Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa
File:                     3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          /0XaxXhIpCBztME9mrOVRtjh8l9tUhuQZnCgGKk8nwg=
Subject key identifier:   42:C0:5E:35:9D:C5:05:36:B4:4A:97:32:64:EB:C4:4C:D1:61:55:8C
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       55C65BD64274493CE9EB28C5CA922417E31FC626
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:44 +0000
ROA not before:           Mon 26 Feb 2024 08:48:44 +0000
ROA not after:            Mon 24 Feb 2025 08:53:44 +0000
asID:                     201341
IP address blocks:        185.163.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c6:5b:d6:42:74:49:3c:e9:eb:28:c5:ca:92:24:17:e3:1f:c6:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:44 2024 GMT
            Not After : Feb 24 08:53:44 2025 GMT
        Subject: CN=42C05E359DC50536B44A973264EBC44CD161558C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:25:40:03:a9:be:e7:9d:96:1e:3c:f1:37:f7:
                    96:c9:6d:91:ae:77:5b:9f:66:da:24:24:02:b5:1b:
                    73:cc:cf:79:13:d8:8a:a6:41:9b:0b:d9:4d:6f:31:
                    ca:6c:0d:63:a3:b5:ec:33:f6:ef:e0:77:76:5e:49:
                    97:29:40:9d:b2:2b:1e:f0:e3:69:a6:93:9a:69:c9:
                    39:2f:04:a3:a2:45:7c:db:d9:04:b8:bc:16:45:b8:
                    07:2d:00:79:74:2c:34:cf:fb:fc:60:80:84:18:69:
                    e4:97:b4:7a:93:56:cb:66:7d:90:92:43:9a:5c:e7:
                    cf:af:27:15:d8:e2:a1:9f:d6:18:e1:72:a9:ec:e1:
                    4b:c3:86:15:bf:05:fc:d8:01:c5:48:e8:99:48:08:
                    8f:3c:12:30:d8:81:5e:c2:f1:1c:35:3f:ca:9e:9d:
                    5c:d9:ca:23:21:57:7a:2b:ea:af:b6:b9:cb:91:1b:
                    c1:14:07:e3:d1:09:7c:8d:09:15:e9:4c:50:bc:f6:
                    79:94:12:3b:90:08:ed:b5:5c:d7:90:0e:2e:17:8a:
                    6b:df:5f:32:d0:69:92:8d:87:0d:97:31:6f:05:ed:
                    fc:7d:67:3e:b0:5c:4a:22:0f:4f:15:fe:81:ad:53:
                    2b:54:b3:72:f2:38:3a:3b:35:b0:0d:68:e9:ae:c6:
                    46:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C0:5E:35:9D:C5:05:36:B4:4A:97:32:64:EB:C4:4C:D1:61:55:8C
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:56:9a:a9:3f:c3:ef:d9:85:4a:99:b2:e8:1a:07:90:22:f9:
         cc:ce:04:0e:d2:9c:ee:cd:ae:d8:f8:41:f0:d4:26:ed:45:0d:
         ac:85:3f:fc:df:f4:0e:1c:c4:f5:82:f6:d6:ff:6c:1a:7e:0b:
         94:54:66:02:db:05:25:50:5e:cc:55:6b:85:d3:09:9b:7d:5d:
         77:de:c7:bc:ce:f3:f3:71:75:28:90:3c:99:27:bd:66:a6:d5:
         c9:b6:b5:2d:23:a0:00:bc:20:59:78:8a:72:12:23:a2:01:e2:
         4e:c9:dc:d7:65:02:27:92:5b:b8:eb:02:ae:1f:3e:54:18:c5:
         79:4a:75:6e:a9:64:7e:08:59:d8:c9:97:4c:42:27:ee:da:52:
         2d:33:16:13:20:58:b0:8d:b1:10:95:68:61:fe:b5:66:d0:3b:
         36:6c:1d:d2:9e:e2:d0:a6:cb:d9:0d:2b:36:21:d1:c1:82:b4:
         4e:05:c3:ab:52:16:11:c7:32:c3:bd:8d:b2:8a:29:b7:23:5c:
         d4:4a:e4:a5:1b:dd:18:e8:8e:e5:40:ba:26:bb:c9:13:99:3f:
         6e:e4:92:64:ad:4e:b3:02:45:e2:ca:4c:09:70:50:ab:87:03:
         4c:34:23:9b:ae:c9:50:57:2b:a4:ae:a0:7c:df:12:ee:5a:3c:
         27:90:0a:9b
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUVcZb1kJ0STzp6yjFypIkF+MfxiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDRaFw0yNTAyMjQwODUzNDRaMDMxMTAvBgNV
BAMTKDQyQzA1RTM1OURDNTA1MzZCNDRBOTczMjY0RUJDNDRDRDE2MTU1OEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfJUADqb7nnZYePPE395bJbZGu
d1ufZtokJAK1G3PMz3kT2IqmQZsL2U1vMcpsDWOjtewz9u/gd3ZeSZcpQJ2yKx7w
42mmk5ppyTkvBKOiRXzb2QS4vBZFuActAHl0LDTP+/xggIQYaeSXtHqTVstmfZCS
Q5pc58+vJxXY4qGf1hjhcqns4UvDhhW/BfzYAcVI6JlICI88EjDYgV7C8Rw1P8qe
nVzZyiMhV3or6q+2ucuRG8EUB+PRCXyNCRXpTFC89nmUEjuQCO21XNeQDi4Ximvf
XzLQaZKNhw2XMW8F7fx9Zz6wXEoiD08V/oGtUytUs3LyODo7NbANaOmuxkaBAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUQsBeNZ3FBTa0SpcyZOvETNFhVYwwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
MzJlMzUzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmjNTANBgkqhkiG9w0BAQsFAAOCAQEAA1aaqT/D79mFSpmy6BoHkCL5
zM4EDtKc7s2u2PhB8NQm7UUNrIU//N/0DhzE9YL21v9sGn4LlFRmAtsFJVBezFVr
hdMJm31dd97HvM7z83F1KJA8mSe9ZqbVyba1LSOgALwgWXiKchIjogHiTsnc12UC
J5JbuOsCrh8+VBjFeUp1bqlkfghZ2MmXTEIn7tpSLTMWEyBYsI2xEJVoYf61ZtA7
Nmwd0p7i0KbL2Q0rNiHRwYK0TgXDq1IWEccyw72NsooptyNc1ErkpRvdGOiO5UC6
JrvJE5k/buSSZK1OswJF4spMCXBQq4cDTDQjm67JUFcrpK6gfN8S7lo8J5AKmw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:21 2024 by rpki-client on console-ams.rpki-client.org