Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137352e302f32342d3234203d3e20323033373538.roa
File:                     3138352e3137322e3137352e302f32342d3234203d3e20323033373538.roa (raw, json)
Hash identifier:          pyPP2YGllCmhofSY4vYGtKdcvH/DtPb43RdZMVWyn00=
Subject key identifier:   21:A4:29:AC:A8:94:40:AE:6A:0C:0A:24:CC:B9:BD:2C:89:DE:42:EC
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       1D4E37F74FABB771E4DA25453F564E3165AC606D
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137352e302f32342d3234203d3e20323033373538.roa
Signing time:             Mon 05 Feb 2024 20:42:01 +0000
ROA not before:           Mon 05 Feb 2024 20:37:01 +0000
ROA not after:            Mon 03 Feb 2025 20:42:01 +0000
asID:                     203758
IP address blocks:        185.172.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:4e:37:f7:4f:ab:b7:71:e4:da:25:45:3f:56:4e:31:65:ac:60:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb  5 20:37:01 2024 GMT
            Not After : Feb  3 20:42:01 2025 GMT
        Subject: CN=21A429ACA89440AE6A0C0A24CCB9BD2C89DE42EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:40:4a:32:ce:45:b4:2a:47:50:aa:04:50:d7:
                    bf:6c:46:c4:10:64:25:11:e0:cf:c2:37:7d:73:c0:
                    aa:2a:b9:ec:97:a3:ea:f5:b5:20:89:d2:57:71:ea:
                    3b:5f:c9:a6:fe:01:9e:7b:91:1a:75:d7:37:f9:15:
                    55:8d:ff:ec:c8:d2:c0:52:04:a6:a7:5d:15:77:db:
                    c1:68:c4:4b:f3:61:5e:08:4d:d7:3a:98:8c:c0:cc:
                    b6:fe:d7:d5:f9:3e:c9:02:f1:5c:1b:c1:88:5e:4b:
                    24:6b:f3:b2:ec:18:eb:06:9f:93:64:43:07:89:78:
                    de:10:8c:fe:90:d7:b2:2f:e6:27:b1:15:0d:2c:09:
                    16:9d:7f:0e:48:4e:3f:de:7b:23:12:d1:ac:a0:6b:
                    77:a5:23:d8:97:16:9c:b2:76:9c:67:a4:1e:2d:2c:
                    1d:8f:68:fc:80:43:82:f8:6a:ae:80:c8:b7:7f:b0:
                    ab:ff:9e:7b:85:0c:c8:96:16:be:a1:a7:17:95:39:
                    95:cc:12:47:1f:f0:66:79:7b:69:bf:bb:d2:a0:fb:
                    b5:21:b6:b0:10:ea:5a:cc:84:c3:1f:5c:d9:b9:63:
                    16:a2:6b:d4:e3:d8:bf:ac:5f:f8:b2:89:ff:70:a3:
                    35:8a:a3:b4:15:3b:a1:be:bf:7a:b4:f8:8b:bb:3d:
                    5d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A4:29:AC:A8:94:40:AE:6A:0C:0A:24:CC:B9:BD:2C:89:DE:42:EC
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137352e302f32342d3234203d3e20323033373538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:bb:0b:6b:22:52:74:e8:cb:13:22:14:64:2c:eb:a4:4c:50:
         24:66:28:a7:f4:09:7e:cd:23:72:4b:d1:1d:0f:f6:34:1e:b8:
         bc:13:f4:b3:16:0c:37:e8:b9:91:27:df:67:7c:32:df:ee:72:
         a9:91:c3:9a:a3:3a:28:9d:f1:44:8b:27:ad:22:d7:2d:1c:8a:
         2f:77:89:bd:a9:99:e4:d5:3d:78:17:21:84:43:4e:4a:e2:fd:
         f0:93:09:83:e5:ef:0b:68:0f:a2:f6:c0:48:8f:5f:a6:23:09:
         2a:61:55:7d:bb:cc:62:2c:1e:46:79:af:ba:26:c5:75:b6:95:
         2e:67:48:54:ab:75:af:18:d5:2b:4f:de:43:77:00:b9:ff:ae:
         bf:97:ac:3d:6e:73:d8:43:04:17:f4:86:9f:b2:4c:29:4b:d6:
         10:d9:8c:03:e1:f2:bc:c0:d8:e1:01:a5:0d:c8:f5:55:1b:be:
         af:bf:d2:25:7a:5b:e1:8d:5e:5e:46:f2:6e:b8:4e:c0:4d:e0:
         4f:37:21:c6:94:60:06:e2:df:c1:ac:41:66:c4:61:e3:fb:96:
         cd:b2:00:7d:35:84:ac:07:7c:53:b7:c1:e6:57:b5:1f:8c:82:
         86:ba:26:53:ce:25:be:9e:8f:86:b5:4e:86:f6:5f:d5:e8:a6:
         3b:1d:65:db
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUHU4390+rt3Hk2iVFP1ZOMWWsYG0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMDUyMDM3MDFaFw0yNTAyMDMyMDQyMDFaMDMxMTAvBgNV
BAMTKDIxQTQyOUFDQTg5NDQwQUU2QTBDMEEyNENDQjlCRDJDODlERTQyRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/QEoyzkW0KkdQqgRQ179sRsQQ
ZCUR4M/CN31zwKoqueyXo+r1tSCJ0ldx6jtfyab+AZ57kRp11zf5FVWN/+zI0sBS
BKanXRV328FoxEvzYV4ITdc6mIzAzLb+19X5PskC8VwbwYheSyRr87LsGOsGn5Nk
QweJeN4QjP6Q17Iv5iexFQ0sCRadfw5ITj/eeyMS0ayga3elI9iXFpyydpxnpB4t
LB2PaPyAQ4L4aq6AyLd/sKv/nnuFDMiWFr6hpxeVOZXMEkcf8GZ5e2m/u9Kg+7Uh
trAQ6lrMhMMfXNm5Yxaia9Tj2L+sX/iyif9wozWKo7QVO6G+v3q0+Iu7PV3bAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUIaQprKiUQK5qDAokzLm9LIneQuwwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzODM1MmUzMTM3MzIyZTMx
MzczNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMzM3MzUzOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALmsrzANBgkqhkiG9w0BAQsFAAOCAQEAM7sLayJSdOjLEyIUZCzrpExQJGYo
p/QJfs0jckvRHQ/2NB64vBP0sxYMN+i5kSffZ3wy3+5yqZHDmqM6KJ3xRIsnrSLX
LRyKL3eJvamZ5NU9eBchhENOSuL98JMJg+XvC2gPovbASI9fpiMJKmFVfbvMYiwe
RnmvuibFdbaVLmdIVKt1rxjVK0/eQ3cAuf+uv5esPW5z2EMEF/SGn7JMKUvWENmM
A+HyvMDY4QGlDcj1VRu+r7/SJXpb4Y1eXkbybrhOwE3gTzchxpRgBuLfwaxBZsRh
4/uWzbIAfTWErAd8U7fB5le1H4yChromU84lvp6PhrVOhvZf1eimOx1l2w==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:01 2024 by rpki-client on console-fra.rpki-client.org