Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136352e38342e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3136352e38342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          fFSH0ezykUI/2rRJSAo+exqof2ZJtlPE+gqLmlOb20Y=
Subject key identifier:   13:C4:47:54:CB:85:BD:E0:87:1B:F1:C4:AC:70:9C:E2:9F:26:07:41
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       41681A7257BF5BA9F31EE735504EF996EAC5080E
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136352e38342e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 12 May 2024 11:03:39 +0000
ROA not before:           Sun 12 May 2024 10:58:39 +0000
ROA not after:            Sun 11 May 2025 11:03:39 +0000
asID:                     136787
IP address blocks:        185.165.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:68:1a:72:57:bf:5b:a9:f3:1e:e7:35:50:4e:f9:96:ea:c5:08:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: May 12 10:58:39 2024 GMT
            Not After : May 11 11:03:39 2025 GMT
        Subject: CN=13C44754CB85BDE0871BF1C4AC709CE29F260741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2b:d7:11:f4:a1:6b:57:e7:e3:94:fa:50:e5:
                    d4:88:45:c5:14:ae:42:8f:49:a4:0d:18:78:8b:08:
                    1d:6d:59:08:d7:cf:70:37:f3:a1:94:c6:22:41:44:
                    67:51:b6:1c:c9:13:5c:e5:a1:54:f3:a2:17:5a:ab:
                    92:78:01:67:d1:d0:03:df:46:cd:aa:a3:50:03:f4:
                    c8:cf:91:68:9d:97:ef:84:7e:d8:6a:ac:25:14:ac:
                    4b:75:71:b8:00:72:2a:34:0a:49:6f:66:1d:58:1e:
                    3c:94:5d:ba:7e:78:fa:fc:98:57:20:5f:0b:7c:59:
                    e3:6c:21:fd:9b:f9:4b:c1:27:7c:45:bd:13:41:df:
                    56:fe:ad:24:51:82:7a:f8:d8:16:65:cd:f3:60:a1:
                    45:55:82:33:ac:33:bd:de:a8:27:91:30:ff:83:bb:
                    1a:d5:5c:2e:91:b4:4c:f7:b4:7d:aa:03:58:95:02:
                    fc:59:7f:e5:0b:dc:a8:dc:65:84:29:5e:ab:50:58:
                    8d:0b:82:15:a3:bb:1f:35:80:93:35:b8:ec:2e:46:
                    58:7c:7d:f7:39:6f:19:83:2e:57:3c:39:91:42:34:
                    be:76:a6:8b:21:3c:d3:ee:a8:ee:e8:02:45:88:47:
                    62:19:c5:46:3a:74:87:5d:bb:9d:49:bc:19:ed:45:
                    fe:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C4:47:54:CB:85:BD:E0:87:1B:F1:C4:AC:70:9C:E2:9F:26:07:41
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136352e38342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:69:74:d2:23:6e:5a:e3:d3:27:e4:8b:1f:29:95:f8:c4:61:
         f9:00:45:b4:00:80:35:a1:06:ad:49:de:2d:e0:a9:15:47:81:
         2a:c8:8c:b7:0c:cd:de:38:0e:5f:2d:c5:8e:89:6f:50:7b:8c:
         74:3d:8c:c8:c5:69:66:33:ea:1f:0f:45:6e:ad:15:a2:91:8b:
         a7:a1:a3:50:1b:05:5c:17:27:cb:22:60:94:c1:b0:d7:13:89:
         05:d7:b6:9c:13:5a:e1:0a:ad:25:a6:e7:78:f8:bc:90:d8:50:
         3a:79:97:8a:b0:10:b5:a4:8c:eb:28:47:69:27:77:a7:07:0d:
         17:bc:47:1b:71:8c:27:23:2d:e8:d2:61:8e:54:34:ab:9d:b8:
         ea:33:51:e3:d8:03:12:ba:b9:30:53:48:b0:6a:b9:0c:58:7e:
         d8:ce:1c:26:3f:27:95:0a:61:c5:55:54:f6:86:dc:5a:e5:1b:
         78:39:7e:c1:64:0a:fc:d5:bb:42:0c:00:a6:d8:a4:a0:6b:94:
         20:60:7a:e1:48:b1:b6:38:e0:02:8d:0e:e9:ec:9b:31:fe:92:
         4c:01:83:7c:51:47:cb:fe:ad:02:82:cf:bc:4c:79:45:1a:2d:
         a8:ae:70:7c:39:44:98:26:fc:36:36:9c:ef:0a:56:06:eb:3f:
         0e:70:8c:1f
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUQWgacle/W6nzHuc1UE75lurFCA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDA1MTIxMDU4MzlaFw0yNTA1MTExMTAzMzlaMDMxMTAvBgNV
BAMTKDEzQzQ0NzU0Q0I4NUJERTA4NzFCRjFDNEFDNzA5Q0UyOUYyNjA3NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxK9cR9KFrV+fjlPpQ5dSIRcUU
rkKPSaQNGHiLCB1tWQjXz3A386GUxiJBRGdRthzJE1zloVTzohdaq5J4AWfR0APf
Rs2qo1AD9MjPkWidl++EfthqrCUUrEt1cbgAcio0CklvZh1YHjyUXbp+ePr8mFcg
Xwt8WeNsIf2b+UvBJ3xFvRNB31b+rSRRgnr42BZlzfNgoUVVgjOsM73eqCeRMP+D
uxrVXC6RtEz3tH2qA1iVAvxZf+UL3KjcZYQpXqtQWI0LghWjux81gJM1uOwuRlh8
ffc5bxmDLlc8OZFCNL52poshPNPuqO7oAkWIR2IZxUY6dIddu51JvBntRf5TAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUE8RHVMuFveCHG/HErHCc4p8mB0EwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
NTJlMzgzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmlVDANBgkqhkiG9w0BAQsFAAOCAQEAR2l00iNuWuPTJ+SLHymV+MRh
+QBFtACANaEGrUneLeCpFUeBKsiMtwzN3jgOXy3FjolvUHuMdD2MyMVpZjPqHw9F
bq0VopGLp6GjUBsFXBcnyyJglMGw1xOJBde2nBNa4QqtJabnePi8kNhQOnmXirAQ
taSM6yhHaSd3pwcNF7xHG3GMJyMt6NJhjlQ0q5246jNR49gDErq5MFNIsGq5DFh+
2M4cJj8nlQphxVVU9obcWuUbeDl+wWQK/NW7QgwAptikoGuUIGB64UixtjjgAo0O
6eybMf6STAGDfFFHy/6tAoLPvEx5RRotqK5wfDlEmCb8Njac7wpWBus/DnCMHw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org