Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35342e302f32342d3234203d3e20323031333431.roa
File:                     3138352e3136332e35342e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          nmHExG0Aar9d5K9XhY/D50c4EkxBblWpOV2y57jMUEE=
Subject key identifier:   E5:57:BD:ED:65:20:54:8F:73:FB:3A:79:2E:6E:48:8C:F8:EA:1B:B9
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       236E367686BDE0E03288DA061BCFDA12F53B4671
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35342e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:44 +0000
ROA not before:           Mon 26 Feb 2024 08:48:44 +0000
ROA not after:            Mon 24 Feb 2025 08:53:44 +0000
asID:                     201341
IP address blocks:        185.163.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:6e:36:76:86:bd:e0:e0:32:88:da:06:1b:cf:da:12:f5:3b:46:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:44 2024 GMT
            Not After : Feb 24 08:53:44 2025 GMT
        Subject: CN=E557BDED6520548F73FB3A792E6E488CF8EA1BB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d0:63:4f:39:33:93:fc:ae:c8:aa:f6:2a:e8:
                    99:85:24:86:6d:14:ef:61:ba:b9:f6:2a:76:cc:c7:
                    d2:b4:9a:7f:a4:ae:62:3e:f0:96:25:61:fa:b7:ee:
                    2f:c7:f8:75:5e:9e:f5:ae:c6:29:02:a9:2d:69:77:
                    11:36:2f:54:a0:28:d6:d5:1f:f2:67:e1:1b:09:2d:
                    bc:45:b2:71:2e:bb:67:44:e8:a9:2b:0c:7e:f2:e9:
                    57:73:46:77:5d:ae:2e:c8:3c:e6:ff:94:ab:63:b5:
                    ba:45:03:be:9f:c1:43:3b:7c:a5:bf:c4:a2:a9:b6:
                    6f:24:e7:30:07:3c:a0:12:cc:1a:31:25:9b:1e:78:
                    6e:37:24:d1:78:53:9c:14:f5:6d:3f:1f:83:7d:9a:
                    4b:52:64:bd:47:fd:61:fc:a2:75:9e:92:6e:bf:65:
                    d0:3d:64:52:f9:00:85:54:e8:89:f4:ea:52:77:ce:
                    27:62:ce:9f:89:c3:8d:9d:af:d0:fa:db:9c:f6:b3:
                    8a:5e:cd:f9:12:67:9e:ab:3d:7d:49:7d:b5:ff:77:
                    26:78:cc:c8:01:69:8e:20:da:82:05:b7:e5:dd:6f:
                    92:17:b4:85:45:43:43:3d:c7:75:1e:8a:fa:bc:bb:
                    6b:55:d5:df:1a:27:24:26:af:0a:91:07:7d:15:37:
                    39:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:57:BD:ED:65:20:54:8F:73:FB:3A:79:2E:6E:48:8C:F8:EA:1B:B9
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35342e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:cb:ab:8b:05:92:bc:8c:1b:05:b5:dd:1c:20:8d:2f:6d:fe:
         c4:18:d2:d2:86:24:8a:a7:8d:a3:40:08:12:d7:90:cb:fe:d6:
         56:fc:e3:84:0b:77:45:b1:43:11:36:9e:2e:5f:a6:db:da:21:
         9d:53:5f:52:10:5e:92:7b:4f:a3:0d:9a:5a:26:ac:de:25:fa:
         14:1d:ed:74:2f:7b:8e:34:a6:12:7f:c0:91:16:70:8b:f1:f8:
         93:1e:ce:f4:44:9b:08:52:27:fd:21:a0:d2:1f:3b:31:b9:10:
         01:f3:a5:49:f7:b3:6e:dc:9a:2a:3c:54:f0:44:56:b7:fe:e9:
         17:d7:69:ae:95:94:6a:63:35:6f:2a:31:72:d4:1d:bd:01:fb:
         44:f9:b1:1f:99:ba:b6:b7:48:4b:2b:32:71:a2:80:44:76:b9:
         e7:0c:07:11:76:01:1b:e6:b9:c0:69:b6:6e:fd:98:b2:21:26:
         3a:14:9c:ee:91:e1:a7:85:d2:8d:39:9d:57:b2:b4:41:51:f4:
         c5:bb:0a:cd:d1:0a:42:e6:97:56:20:c7:fb:93:ab:c4:be:59:
         76:3c:ab:b8:93:09:af:a6:94:36:59:6b:3e:3e:e7:5b:db:07:
         b7:12:94:6b:53:6c:9e:e1:c4:6c:75:4e:93:3b:5f:92:22:b5:
         37:df:2f:bc
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUI242doa94OAyiNoGG8/aEvU7RnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDRaFw0yNTAyMjQwODUzNDRaMDMxMTAvBgNV
BAMTKEU1NTdCREVENjUyMDU0OEY3M0ZCM0E3OTJFNkU0ODhDRjhFQTFCQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK0GNPOTOT/K7IqvYq6JmFJIZt
FO9hurn2KnbMx9K0mn+krmI+8JYlYfq37i/H+HVenvWuxikCqS1pdxE2L1SgKNbV
H/Jn4RsJLbxFsnEuu2dE6KkrDH7y6VdzRnddri7IPOb/lKtjtbpFA76fwUM7fKW/
xKKptm8k5zAHPKASzBoxJZseeG43JNF4U5wU9W0/H4N9mktSZL1H/WH8onWekm6/
ZdA9ZFL5AIVU6In06lJ3zidizp+Jw42dr9D625z2s4pezfkSZ56rPX1JfbX/dyZ4
zMgBaY4g2oIFt+Xdb5IXtIVFQ0M9x3Ueivq8u2tV1d8aJyQmrwqRB30VNznzAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQU5Ve97WUgVI9z+zp5Lm5IjPjqG7kwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
MzJlMzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmjNjANBgkqhkiG9w0BAQsFAAOCAQEAzMuriwWSvIwbBbXdHCCNL23+
xBjS0oYkiqeNo0AIEteQy/7WVvzjhAt3RbFDETaeLl+m29ohnVNfUhBekntPow2a
Wias3iX6FB3tdC97jjSmEn/AkRZwi/H4kx7O9ESbCFIn/SGg0h87MbkQAfOlSfez
btyaKjxU8ERWt/7pF9dprpWUamM1byoxctQdvQH7RPmxH5m6trdISysycaKARHa5
5wwHEXYBG+a5wGm2bv2YsiEmOhSc7pHhp4XSjTmdV7K0QVH0xbsKzdEKQuaXViDH
+5OrxL5ZdjyruJMJr6aUNllrPj7nW9sHtxKUa1NsnuHEbHVOkztfkiK1N98vvA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:21 2024 by rpki-client on console-ams.rpki-client.org