Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207841.roa
File:                     AS207841.roa (raw, json)
Hash identifier:          ecTMqsHKbRQxaekLSfG2uZlNxTRSKKr3RTBP3Q/ByWs=
Subject key identifier:   B7:97:0B:63:45:29:E0:14:41:00:7C:72:E7:A1:B2:B7:DC:F5:78:80
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       210202C75C75787B7933A99ABBED874C751F0FE8
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207841.roa
Signing time:             Mon 15 Jul 2024 13:50:41 +0000
ROA not before:           Mon 15 Jul 2024 13:45:41 +0000
ROA not after:            Mon 14 Jul 2025 13:50:41 +0000
asID:                     207841
IP address blocks:        193.57.144.0/24 maxlen: 24
                          193.57.159.0/24 maxlen: 24
                          193.57.167.0/24 maxlen: 24
                          193.57.168.0/24 maxlen: 24
                          195.200.20.0/23 maxlen: 23
                          2a0f:85c0::/48 maxlen: 48
                          2a0f:85c2::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:02:02:c7:5c:75:78:7b:79:33:a9:9a:bb:ed:87:4c:75:1f:0f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jul 15 13:45:41 2024 GMT
            Not After : Jul 14 13:50:41 2025 GMT
        Subject: CN=B7970B634529E01441007C72E7A1B2B7DCF57880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:65:c7:2a:52:c5:5e:af:eb:f5:29:92:a7:46:
                    b7:c7:9e:6d:86:d3:58:e2:0b:8a:41:5f:b7:89:e8:
                    bf:ee:ff:7c:0c:d4:64:a2:4f:12:f8:e4:98:1c:80:
                    a2:67:d8:e6:f4:a9:f7:1e:49:e4:32:ef:23:b9:b2:
                    5f:59:72:c2:52:27:da:a2:03:88:d2:61:3f:d1:24:
                    dc:15:82:ed:6b:4d:f4:bd:04:22:8d:e8:d0:85:7d:
                    fa:60:56:d6:ac:30:75:3b:0a:e6:60:7e:2e:31:e9:
                    5e:d1:a6:cf:2a:d9:83:19:84:40:97:5e:8e:46:8f:
                    a3:76:3f:54:f8:f6:1e:da:7f:67:f2:db:21:ae:5d:
                    aa:f5:78:60:49:55:25:fe:5a:92:58:72:3a:81:ff:
                    19:fd:31:e2:18:d2:b7:c6:dd:19:53:f8:86:15:b9:
                    12:47:9c:38:ba:62:c1:af:35:16:24:7c:03:0a:4a:
                    0c:f5:d1:ba:22:04:95:44:54:b9:d7:35:62:2b:bb:
                    7b:c1:43:15:1f:3e:63:0c:02:b4:2b:e2:94:c4:54:
                    39:26:fc:38:fe:d1:f4:97:dc:d5:99:4e:57:1e:4f:
                    fa:68:71:87:9a:94:83:80:3d:d5:08:bf:c4:31:b2:
                    93:dc:d7:0e:43:15:51:28:5b:da:0c:19:d2:b7:d5:
                    79:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:97:0B:63:45:29:E0:14:41:00:7C:72:E7:A1:B2:B7:DC:F5:78:80
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS207841.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.144.0/24
                  193.57.159.0/24
                  193.57.167.0-193.57.168.255
                  195.200.20.0/23
                IPv6:
                  2a0f:85c0::/48
                  2a0f:85c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:e0:80:43:15:45:62:ff:4c:92:cf:98:76:be:31:98:26:bb:
         6e:7e:98:5f:bc:6c:88:5e:ce:c9:26:09:c7:60:28:66:f9:cd:
         dc:6b:57:f0:33:6a:6e:b5:e6:bb:66:e8:e5:03:45:c1:eb:b4:
         86:d5:9e:32:13:94:d6:b1:af:ba:99:59:6f:10:da:5c:8f:cf:
         e7:53:9c:56:0c:4f:5c:01:0a:53:0c:bc:17:f1:0d:9e:fa:4b:
         fe:53:c5:9e:ca:e9:9f:9f:fa:0e:75:0d:03:14:d4:c4:fe:02:
         d2:ee:e2:f6:8d:b1:db:ce:d8:f6:58:9e:6a:32:b9:41:d1:a9:
         9a:00:2a:4d:28:73:1c:9a:5f:38:95:59:52:50:02:4a:1c:5a:
         b2:de:3f:f7:79:96:65:4f:36:bd:54:2e:64:b1:3e:43:87:c9:
         d5:d4:d3:9c:44:2b:51:26:82:ad:4b:a7:4a:de:0a:b2:d6:f4:
         d5:02:81:0e:16:86:e9:54:b9:31:65:3c:23:2b:7c:09:69:da:
         0c:f5:ce:cb:9a:b4:31:af:de:bc:e0:06:8d:ac:36:b4:2e:6a:
         a7:2d:67:ec:7e:72:96:06:eb:e4:7c:a7:9f:b7:42:fd:8b:67:
         67:f3:ba:54:16:b0:3b:7d:39:15:88:c7:b4:a2:83:c2:57:1d:
         7b:89:f6:fc
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUIQICx1x1eHt5M6mau+2HTHUfD+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA3MTUxMzQ1NDFaFw0yNTA3MTQxMzUwNDFaMDMxMTAvBgNV
BAMTKEI3OTcwQjYzNDUyOUUwMTQ0MTAwN0M3MkU3QTFCMkI3RENGNTc4ODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4ZccqUsVer+v1KZKnRrfHnm2G
01jiC4pBX7eJ6L/u/3wM1GSiTxL45JgcgKJn2Ob0qfceSeQy7yO5sl9ZcsJSJ9qi
A4jSYT/RJNwVgu1rTfS9BCKN6NCFffpgVtasMHU7CuZgfi4x6V7Rps8q2YMZhECX
Xo5Gj6N2P1T49h7af2fy2yGuXar1eGBJVSX+WpJYcjqB/xn9MeIY0rfG3RlT+IYV
uRJHnDi6YsGvNRYkfAMKSgz10boiBJVEVLnXNWIru3vBQxUfPmMMArQr4pTEVDkm
/Dj+0fSX3NWZTlceT/pocYealIOAPdUIv8QxspPc1w5DFVEoW9oMGdK31Xn/AgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUt5cLY0Up4BRBAHxy56Gyt9z1eIAwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjA3ODQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAmBAIAATAgAwQAwTmQ
AwQAwTmfMAwDBADBOacDBADBOagDBAHDyBQwFgQCAAIwEAMHACoPhcAAAAMFACoP
hcIwDQYJKoZIhvcNAQELBQADggEBAF3ggEMVRWL/TJLPmHa+MZgmu25+mF+8bIhe
zskmCcdgKGb5zdxrV/Azam615rtm6OUDRcHrtIbVnjITlNaxr7qZWW8Q2lyPz+dT
nFYMT1wBClMMvBfxDZ76S/5TxZ7K6Z+f+g51DQMU1MT+AtLu4vaNsdvO2PZYnmoy
uUHRqZoAKk0ocxyaXziVWVJQAkocWrLeP/d5lmVPNr1ULmSxPkOHydXU05xEK1Em
gq1Lp0reCrLW9NUCgQ4WhulUuTFlPCMrfAlp2gz1zsuatDGv3rzgBo2sNrQuaqct
Z+x+cpYG6+R8p5+3Qv2LZ2fzulQWsDt9ORWIx7Sig8JXHXuJ9vw=
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org