Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e302e302f32342d3234203d3e20313431303339.roa
File:                     3138352e3136392e302e302f32342d3234203d3e20313431303339.roa (raw, json)
Hash identifier:          wx5+huK5jpeEa9f4LWS5Hx9xBo1Rid5hsjlAfmiy8J8=
Subject key identifier:   CC:BD:12:01:14:3E:79:F6:8D:E8:98:43:01:14:94:33:84:EF:6F:C6
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       71F9B0AA52408DD97318E3435C8AE9732F3FABB8
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e302e302f32342d3234203d3e20313431303339.roa
Signing time:             Mon 26 Feb 2024 08:53:44 +0000
ROA not before:           Mon 26 Feb 2024 08:48:44 +0000
ROA not after:            Mon 24 Feb 2025 08:53:44 +0000
asID:                     141039
IP address blocks:        185.169.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f9:b0:aa:52:40:8d:d9:73:18:e3:43:5c:8a:e9:73:2f:3f:ab:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:44 2024 GMT
            Not After : Feb 24 08:53:44 2025 GMT
        Subject: CN=CCBD1201143E79F68DE898430114943384EF6FC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fa:fc:61:8f:1e:e7:94:8f:3c:20:2d:ce:e9:
                    e5:dc:4d:7c:be:53:37:e8:e2:b7:64:3e:ee:13:b6:
                    ff:76:6a:68:88:d1:72:9a:89:bb:3e:6c:1c:d3:02:
                    16:f6:6d:0d:2b:37:1d:c3:c2:1a:a7:9d:f6:50:76:
                    de:d4:d9:61:b1:6a:7a:3c:a3:f6:d5:81:ee:0c:cc:
                    f6:70:aa:9f:59:ac:ef:26:cb:d3:4f:20:74:09:b5:
                    08:3a:d7:dc:f0:d4:c6:cd:e1:81:b0:a4:20:8d:30:
                    7f:65:8d:6d:f0:f5:5e:82:bd:97:8c:f8:47:91:b9:
                    e4:8e:89:1d:68:2e:0e:b3:11:d3:f0:05:e1:11:c0:
                    75:69:1a:ff:ab:89:81:e2:2a:f6:9e:65:ad:6a:24:
                    39:aa:58:fa:17:4a:1c:88:42:44:e6:29:12:fc:3f:
                    be:d9:c0:57:0b:76:f6:4d:b0:28:8f:08:46:4a:aa:
                    e2:e1:e9:91:69:81:a8:d6:90:d2:63:ba:4a:d7:c4:
                    b2:fe:46:80:22:5c:0a:6d:f9:d3:48:0a:4a:45:b0:
                    93:33:db:d8:1f:d2:c1:52:02:b1:11:6a:01:57:04:
                    75:41:5f:de:d3:9b:d4:dd:7c:ba:ca:85:83:f1:f9:
                    62:e5:de:06:80:a2:54:6e:80:23:d2:88:f1:f6:57:
                    05:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:BD:12:01:14:3E:79:F6:8D:E8:98:43:01:14:94:33:84:EF:6F:C6
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e302e302f32342d3234203d3e20313431303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:6c:43:80:dd:1c:1e:8f:5a:43:96:10:8f:2d:ae:11:52:77:
         c2:f0:53:4f:14:ef:60:71:68:d3:f9:b8:54:93:79:39:12:4f:
         37:29:a4:56:7b:52:c7:ed:09:59:ee:6d:74:11:d5:e6:de:76:
         51:a0:eb:ae:6a:ca:44:a3:97:86:18:ab:31:b1:a7:ca:e3:e1:
         5e:05:13:f4:9f:9e:90:69:3c:f5:1c:e0:7e:79:74:ea:c1:7f:
         7d:09:89:2c:9b:63:d0:49:d5:e1:bb:29:81:d2:e2:0c:32:eb:
         66:d0:2b:96:3e:ff:25:d2:b8:af:1c:ca:65:14:66:85:45:30:
         a5:fc:5b:9d:43:e7:a1:f5:ee:45:5f:cd:d5:e7:b9:26:16:78:
         dd:b7:7b:fb:80:ce:72:4d:c0:2f:3a:69:8d:14:12:aa:b8:3b:
         85:33:4a:de:97:3d:67:a1:f9:76:99:04:7c:49:48:a8:b7:f0:
         68:94:d5:34:45:1a:bf:9a:e5:b6:65:7b:c9:09:2e:bb:a9:50:
         c5:79:a2:cb:df:36:c6:b6:52:f8:48:22:b2:6f:75:cb:63:ee:
         a7:a8:38:07:65:30:d2:16:0d:b1:68:e4:67:f9:a8:7d:ac:8b:
         7c:6e:da:94:33:30:5c:8e:d8:82:84:1f:c5:f5:1c:54:ed:15:
         33:75:e5:65
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIUcfmwqlJAjdlzGONDXIrpcy8/q7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDRaFw0yNTAyMjQwODUzNDRaMDMxMTAvBgNV
BAMTKENDQkQxMjAxMTQzRTc5RjY4REU4OTg0MzAxMTQ5NDMzODRFRjZGQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN+vxhjx7nlI88IC3O6eXcTXy+
Uzfo4rdkPu4Ttv92amiI0XKaibs+bBzTAhb2bQ0rNx3DwhqnnfZQdt7U2WGxano8
o/bVge4MzPZwqp9ZrO8my9NPIHQJtQg619zw1MbN4YGwpCCNMH9ljW3w9V6CvZeM
+EeRueSOiR1oLg6zEdPwBeERwHVpGv+riYHiKvaeZa1qJDmqWPoXShyIQkTmKRL8
P77ZwFcLdvZNsCiPCEZKquLh6ZFpgajWkNJjukrXxLL+RoAiXApt+dNICkpFsJMz
29gf0sFSArERagFXBHVBX97Tm9TdfLrKhYPx+WLl3gaAolRugCPSiPH2VwWpAgMB
AAGjggJCMIICPjAdBgNVHQ4EFgQUzL0SARQ+efaN6JhDARSUM4Tvb8YwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3Jz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
OTJlMzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzEzMDMzMzkucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAC5qQAwDQYJKoZIhvcNAQELBQADggEBAJ9sQ4DdHB6PWkOWEI8trhFSd8Lw
U08U72BxaNP5uFSTeTkSTzcppFZ7UsftCVnubXQR1ebedlGg665qykSjl4YYqzGx
p8rj4V4FE/SfnpBpPPUc4H55dOrBf30JiSybY9BJ1eG7KYHS4gwy62bQK5Y+/yXS
uK8cymUUZoVFMKX8W51D56H17kVfzdXnuSYWeN23e/uAznJNwC86aY0UEqq4O4Uz
St6XPWeh+XaZBHxJSKi38GiU1TRFGr+a5bZle8kJLrupUMV5osvfNsa2UvhIIrJv
dctj7qeoOAdlMNIWDbFo5Gf5qH2si3xu2pQzMFyO2IKEH8X1HFTtFTN15WU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org