Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35322e302f32342d3234203d3e20323031333431.roa
File:                     3138352e3136332e35322e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          vrrnmBun1nwJYVClymG5s/6QnTA5LjpkRYcFxY+kWFI=
Subject key identifier:   30:DA:B1:D4:DD:60:54:9D:F0:1B:67:4E:36:A2:37:F9:5C:C1:81:19
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       6DEE3F6AA2981A208BE196D57B680DE4D159BBEF
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35322e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:44 +0000
ROA not before:           Mon 26 Feb 2024 08:48:44 +0000
ROA not after:            Mon 24 Feb 2025 08:53:44 +0000
asID:                     201341
IP address blocks:        185.163.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:ee:3f:6a:a2:98:1a:20:8b:e1:96:d5:7b:68:0d:e4:d1:59:bb:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:44 2024 GMT
            Not After : Feb 24 08:53:44 2025 GMT
        Subject: CN=30DAB1D4DD60549DF01B674E36A237F95CC18119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:40:13:ed:5c:28:d4:d9:3c:fc:d8:c4:ae:3a:
                    c5:1b:d8:02:c7:1f:ef:46:00:e5:ef:07:d6:0d:ac:
                    41:0b:b5:39:a0:10:cd:da:98:76:de:12:8c:1c:67:
                    3f:0e:38:c6:e5:6f:48:48:af:51:3a:d6:e8:3a:cc:
                    b8:43:cd:23:0b:63:66:1c:1c:42:d8:4a:e4:8d:d8:
                    30:58:92:6a:70:a2:dd:1a:0c:5d:b7:9d:36:3b:cb:
                    57:d1:84:b5:e6:61:2e:73:56:87:71:a8:03:3a:f3:
                    8b:e1:78:2e:da:52:ab:57:ef:ef:75:e9:54:e6:cf:
                    85:72:21:fd:a2:67:3c:7c:0c:00:ed:29:6f:7a:29:
                    5a:4d:21:00:7c:3a:60:3d:0a:4c:3e:4e:8f:3d:53:
                    b5:ee:46:e2:42:a9:bc:df:d5:6d:18:5d:7a:a3:27:
                    ec:e1:58:38:55:1e:a5:1a:10:21:f7:9b:57:08:9a:
                    0e:47:b9:ac:86:1a:01:2c:ae:60:50:74:b8:9f:67:
                    ea:3f:ef:3f:00:6f:cd:0b:f6:41:1b:a9:c4:59:5e:
                    c8:49:a1:a8:f4:57:70:ac:fb:2a:51:95:3a:70:04:
                    c1:91:2f:1b:17:9a:0d:1c:ae:bd:6f:15:a8:1f:39:
                    84:88:6a:c6:50:46:4b:f8:ba:4f:68:98:95:d2:28:
                    7a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:DA:B1:D4:DD:60:54:9D:F0:1B:67:4E:36:A2:37:F9:5C:C1:81:19
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35322e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:82:be:e4:9e:0a:03:f4:ed:71:ce:47:07:9b:c6:9e:0b:38:
         d9:8a:e0:99:14:7c:fa:0a:20:2c:55:7f:bb:2a:26:09:3c:f1:
         69:83:c8:17:db:39:77:8c:f4:6c:d0:81:65:da:3f:4c:98:e3:
         0e:e4:36:3e:ce:d4:42:f9:a5:6d:8a:45:48:58:16:30:9c:42:
         42:a6:98:38:c0:8a:f1:b0:88:95:28:14:43:8d:b7:62:9c:d9:
         64:51:6c:5e:94:3a:d9:fd:92:8e:65:0e:07:ec:31:e7:4e:b9:
         dc:c9:59:45:15:ae:96:dd:f1:f9:8c:1c:eb:1a:74:46:7d:e6:
         1d:16:21:54:54:2c:42:50:15:92:a8:be:56:3a:0a:fb:28:3b:
         dc:38:2a:ea:9f:54:98:73:d8:e3:20:f7:f8:84:7f:d8:bc:78:
         34:0b:46:a6:25:5d:6c:10:a4:fa:a6:42:a2:99:c4:71:aa:85:
         5a:12:38:41:cf:a7:a9:a1:cc:9b:29:df:5f:8d:af:fd:31:af:
         db:44:b8:ef:d5:dc:32:fd:28:da:cb:95:90:43:2a:16:8f:cb:
         bd:c1:f3:ac:ac:8b:03:a6:27:0a:dc:9f:c5:33:14:d2:48:ee:
         46:1e:57:e6:38:08:04:eb:c3:9f:7e:42:e4:ea:62:12:54:79:
         07:f4:76:77
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUbe4/aqKYGiCL4ZbVe2gN5NFZu+8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDRaFw0yNTAyMjQwODUzNDRaMDMxMTAvBgNV
BAMTKDMwREFCMUQ0REQ2MDU0OURGMDFCNjc0RTM2QTIzN0Y5NUNDMTgxMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1QBPtXCjU2Tz82MSuOsUb2ALH
H+9GAOXvB9YNrEELtTmgEM3amHbeEowcZz8OOMblb0hIr1E61ug6zLhDzSMLY2Yc
HELYSuSN2DBYkmpwot0aDF23nTY7y1fRhLXmYS5zVodxqAM684vheC7aUqtX7+91
6VTmz4VyIf2iZzx8DADtKW96KVpNIQB8OmA9Ckw+To89U7XuRuJCqbzf1W0YXXqj
J+zhWDhVHqUaECH3m1cImg5HuayGGgEsrmBQdLifZ+o/7z8Ab80L9kEbqcRZXshJ
oaj0V3Cs+ypRlTpwBMGRLxsXmg0crr1vFagfOYSIasZQRkv4uk9omJXSKHpjAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUMNqx1N1gVJ3wG2dONqI3+VzBgRkwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
MzJlMzUzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmjNDANBgkqhkiG9w0BAQsFAAOCAQEApYK+5J4KA/Ttcc5HB5vGngs4
2YrgmRR8+gogLFV/uyomCTzxaYPIF9s5d4z0bNCBZdo/TJjjDuQ2Ps7UQvmlbYpF
SFgWMJxCQqaYOMCK8bCIlSgUQ423YpzZZFFsXpQ62f2SjmUOB+wx50653MlZRRWu
lt3x+Ywc6xp0Rn3mHRYhVFQsQlAVkqi+VjoK+yg73Dgq6p9UmHPY4yD3+IR/2Lx4
NAtGpiVdbBCk+qZCopnEcaqFWhI4Qc+nqaHMmynfX42v/TGv20S479XcMv0o2suV
kEMqFo/LvcHzrKyLA6YnCtyfxTMU0kjuRh5X5jgIBOvDn35C5OpiElR5B/R2dw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:14 2024 by rpki-client on console-fra.rpki-client.org