Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e3235322e302f32342d3332203d3e203531313637.roa
File:                     3138352e3136392e3235322e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          kLuSLGd/oX0ih679ZZY3SSMPbqrvs9wqtVwmOUyBp2I=
Subject key identifier:   19:29:A5:05:61:6F:6A:3A:E0:89:64:19:74:EF:1A:18:E8:97:6B:8E
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       06E2CE7A61E367DC55D95D0B6E9A8DF4E322FEAC
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e3235322e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:44 +0000
ROA not before:           Mon 26 Feb 2024 08:48:44 +0000
ROA not after:            Mon 24 Feb 2025 08:53:44 +0000
asID:                     51167
IP address blocks:        185.169.252.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:e2:ce:7a:61:e3:67:dc:55:d9:5d:0b:6e:9a:8d:f4:e3:22:fe:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:44 2024 GMT
            Not After : Feb 24 08:53:44 2025 GMT
        Subject: CN=1929A505616F6A3AE089641974EF1A18E8976B8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6f:ef:eb:f1:56:78:a7:5f:fd:05:7c:62:fc:
                    70:4a:49:03:c1:e3:10:0a:ea:86:3e:97:bd:09:55:
                    07:a3:6c:a4:2b:df:b9:73:33:fe:64:d4:4c:53:94:
                    3c:d6:74:08:99:c9:87:8d:44:1f:ca:aa:37:8d:34:
                    97:f0:8c:59:b2:f6:3b:5d:f4:a2:78:f5:fa:f4:57:
                    f6:7f:23:4b:2d:47:99:34:ae:bb:73:7c:f5:01:20:
                    d9:15:b9:f4:8d:c9:5a:e1:ac:2a:d5:8d:5e:0b:d9:
                    45:f5:22:12:dc:80:99:94:9b:0d:e5:00:61:5f:96:
                    9b:ff:11:a2:53:c9:ff:0c:9e:2f:34:4d:fb:10:ef:
                    40:7e:31:e5:82:1e:e4:ea:0d:94:57:63:d2:66:ab:
                    8a:d0:80:ef:b7:b0:b3:b6:ed:85:90:05:a4:26:06:
                    71:ad:76:76:df:27:93:ce:83:2f:06:1d:64:28:a5:
                    03:7a:17:52:ed:bb:71:bf:80:d7:28:04:62:07:42:
                    78:f1:e3:30:74:95:0e:98:85:03:64:7b:11:b3:7b:
                    ef:8e:39:9b:88:e1:49:be:e4:0c:73:e9:f9:6e:08:
                    b0:10:66:db:4b:9b:df:49:ed:59:14:f8:a3:65:d9:
                    af:1e:c5:36:11:b0:2e:6a:59:87:ca:da:d5:e4:fa:
                    ab:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:29:A5:05:61:6F:6A:3A:E0:89:64:19:74:EF:1A:18:E8:97:6B:8E
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e3235322e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:8c:24:65:aa:80:1b:c3:50:76:77:db:8a:97:63:80:ba:12:
         b3:01:0f:6d:53:16:1d:b6:a7:17:2b:c5:d6:10:67:94:f9:78:
         e4:dd:49:66:bd:15:ab:49:1e:39:aa:78:7b:61:fb:a3:a0:6d:
         1e:87:26:67:d2:04:07:1b:5f:2a:f6:77:04:a0:5c:23:5e:6c:
         66:c7:0c:4f:f6:5e:af:4f:de:f3:98:1c:20:a9:06:25:df:3c:
         40:b4:b4:f1:21:c2:53:d2:b3:f2:91:58:f4:8a:d0:64:a0:a0:
         b9:0e:e4:c9:4e:2b:b0:da:14:78:69:a7:14:4e:5a:5f:d8:dd:
         06:8e:52:5a:02:f4:46:d7:c0:1a:6b:8e:2b:77:2d:ca:ce:a6:
         66:4a:15:32:65:6f:ee:75:1e:c4:12:25:b5:9e:d9:d6:24:43:
         59:12:88:ee:c3:10:bd:ba:ff:b1:19:4d:61:29:54:cb:95:f4:
         16:4b:a2:c3:40:f1:20:42:98:10:98:a7:29:d4:9d:30:6d:fa:
         ab:a2:9d:5f:51:f8:ee:f5:2e:47:db:48:ee:ab:79:5b:44:07:
         89:32:78:0f:dc:2d:68:9f:6e:97:3f:45:43:a4:9b:78:61:cd:
         c9:46:2f:d4:35:86:62:e8:48:68:19:69:0c:fb:e3:df:fd:38:
         7c:6d:40:e2
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUBuLOemHjZ9xV2V0LbpqN9OMi/qwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDRaFw0yNTAyMjQwODUzNDRaMDMxMTAvBgNV
BAMTKDE5MjlBNTA1NjE2RjZBM0FFMDg5NjQxOTc0RUYxQTE4RTg5NzZCOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTb+/r8VZ4p1/9BXxi/HBKSQPB
4xAK6oY+l70JVQejbKQr37lzM/5k1ExTlDzWdAiZyYeNRB/KqjeNNJfwjFmy9jtd
9KJ49fr0V/Z/I0stR5k0rrtzfPUBINkVufSNyVrhrCrVjV4L2UX1IhLcgJmUmw3l
AGFflpv/EaJTyf8Mni80TfsQ70B+MeWCHuTqDZRXY9Jmq4rQgO+3sLO27YWQBaQm
BnGtdnbfJ5POgy8GHWQopQN6F1Ltu3G/gNcoBGIHQnjx4zB0lQ6YhQNkexGze++O
OZuI4Um+5Axz6fluCLAQZttLm99J7VkU+KNl2a8exTYRsC5qWYfK2tXk+qutAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUGSmlBWFvajrgiWQZdO8aGOiXa44wHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
OTJlMzIzNTMyMmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmp/DANBgkqhkiG9w0BAQsFAAOCAQEAcIwkZaqAG8NQdnfbipdjgLoS
swEPbVMWHbanFyvF1hBnlPl45N1JZr0Vq0keOap4e2H7o6BtHocmZ9IEBxtfKvZ3
BKBcI15sZscMT/Zer0/e85gcIKkGJd88QLS08SHCU9Kz8pFY9IrQZKCguQ7kyU4r
sNoUeGmnFE5aX9jdBo5SWgL0RtfAGmuOK3ctys6mZkoVMmVv7nUexBIltZ7Z1iRD
WRKI7sMQvbr/sRlNYSlUy5X0Fkuiw0DxIEKYEJinKdSdMG36q6KdX1H47vUuR9tI
7qt5W0QHiTJ4D9wtaJ9ulz9FQ6SbeGHNyUYv1DWGYuhIaBlpDPvj3/04fG1A4g==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org