Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e322e302f32342d3234203d3e20323136313531.roa
File:                     3138352e3136392e322e302f32342d3234203d3e20323136313531.roa (raw, json)
Hash identifier:          3d0jE1jw60xlICOE8NK183LW1kBVrTNonNof3DafmHE=
Subject key identifier:   1A:7B:EE:7D:FA:FF:20:48:C6:23:B3:FE:A3:22:5D:70:33:CB:6E:BB
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       20FAB7BDC8AC4A3A90F7553BE541BC495865C1C5
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e322e302f32342d3234203d3e20323136313531.roa
Signing time:             Mon 26 Feb 2024 16:44:24 +0000
ROA not before:           Mon 26 Feb 2024 16:39:24 +0000
ROA not after:            Mon 24 Feb 2025 16:44:24 +0000
asID:                     216151
IP address blocks:        185.169.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:fa:b7:bd:c8:ac:4a:3a:90:f7:55:3b:e5:41:bc:49:58:65:c1:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 16:39:24 2024 GMT
            Not After : Feb 24 16:44:24 2025 GMT
        Subject: CN=1A7BEE7DFAFF2048C623B3FEA3225D7033CB6EBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:04:18:61:58:a4:90:f6:1b:8e:df:6a:6a:9a:
                    e6:03:af:0c:6a:df:72:8c:11:2c:1e:42:f7:3f:ea:
                    59:0e:70:14:55:95:a3:f4:dd:59:86:9f:0b:98:e8:
                    42:db:f4:8e:97:64:cf:8c:40:d2:7a:04:df:36:44:
                    5c:f6:34:a8:88:0a:60:e0:76:02:1f:04:2a:78:50:
                    6d:60:2a:80:45:ec:1d:33:26:15:08:f9:09:8f:30:
                    39:80:90:49:1b:1f:28:ae:6a:68:10:ef:08:6d:ef:
                    60:d4:63:a6:ee:23:7d:0d:28:aa:35:89:bc:93:f8:
                    53:f0:67:fc:3c:5e:b7:9c:86:0d:21:4b:1c:83:72:
                    d5:de:a0:7a:02:23:f5:17:5c:84:09:34:52:04:02:
                    da:96:8a:c4:42:f8:66:3c:23:3e:7d:b8:a5:4c:a1:
                    61:16:fe:e4:f5:92:8b:d8:a7:e5:52:ec:ea:6d:19:
                    ba:d2:bd:1b:14:65:5d:c3:52:64:23:a8:41:49:da:
                    e6:e2:f6:d6:05:5d:ef:8b:a0:96:50:12:7e:12:b8:
                    9f:24:08:e8:1c:de:54:ed:5a:11:a3:57:24:ff:74:
                    97:87:d8:4b:27:37:a5:24:07:2f:8a:4e:34:3d:d9:
                    c1:7e:10:b0:3d:cb:aa:2c:0a:cf:39:f2:fb:cf:6a:
                    d1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7B:EE:7D:FA:FF:20:48:C6:23:B3:FE:A3:22:5D:70:33:CB:6E:BB
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e322e302f32342d3234203d3e20323136313531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:67:90:14:ce:da:2c:c2:11:91:ec:48:58:29:59:10:d6:6a:
         72:26:3d:0e:93:65:4a:fb:c3:62:2a:52:8c:b2:2b:c1:89:2f:
         e2:93:21:b5:09:af:0d:79:c0:13:c4:79:85:78:18:13:33:31:
         49:3f:79:de:4f:9f:bc:35:32:64:18:9d:6e:0b:44:a8:35:4a:
         49:44:01:4b:af:de:6c:3d:f7:0f:d7:a6:64:7b:d3:ef:19:11:
         e1:37:8f:ec:16:51:05:7d:83:9d:74:96:7a:5c:6b:7a:d3:fb:
         06:5e:08:50:71:53:08:9a:be:2b:39:40:f5:01:73:e1:90:95:
         cb:02:1e:97:5c:bc:43:0f:9f:29:3a:3b:e0:68:78:18:18:59:
         fc:f9:f7:b6:d8:e9:2a:40:5a:b9:db:ce:dd:68:93:85:c3:8e:
         d8:b8:f5:db:f9:15:c1:b8:c0:65:6f:63:a9:39:20:b0:41:b5:
         e6:aa:5b:d6:ed:85:29:4e:93:48:77:79:ee:ea:d1:5f:1e:69:
         87:dc:58:8a:4b:92:b5:4a:13:ca:f6:20:9d:bd:55:b5:ee:34:
         14:15:30:d4:b3:a7:d8:08:b9:e2:4d:3c:ee:0a:1f:d3:e1:e1:
         84:32:16:d0:ca:9a:19:2c:72:09:b6:92:63:b2:54:46:dc:0a:
         af:7d:fd:76
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIUIPq3vcisSjqQ91U75UG8SVhlwcUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYxNjM5MjRaFw0yNTAyMjQxNjQ0MjRaMDMxMTAvBgNV
BAMTKDFBN0JFRTdERkFGRjIwNDhDNjIzQjNGRUEzMjI1RDcwMzNDQjZFQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyBBhhWKSQ9huO32pqmuYDrwxq
33KMESweQvc/6lkOcBRVlaP03VmGnwuY6ELb9I6XZM+MQNJ6BN82RFz2NKiICmDg
dgIfBCp4UG1gKoBF7B0zJhUI+QmPMDmAkEkbHyiuamgQ7wht72DUY6buI30NKKo1
ibyT+FPwZ/w8Xrechg0hSxyDctXeoHoCI/UXXIQJNFIEAtqWisRC+GY8Iz59uKVM
oWEW/uT1kovYp+VS7OptGbrSvRsUZV3DUmQjqEFJ2ubi9tYFXe+LoJZQEn4SuJ8k
COgc3lTtWhGjVyT/dJeH2EsnN6UkBy+KTjQ92cF+ELA9y6osCs858vvPatEzAgMB
AAGjggJCMIICPjAdBgNVHQ4EFgQUGnvuffr/IEjGI7P+oyJdcDPLbrswHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3Jz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
OTJlMzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMTM1MzEucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAC5qQIwDQYJKoZIhvcNAQELBQADggEBAJpnkBTO2izCEZHsSFgpWRDWanIm
PQ6TZUr7w2IqUoyyK8GJL+KTIbUJrw15wBPEeYV4GBMzMUk/ed5Pn7w1MmQYnW4L
RKg1SklEAUuv3mw99w/XpmR70+8ZEeE3j+wWUQV9g510lnpca3rT+wZeCFBxUwia
vis5QPUBc+GQlcsCHpdcvEMPnyk6O+BoeBgYWfz597bY6SpAWrnbzt1ok4XDjti4
9dv5FcG4wGVvY6k5ILBBteaqW9bthSlOk0h3ee7q0V8eaYfcWIpLkrVKE8r2IJ29
VbXuNBQVMNSzp9gIueJNPO4KH9Ph4YQyFtDKmhkscgm2kmOyVEbcCq99/XY=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org