Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136352e38362e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3136352e38362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          EJ+48mbtrWEBKQ1KSRJtzBuvJnh9xOJlsYXhfqRWISI=
Subject key identifier:   12:BC:A7:8E:90:D9:23:F9:AB:F2:A0:38:39:72:B7:09:C1:55:6B:93
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       671579950F4D3CF7321C54FA7C16C45E1B516508
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136352e38362e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 12 May 2024 11:03:39 +0000
ROA not before:           Sun 12 May 2024 10:58:39 +0000
ROA not after:            Sun 11 May 2025 11:03:39 +0000
asID:                     136787
IP address blocks:        185.165.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:15:79:95:0f:4d:3c:f7:32:1c:54:fa:7c:16:c4:5e:1b:51:65:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: May 12 10:58:39 2024 GMT
            Not After : May 11 11:03:39 2025 GMT
        Subject: CN=12BCA78E90D923F9ABF2A0383972B709C1556B93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:22:b1:65:01:ca:14:5b:4e:a4:3a:49:32:6b:
                    b3:ab:80:84:2f:79:93:22:86:60:c1:00:9c:84:70:
                    a9:58:4a:aa:1a:fb:b6:31:5f:79:62:aa:c6:cf:f9:
                    2d:ab:bd:a9:50:15:56:be:12:5a:e8:ee:bd:f2:95:
                    ac:23:a9:88:2e:fb:9c:c4:e1:b7:ac:4b:60:50:dc:
                    82:71:df:bf:66:59:b0:75:9d:68:c5:a4:44:b8:56:
                    01:fc:a1:8e:b0:10:f6:b2:30:00:86:4d:27:67:28:
                    d1:58:c0:f6:47:cb:3c:75:44:87:6d:80:12:45:cb:
                    13:ff:99:5f:2c:56:5b:37:eb:4e:e1:2a:5f:c7:48:
                    fc:a6:b5:3f:47:18:fa:93:4b:11:f2:26:e7:af:1b:
                    41:32:48:58:4e:9a:e8:57:81:7d:65:31:e8:61:fc:
                    d1:c1:3e:bd:fb:fb:b8:3b:ac:24:1a:ab:a6:86:4c:
                    c4:2d:4a:8e:d2:a5:3c:08:65:b9:88:2e:7e:cb:3d:
                    ac:c7:ab:7e:96:7f:0d:09:cd:79:45:9a:5c:b6:46:
                    5a:df:d3:0c:7e:cc:91:6a:4d:85:6d:c7:fc:b0:46:
                    c1:82:88:1e:f8:c7:b4:dc:b8:d2:52:92:b1:d4:1c:
                    4b:69:79:4c:aa:b6:82:19:89:22:72:5d:a6:f6:19:
                    02:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:BC:A7:8E:90:D9:23:F9:AB:F2:A0:38:39:72:B7:09:C1:55:6B:93
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136352e38362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:9b:60:9a:27:f6:6f:53:e7:84:b8:dc:8d:fd:0b:05:7b:0e:
         66:69:a6:3e:bd:ca:d2:cc:fc:3b:bc:c8:63:24:9a:cd:28:4b:
         ae:00:f2:18:f9:c2:4d:e4:28:f9:e9:0c:92:bf:89:ce:56:e8:
         3e:f1:9a:e2:9b:52:9e:9d:29:9d:2a:e0:66:06:4a:16:fb:20:
         05:f5:f7:b6:34:19:c8:ba:92:a2:f3:b1:bb:c8:95:3e:61:31:
         f5:5c:f6:f6:15:7c:c8:25:d0:bb:12:cb:95:3b:ce:1a:bf:84:
         11:06:ce:b1:48:ac:3a:c5:05:59:10:1e:c8:d0:c1:b0:c0:18:
         0f:ca:66:84:4f:b2:15:42:db:ce:c2:df:29:93:7f:35:42:41:
         ef:43:41:c2:68:e5:47:6f:d9:93:05:42:bd:b7:cb:74:45:df:
         7a:6d:d7:97:b2:ef:a1:b6:d3:b1:d3:f6:e8:97:1e:c3:59:96:
         9a:ff:80:ff:b5:cc:6e:10:6b:1c:95:53:46:85:c8:5e:fd:84:
         b0:0e:95:7a:96:85:fb:f0:b8:dd:22:ea:d5:1e:2e:61:73:6b:
         86:1d:31:7d:0d:2c:b9:6b:fa:b7:87:1f:d0:7e:65:9e:f7:58:
         5d:34:19:3d:66:25:cb:e8:99:46:66:d1:2e:71:6b:7f:a0:61:
         54:e9:d0:1a
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUZxV5lQ9NPPcyHFT6fBbEXhtRZQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDA1MTIxMDU4MzlaFw0yNTA1MTExMTAzMzlaMDMxMTAvBgNV
BAMTKDEyQkNBNzhFOTBEOTIzRjlBQkYyQTAzODM5NzJCNzA5QzE1NTZCOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsIrFlAcoUW06kOkkya7OrgIQv
eZMihmDBAJyEcKlYSqoa+7YxX3liqsbP+S2rvalQFVa+Elro7r3ylawjqYgu+5zE
4besS2BQ3IJx379mWbB1nWjFpES4VgH8oY6wEPayMACGTSdnKNFYwPZHyzx1RIdt
gBJFyxP/mV8sVls3607hKl/HSPymtT9HGPqTSxHyJuevG0EySFhOmuhXgX1lMehh
/NHBPr37+7g7rCQaq6aGTMQtSo7SpTwIZbmILn7LPazHq36Wfw0JzXlFmly2Rlrf
0wx+zJFqTYVtx/ywRsGCiB74x7TcuNJSkrHUHEtpeUyqtoIZiSJyXab2GQJHAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUErynjpDZI/mr8qA4OXK3CcFVa5MwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
NTJlMzgzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmlVjANBgkqhkiG9w0BAQsFAAOCAQEAeZtgmif2b1PnhLjcjf0LBXsO
ZmmmPr3K0sz8O7zIYySazShLrgDyGPnCTeQo+ekMkr+JzlboPvGa4ptSnp0pnSrg
ZgZKFvsgBfX3tjQZyLqSovOxu8iVPmEx9Vz29hV8yCXQuxLLlTvOGr+EEQbOsUis
OsUFWRAeyNDBsMAYD8pmhE+yFULbzsLfKZN/NUJB70NBwmjlR2/ZkwVCvbfLdEXf
em3Xl7LvobbTsdP26Jcew1mWmv+A/7XMbhBrHJVTRoXIXv2EsA6VepaF+/C43SLq
1R4uYXNrhh0xfQ0suWv6t4cf0H5lnvdYXTQZPWYly+iZRmbRLnFrf6BhVOnQGg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org