Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3135372e39372e3133342e302f32342d3234203d3e20313437303439.roa
File:                     3135372e39372e3133342e302f32342d3234203d3e20313437303439.roa (raw, json)
Hash identifier:          j6iQ7XPNgV4Xm2EiDPXy4GkmGEsz+Iskwr/eLYFe/xM=
Subject key identifier:   16:9D:36:33:5E:33:BF:E7:3C:81:45:E9:BB:F5:58:FE:26:1E:EB:54
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       354D63D1148CA93B43D40CA1EFFDD08CD8182432
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3135372e39372e3133342e302f32342d3234203d3e20313437303439.roa
Signing time:             Mon 26 Feb 2024 08:53:43 +0000
ROA not before:           Mon 26 Feb 2024 08:48:43 +0000
ROA not after:            Mon 24 Feb 2025 08:53:43 +0000
asID:                     147049
IP address blocks:        157.97.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:4d:63:d1:14:8c:a9:3b:43:d4:0c:a1:ef:fd:d0:8c:d8:18:24:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:43 2024 GMT
            Not After : Feb 24 08:53:43 2025 GMT
        Subject: CN=169D36335E33BFE73C8145E9BBF558FE261EEB54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:63:fc:41:19:44:38:52:87:1c:04:83:0a:4c:
                    8e:d4:19:69:5b:86:d6:db:93:b2:c0:e7:f2:1f:26:
                    99:91:a8:51:92:24:99:85:5e:d4:ab:3d:d0:57:1b:
                    54:e6:d1:2c:56:b2:71:5a:b2:39:2c:57:37:ee:cd:
                    5e:05:72:f8:7d:a1:55:6e:23:74:e5:03:13:34:de:
                    16:a6:55:02:25:72:d1:5c:71:fe:3d:bf:2a:a8:83:
                    1c:04:91:0c:1d:08:5f:c1:a2:2b:ab:f0:9d:3a:7d:
                    8c:8a:0b:8f:47:55:d2:db:52:99:cf:39:20:f4:b6:
                    d0:41:fc:b5:27:be:a3:6a:d3:37:20:0d:9d:d8:c0:
                    24:97:15:a6:25:a8:bc:de:4b:d1:a2:97:a1:75:72:
                    c3:21:28:1c:9e:87:f6:89:c0:f9:48:45:c4:12:c6:
                    41:a7:51:c8:84:c7:27:e8:d5:3a:d1:f3:50:58:1c:
                    44:5f:8c:16:26:9f:28:a6:a4:92:bc:ed:b2:0b:46:
                    60:e4:98:c1:de:2f:c1:b0:34:10:0c:92:d0:c2:6b:
                    c6:59:de:f3:1a:3e:8d:bb:1d:54:25:4a:80:16:77:
                    97:cf:7c:0e:fc:ee:76:d5:6a:13:15:3a:9f:1e:94:
                    3b:c7:1a:8e:c1:1b:06:85:5d:2c:e0:23:7e:75:25:
                    bc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:9D:36:33:5E:33:BF:E7:3C:81:45:E9:BB:F5:58:FE:26:1E:EB:54
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3135372e39372e3133342e302f32342d3234203d3e20313437303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:9f:39:83:f9:62:f9:43:b0:3f:98:33:d1:4f:61:df:cb:24:
         57:17:cd:23:b5:ae:a0:ef:4b:71:66:b8:8c:94:3d:fe:ef:bc:
         50:db:2b:78:d0:ea:46:c8:16:5c:87:4d:23:08:f0:79:8d:8f:
         bc:73:84:aa:d7:d7:62:24:1e:e1:00:93:42:ef:46:dd:88:e9:
         5e:c8:9b:c2:53:2a:d5:e4:7f:10:99:6d:d3:61:24:47:1a:76:
         09:23:62:d2:7e:95:df:89:73:71:c4:7a:d8:68:12:56:f0:15:
         97:19:51:f7:73:34:06:64:d3:2d:06:83:36:d6:1a:8e:b9:22:
         76:4f:dd:d8:91:3c:17:e1:ef:3d:7c:ea:10:8b:c8:63:96:23:
         d1:80:a9:f1:25:22:10:3a:a8:c3:de:02:10:59:86:20:9d:2c:
         98:70:1c:4d:64:a6:83:67:2f:c5:3c:84:60:66:b4:01:91:5a:
         f9:2f:07:f1:df:8e:01:e6:ed:e2:e4:d9:6b:77:44:94:13:18:
         44:f1:d8:62:5e:6e:45:b0:c0:36:fa:01:c2:83:53:87:3d:33:
         4e:4d:cf:2b:a8:79:1c:9b:ed:a7:f4:79:0a:ec:4e:9e:30:ec:
         1f:09:d9:7e:28:f7:bf:43:fc:1e:ea:e4:33:34:f1:7c:2f:bb:
         b5:0e:f4:47
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUNU1j0RSMqTtD1Ayh7/3QjNgYJDIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDNaFw0yNTAyMjQwODUzNDNaMDMxMTAvBgNV
BAMTKDE2OUQzNjMzNUUzM0JGRTczQzgxNDVFOUJCRjU1OEZFMjYxRUVCNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Y/xBGUQ4UoccBIMKTI7UGWlb
htbbk7LA5/IfJpmRqFGSJJmFXtSrPdBXG1Tm0SxWsnFasjksVzfuzV4Fcvh9oVVu
I3TlAxM03hamVQIlctFccf49vyqogxwEkQwdCF/Boiur8J06fYyKC49HVdLbUpnP
OSD0ttBB/LUnvqNq0zcgDZ3YwCSXFaYlqLzeS9Gil6F1csMhKByeh/aJwPlIRcQS
xkGnUciExyfo1TrR81BYHERfjBYmnyimpJK87bILRmDkmMHeL8GwNBAMktDCa8ZZ
3vMaPo27HVQlSoAWd5fPfA787nbVahMVOp8elDvHGo7BGwaFXSzgI351Jbx3AgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUFp02M14zv+c8gUXpu/VY/iYe61QwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM1MzcyZTM5Mzcy
ZTMxMzMzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzNzMwMzQzOS5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEAJ1hhjANBgkqhkiG9w0BAQsFAAOCAQEA0585g/li+UOwP5gz0U9h38sk
VxfNI7WuoO9LcWa4jJQ9/u+8UNsreNDqRsgWXIdNIwjweY2PvHOEqtfXYiQe4QCT
Qu9G3YjpXsibwlMq1eR/EJlt02EkRxp2CSNi0n6V34lzccR62GgSVvAVlxlR93M0
BmTTLQaDNtYajrkidk/d2JE8F+HvPXzqEIvIY5Yj0YCp8SUiEDqow94CEFmGIJ0s
mHAcTWSmg2cvxTyEYGa0AZFa+S8H8d+OAebt4uTZa3dElBMYRPHYYl5uRbDANvoB
woNThz0zTk3PK6h5HJvtp/R5CuxOnjDsHwnZfij3v0P8HurkMzTxfC+7tQ70Rw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org