54:ca:9a:cb:
                    0f:81:6e:9d:ea:f4:0f:c6:2f:00:7f:98:0d:56:42:
                    39:2a:72:87:2f:b0:e1:f1:f0:f9:d7:80:ce:ba:96:
                    2b:31:76:8a:db:88:67:c8:61:cb:b0:13:ba:11:22:
                    08:32:0d:72:cf:7d:5e:90:e1:8c:b0:62:14:fb:43:
                    11:cb:aa:36:c0:17:f6:b9:42:0f:76:ac:ff:ce:02:
                    03:e7:f0:bc:d0:f8:74:3b:d2:9f:70:da:3a:f9:64:
                    1e:9b:fc:3f:be:61:4a:59:79:64:03:e3:5a:4d:02:
                    25:cb:48:a0:c7:3e:45:25:91:51:15:52:36:8c:60:
                    f7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A0:45:52:02:8A:D3:25:B9:09:99:1A:83:E8:4E:AE:E1:9F:95:65
            X509v3 Authority Key Identifier:
                keyid:B3:D0:28:0F:50:06:95:A4:32:04:25:1C:98:30:45:4C:A8:A2:E7:AC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/87ae25f3-706b-47ed-bb74-46684ae0ef2b/0/B3D0280F500695A43204251C9830454CA8A2E7AC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9AoD1AGlaQyBCUcmDBFTKii56w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/87ae25f3-706b-47ed-bb74-46684ae0ef2b/0/3138352e3138362e32352e302f32342d3234203d3e203135343430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:3b:98:3c:0f:bd:0c:bc:c7:30:77:66:6d:03:aa:81:23:15:
         51:5f:07:ad:27:19:06:58:5f:87:07:a5:12:01:6b:25:e1:80:
         1f:a1:f7:e2:91:10:8c:b6:42:83:d2:4c:c8:e4:66:d1:cd:71:
         3f:37:77:9d:75:8d:b0:5c:bf:1e:66:b6:b6:34:33:e1:d5:ec:
         17:b1:fd:39:6a:00:94:4e:73:dd:9d:52:f6:bc:a8:49:5e:d0:
         5e:5f:09:11:90:46:5f:1f:52:92:ac:e0:b1:6e:3d:c5:b6:50:
         a6:a1:f7:f6:14:f2:2a:af:c1:dd:fa:79:fb:1f:64:58:5e:b1:
         b7:89:ea:ac:d5:2a:76:4b:d7:c5:05:7d:9b:1e:73:8d:61:fc:
         98:70:a4:03:4d:52:d9:32:47:89:cb:95:04:a1:f5:55:16:65:
         f3:66:16:89:e0:7c:45:a3:b2:b2:c5:f8:63:16:c4:71:dd:b3:
         1c:1b:70:91:f6:38:a3:14:92:69:5a:69:9b:44:38:0b:b6:54:
         f1:f1:08:b9:89:ac:68:01:a1:f4:f5:e8:1b:85:81:c7:90:03:
         f3:04:6a:48:c1:d8:6b:4b:2c:48:d5:c6:2b:cf:1c:1c:60:bc:
         4c:9d:8d:ab:39:26:22:01:68:c5:e9:4d:af:ab:d4:46:ad:7e:
         bd:1d:38:b5
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUcp6OXFmLK3N/f7UGC//vWtj8NlYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjNkMDI4MGY1MDA2OTVhNDMyMDQyNTFjOTgzMDQ1NGNh
OGEyZTdhYzAeFw0yNDA1MTQwOTMxMDRaFw0yNTA1MTMwOTM2MDRaMDMxMTAvBgNV
BAMTKEIwQTA0NTUyMDI4QUQzMjVCOTA5OTkxQTgzRTg0RUFFRTE5Rjk1NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiN4z2YF0T8w500nH0Qqj+LrHi
8Ca1W1DDLOSnrc3vXL4eu0WES5HWo8g1ff0s3qyIa3HW1G5S9kT/ml8fsf3vAfIP
8PLWPOTqMN2odc+tOj5rgoSgCOTE7ht/Jo7qCV+S70766PpPp5IBFNQ5yR9rpdAj
NKMuYKAT5jszJIPlXEpHVMqayw+Bbp3q9A/GLwB/mA1WQjkqcocvsOHx8PnXgM66
lisxdorbiGfIYcuwE7oRIggyDXLPfV6Q4YywYhT7QxHLqjbAF/a5Qg92rP/OAgPn
8LzQ+HQ70p9w2jr5ZB6b/D++YUpZeWQD41pNAiXLSKDHPkUlkVEVUjaMYPc3AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUsKBFUgKK0yW5CZkag+hOruGflWUwHwYDVR0j
BBgwFoAUs9AoD1AGlaQyBCUcmDBFTKii56wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODdhZTI1ZjMtNzA2Yi00N2VkLWJiNzQtNDY2ODRhZTBl
ZjJiLzAvQjNEMDI4MEY1MDA2OTVBNDMyMDQyNTFDOTgzMDQ1NENBOEEyRTdBQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3M5QW9EMUFHbGFReUJDVWNtREJGVEtp
aTU2dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODdhZTI1ZjMt
NzA2Yi00N2VkLWJiNzQtNDY2ODRhZTBlZjJiLzAvMzEzODM1MmUzMTM4MzYyZTMy
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzQzNDMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
uboZMA0GCSqGSIb3DQEBCwUAA4IBAQDAO5g8D70MvMcwd2ZtA6qBIxVRXwetJxkG
WF+HB6USAWsl4YAfoffikRCMtkKD0kzI5GbRzXE/N3eddY2wXL8eZra2NDPh1ewX
sf05agCUTnPdnVL2vKhJXtBeXwkRkEZfH1KSrOCxbj3FtlCmoff2FPIqr8Hd+nn7
H2RYXrG3ieqs1Sp2S9fFBX2bHnONYfyYcKQDTVLZMkeJy5UEofVVFmXzZhaJ4HxF
o7KyxfhjFsRx3bMcG3CR9jijFJJpWmmbRDgLtlTx8Qi5iaxoAaH09egbhYHHkAPz
BGpIwdhrSyxI1cYrzxwcYLxMnY2rOSYiAWjF6U2vq9RGrX69HTi1
-----END CERTIFICATE-----
Generated at Thu Nov 21 13:55:50 2024 by rpki-client on console-fra.rpki-client.org