Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3135332e3137372e302f32342d3332203d3e20313336373837.roa
File:                     3138352e3135332e3137372e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          WakGXIwVOezrKpe9uh1Vgi2+7ZfoPoJsS9NADqzaEKc=
Subject key identifier:   96:6C:39:5F:F7:A2:6A:16:89:31:ED:F8:7E:62:F2:75:AD:3E:65:E5
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       11C3C6EEAFDC3C3422138E4022C152FB399280BE
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3135332e3137372e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:45 +0000
ROA not before:           Mon 26 Feb 2024 08:48:45 +0000
ROA not after:            Mon 24 Feb 2025 08:53:45 +0000
asID:                     136787
IP address blocks:        185.153.177.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:c3:c6:ee:af:dc:3c:34:22:13:8e:40:22:c1:52:fb:39:92:80:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:45 2024 GMT
            Not After : Feb 24 08:53:45 2025 GMT
        Subject: CN=966C395FF7A26A168931EDF87E62F275AD3E65E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:2a:c1:50:cb:92:65:bd:45:15:4a:0c:e5:c7:
                    09:03:a9:8c:a5:6c:23:20:c3:aa:1d:fb:e4:cd:ad:
                    46:e6:ec:ff:ca:7b:dd:74:f9:a1:f5:18:f2:5f:46:
                    59:91:d5:dc:b3:3d:ca:38:c1:a7:a9:0e:be:5f:87:
                    3c:87:69:71:d8:b6:ee:84:ec:fa:63:fa:74:87:a6:
                    62:5c:c5:97:76:10:c7:d3:f8:9c:59:27:3f:cd:6a:
                    23:41:29:73:70:76:ad:40:d2:f3:3c:86:02:ef:df:
                    a4:24:50:46:6e:26:55:d2:21:b4:5b:d5:c4:7d:7f:
                    33:9f:72:57:a4:cb:35:58:68:78:0f:5f:eb:f0:bd:
                    a7:db:56:aa:32:ae:5e:91:36:98:71:d6:2b:0d:eb:
                    3e:e8:9d:68:c3:31:c8:5f:3b:6f:06:1a:cd:b6:43:
                    f1:76:73:aa:4a:b8:78:7d:c5:6c:9d:74:63:bc:19:
                    b8:59:ac:bb:70:eb:e7:7e:29:2c:c9:8a:d6:14:8a:
                    ae:38:58:88:d2:96:54:af:17:9e:07:68:23:25:92:
                    05:bc:78:27:1f:2a:08:5a:47:75:2a:7e:dc:18:04:
                    90:89:40:fa:18:ac:5f:e5:b2:f6:43:11:82:46:6e:
                    9c:1b:85:23:30:22:52:a3:66:4f:53:7c:1d:83:8f:
                    45:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:6C:39:5F:F7:A2:6A:16:89:31:ED:F8:7E:62:F2:75:AD:3E:65:E5
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3135332e3137372e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:86:6f:65:dc:61:65:42:71:50:69:38:cd:0d:5b:77:91:d6:
         c9:b2:96:1b:0e:ef:40:61:7e:82:9e:e9:75:65:8f:d2:fd:02:
         eb:40:1b:8c:70:45:dd:48:fa:83:57:48:de:96:86:e1:7f:53:
         f2:01:cd:f3:0f:3c:91:48:80:6c:ae:fd:6e:6f:6b:ee:69:50:
         57:48:93:b6:9f:cb:1c:d5:98:ea:1c:d5:ae:d3:7a:78:e9:af:
         82:a3:c7:02:6d:ee:b1:83:ac:e6:f0:f2:05:4b:3f:1b:6b:cc:
         2d:56:cd:af:70:77:98:01:16:2e:be:a0:32:ef:42:3c:4a:82:
         9d:22:54:e5:7a:0a:46:ca:75:e2:88:65:19:67:ab:9b:10:29:
         5d:c3:58:35:d6:50:d0:53:f1:ee:8b:53:c4:78:8f:e1:3d:95:
         12:2c:bd:dc:b5:46:a4:57:5f:e9:b2:19:0d:3c:1e:d4:0e:04:
         06:77:6f:ce:ee:74:20:fc:23:fa:bc:75:88:f0:d1:a8:6a:1b:
         1b:23:68:f4:6c:ef:35:c9:4b:2e:3a:67:d3:e9:c0:c2:2a:1f:
         2a:d2:1a:d3:89:88:d8:58:a0:be:f8:04:2b:72:a2:a4:d7:af:
         7d:24:9a:85:2f:eb:dd:d2:21:33:66:6a:fd:5f:25:7d:98:12:
         50:cb:b6:a0
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUEcPG7q/cPDQiE45AIsFS+zmSgL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDVaFw0yNTAyMjQwODUzNDVaMDMxMTAvBgNV
BAMTKDk2NkMzOTVGRjdBMjZBMTY4OTMxRURGODdFNjJGMjc1QUQzRTY1RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjKsFQy5JlvUUVSgzlxwkDqYyl
bCMgw6od++TNrUbm7P/Ke910+aH1GPJfRlmR1dyzPco4waepDr5fhzyHaXHYtu6E
7Ppj+nSHpmJcxZd2EMfT+JxZJz/NaiNBKXNwdq1A0vM8hgLv36QkUEZuJlXSIbRb
1cR9fzOfclekyzVYaHgPX+vwvafbVqoyrl6RNphx1isN6z7onWjDMchfO28GGs22
Q/F2c6pKuHh9xWyddGO8GbhZrLtw6+d+KSzJitYUiq44WIjSllSvF54HaCMlkgW8
eCcfKghaR3UqftwYBJCJQPoYrF/lsvZDEYJGbpwbhSMwIlKjZk9TfB2Dj0X1AgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUlmw5X/eiahaJMe34fmLyda0+ZeUwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3Jz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzUz
MzJlMzEzNzM3MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzEzMzM2MzczODM3LnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAuZmxMA0GCSqGSIb3DQEBCwUAA4IBAQAuhm9l3GFlQnFQaTjNDVt3
kdbJspYbDu9AYX6Cnul1ZY/S/QLrQBuMcEXdSPqDV0jelobhf1PyAc3zDzyRSIBs
rv1ub2vuaVBXSJO2n8sc1ZjqHNWu03p46a+Co8cCbe6xg6zm8PIFSz8ba8wtVs2v
cHeYARYuvqAy70I8SoKdIlTlegpGynXiiGUZZ6ubECldw1g11lDQU/Hui1PEeI/h
PZUSLL3ctUakV1/pshkNPB7UDgQGd2/O7nQg/CP6vHWI8NGoahsbI2j0bO81yUsu
OmfT6cDCKh8q0hrTiYjYWKC++AQrcqKk1699JJqFL+vd0iEzZmr9XyV9mBJQy7ag
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org