Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e332e302f32342d3234203d3e20323030303137.roa
File:                     3138352e3138312e332e302f32342d3234203d3e20323030303137.roa (raw, json)
Hash identifier:          Lou4vvYiSAy2voI0SZqwtmZNxoTRb8e5r/f8gOfrdrI=
Subject key identifier:   35:7D:99:53:24:31:B5:86:63:47:58:08:01:80:7A:C8:CA:DA:67:14
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       5C8AC9F7BBE90A770B2DC4A16E3787BDBCDF458D
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e332e302f32342d3234203d3e20323030303137.roa
Signing time:             Tue 23 Apr 2024 13:08:12 +0000
ROA not before:           Tue 23 Apr 2024 13:03:12 +0000
ROA not after:            Tue 22 Apr 2025 13:08:12 +0000
asID:                     200017
IP address blocks:        185.181.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:8a:c9:f7:bb:e9:0a:77:0b:2d:c4:a1:6e:37:87:bd:bc:df:45:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Apr 23 13:03:12 2024 GMT
            Not After : Apr 22 13:08:12 2025 GMT
        Subject: CN=357D99532431B5866347580801807AC8CADA6714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d7:b9:ac:a6:d8:bb:99:b9:b4:8a:04:d3:cf:
                    85:d3:51:ef:72:f0:e3:f4:80:7e:d5:88:3e:c9:6a:
                    c2:76:34:94:8b:63:57:01:25:90:a5:b8:af:c7:95:
                    2f:ad:f1:9e:ee:c3:73:af:92:12:d4:b6:c5:aa:ad:
                    83:32:de:a8:8f:7f:1c:fb:17:fc:0f:75:d7:f4:7a:
                    99:e1:ad:c2:ce:f3:df:4f:6f:ae:ae:1e:e3:32:99:
                    f6:43:0b:67:6c:52:8d:b8:d6:92:73:18:fe:b6:df:
                    48:57:f6:7b:62:1e:03:11:fc:cf:74:63:62:f4:e6:
                    31:73:25:15:94:32:92:e2:d1:5e:32:3f:9c:96:12:
                    fb:09:be:f3:2a:1b:fa:81:5d:5a:7d:38:30:57:04:
                    0d:22:68:1d:c4:07:63:bc:9a:ca:9e:e2:38:56:1d:
                    45:9e:d7:fd:bd:45:0a:75:0f:e5:9b:05:dd:82:14:
                    3b:db:f0:cd:98:ce:22:58:f7:aa:d2:9a:ff:0f:8d:
                    ee:b8:35:fd:35:6a:d2:64:3b:9b:dd:91:a6:7a:3a:
                    f2:79:79:bc:2a:43:28:8d:82:07:c3:84:ab:df:af:
                    e3:8b:d8:3a:bc:8c:f0:d2:18:59:34:5f:c8:fd:4a:
                    63:9d:9b:12:51:7a:d6:f0:cf:ad:e7:26:0b:88:47:
                    47:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:7D:99:53:24:31:B5:86:63:47:58:08:01:80:7A:C8:CA:DA:67:14
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e332e302f32342d3234203d3e20323030303137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:a0:80:4b:5c:cc:de:6e:60:bf:5f:36:c1:8a:be:1c:bb:7a:
         37:5b:c7:23:be:09:1b:3e:da:36:b8:e7:7b:2e:99:ca:8f:2c:
         0e:2b:58:0f:65:07:c3:ef:c6:57:f4:a8:e8:83:2e:9a:c3:98:
         09:60:bd:fe:a1:75:ad:06:67:8d:8f:15:0a:3c:97:4a:86:5b:
         e9:ff:91:41:42:a9:18:52:e3:13:76:32:2e:6c:a0:e4:c9:5b:
         e3:3c:35:0b:a5:1f:c7:a7:6a:8a:58:a8:86:93:68:a2:f4:34:
         6f:88:48:1e:00:8a:1a:af:78:37:59:4d:c8:31:33:6b:d5:55:
         d2:4b:1e:ce:46:ee:de:ce:8a:f8:c2:81:9d:1e:d7:75:62:3a:
         9d:4d:7d:7c:91:33:d1:ce:d3:c1:01:09:76:1c:3a:67:24:44:
         ad:c0:f2:dd:94:b4:9f:16:b0:a2:60:90:6d:1d:19:3b:9d:b6:
         59:1f:5a:0f:94:cd:90:3a:30:09:c4:43:4d:e9:af:52:d1:f0:
         3b:ed:e2:c7:01:ec:8f:a8:e1:a1:20:2b:85:b4:5d:aa:ee:f3:
         8e:9c:73:64:94:b8:7e:8e:a7:59:5a:14:76:99:6e:2f:1a:f6:
         72:1e:58:ed:af:c4:ea:83:ea:53:1d:4b:79:a8:62:07:70:eb:
         a0:03:8e:f6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUXIrJ97vpCncLLcShbjeHvbzfRY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA0MjMxMzAzMTJaFw0yNTA0MjIxMzA4MTJaMDMxMTAvBgNV
BAMTKDM1N0Q5OTUzMjQzMUI1ODY2MzQ3NTgwODAxODA3QUM4Q0FEQTY3MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn17mspti7mbm0igTTz4XTUe9y
8OP0gH7ViD7JasJ2NJSLY1cBJZCluK/HlS+t8Z7uw3OvkhLUtsWqrYMy3qiPfxz7
F/wPddf0epnhrcLO899Pb66uHuMymfZDC2dsUo241pJzGP6230hX9ntiHgMR/M90
Y2L05jFzJRWUMpLi0V4yP5yWEvsJvvMqG/qBXVp9ODBXBA0iaB3EB2O8msqe4jhW
HUWe1/29RQp1D+WbBd2CFDvb8M2YziJY96rSmv8Pje64Nf01atJkO5vdkaZ6OvJ5
ebwqQyiNggfDhKvfr+OL2Dq8jPDSGFk0X8j9SmOdmxJRetbwz63nJguIR0cPAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUNX2ZUyQxtYZjR1gIAYB6yMraZxQwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzEzODM1MmUzMTM4MzEyZTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDMwMzAzMTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
ubUDMA0GCSqGSIb3DQEBCwUAA4IBAQCDoIBLXMzebmC/XzbBir4cu3o3W8cjvgkb
Pto2uOd7LpnKjywOK1gPZQfD78ZX9Kjogy6aw5gJYL3+oXWtBmeNjxUKPJdKhlvp
/5FBQqkYUuMTdjIubKDkyVvjPDULpR/Hp2qKWKiGk2ii9DRviEgeAIoar3g3WU3I
MTNr1VXSSx7ORu7ezor4woGdHtd1YjqdTX18kTPRztPBAQl2HDpnJEStwPLdlLSf
FrCiYJBtHRk7nbZZH1oPlM2QOjAJxENN6a9S0fA77eLHAeyPqOGhICuFtF2q7vOO
nHNklLh+jqdZWhR2mW4vGvZyHljtr8Tqg+pTHUt5qGIHcOugA472
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:59:19 2024 by rpki-client on console-fra.rpki-client.org