Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e3235342e302f32342d3332203d3e20313336373837.roa
File:                     3138352e3136392e3235342e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          AXmehYXWoh3W50kHP/Lwblhm9EphhIbW75uBGx3sH28=
Subject key identifier:   C6:9C:D5:C4:33:76:A8:26:C8:7E:83:C3:3C:CE:92:04:FC:54:38:60
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       355D423E484202F9FE221F7A1D277828DE1B38C9
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e3235342e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:43 +0000
ROA not before:           Mon 26 Feb 2024 08:48:43 +0000
ROA not after:            Mon 24 Feb 2025 08:53:43 +0000
asID:                     136787
IP address blocks:        185.169.254.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:5d:42:3e:48:42:02:f9:fe:22:1f:7a:1d:27:78:28:de:1b:38:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Feb 26 08:48:43 2024 GMT
            Not After : Feb 24 08:53:43 2025 GMT
        Subject: CN=C69CD5C43376A826C87E83C33CCE9204FC543860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:84:97:6b:01:e1:e1:c1:fb:9c:e7:dc:13:df:
                    03:49:1b:a4:14:28:77:ba:e5:68:87:ee:df:d1:80:
                    e2:a5:be:17:de:18:d5:2b:eb:67:10:4e:92:96:5a:
                    1c:ba:62:57:3c:c8:7c:b5:45:dd:b8:1e:35:3f:69:
                    33:e4:e2:e0:61:42:0c:7b:60:6a:df:ef:78:8c:b9:
                    a4:1e:40:e0:43:b6:d2:a7:6d:d0:1c:3c:d5:8a:51:
                    8b:24:bb:7c:5f:31:73:79:29:09:e5:23:12:ed:3f:
                    d4:68:d0:73:62:13:78:61:0f:4c:94:d8:f2:a3:8c:
                    61:5b:b6:bd:75:fe:f0:b5:d7:1a:a1:67:39:8d:98:
                    64:f2:80:ee:87:43:42:d1:78:22:74:f1:32:fb:6d:
                    21:26:14:45:0a:de:6f:a8:22:97:7c:fa:17:49:0e:
                    50:9c:93:07:e0:79:9b:71:17:83:28:4e:32:96:7b:
                    6d:2a:26:89:55:e3:01:e0:bf:f0:d0:75:cb:88:17:
                    b6:ef:02:c0:7a:16:4b:75:c1:50:c3:f0:8b:1a:01:
                    2f:f9:7a:67:45:af:2e:ba:25:04:c4:90:d5:38:de:
                    b8:d2:42:70:7c:7d:e3:90:77:4a:2c:10:eb:7b:21:
                    27:b5:ef:b4:9c:eb:7b:b1:83:48:23:0e:35:07:59:
                    2c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:9C:D5:C4:33:76:A8:26:C8:7E:83:C3:3C:CE:92:04:FC:54:38:60
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136392e3235342e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:a6:bf:14:b7:4d:78:ff:c8:80:a6:2d:49:b6:47:3a:8c:17:
         9c:d1:5c:96:7d:75:9b:9c:d3:0a:7a:f7:a8:e9:9c:80:5f:bd:
         50:78:57:96:72:79:80:c3:3e:eb:ec:21:73:2a:36:94:b4:24:
         a0:1d:47:d5:e4:88:30:19:a3:51:f6:a5:25:a2:97:3b:05:8d:
         d6:3c:58:2d:c6:de:e9:88:d7:7f:af:37:b6:b5:da:98:9c:5e:
         a2:d5:c0:04:e6:9a:e2:93:4a:44:19:de:e9:21:f2:13:c3:34:
         70:97:e1:c8:a7:66:cd:05:fb:94:98:21:7f:f5:29:3a:88:84:
         96:f9:d9:ae:11:1e:28:c7:66:2f:31:34:fb:d3:40:13:c0:12:
         63:39:60:23:71:3a:9d:45:05:e7:d0:c7:32:19:0f:2f:f1:94:
         fa:b7:e3:21:ac:0c:34:ef:2d:fa:33:f6:24:b3:7b:a9:2e:b4:
         d8:7e:21:97:80:8e:18:eb:81:23:38:f2:06:5b:de:d6:48:95:
         b3:70:7c:3c:97:55:7f:70:30:08:34:a2:50:24:9c:a9:c4:b9:
         55:93:5a:78:b2:cb:00:39:98:ee:7c:83:02:5a:ea:a4:1d:e9:
         96:01:4e:c9:69:53:4d:ea:06:32:0a:71:35:b7:85:e2:17:0d:
         a6:94:8a:4c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUNV1CPkhCAvn+Ih96HSd4KN4bOMkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDAyMjYwODQ4NDNaFw0yNTAyMjQwODUzNDNaMDMxMTAvBgNV
BAMTKEM2OUNENUM0MzM3NkE4MjZDODdFODNDMzNDQ0U5MjA0RkM1NDM4NjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDThJdrAeHhwfuc59wT3wNJG6QU
KHe65WiH7t/RgOKlvhfeGNUr62cQTpKWWhy6Ylc8yHy1Rd24HjU/aTPk4uBhQgx7
YGrf73iMuaQeQOBDttKnbdAcPNWKUYsku3xfMXN5KQnlIxLtP9Ro0HNiE3hhD0yU
2PKjjGFbtr11/vC11xqhZzmNmGTygO6HQ0LReCJ08TL7bSEmFEUK3m+oIpd8+hdJ
DlCckwfgeZtxF4MoTjKWe20qJolV4wHgv/DQdcuIF7bvAsB6Fkt1wVDD8IsaAS/5
emdFry66JQTEkNU43rjSQnB8feOQd0osEOt7ISe177Sc63uxg0gjDjUHWSyJAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUxpzVxDN2qCbIfoPDPM6SBPxUOGAwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3Jz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
OTJlMzIzNTM0MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzEzMzM2MzczODM3LnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAuan+MA0GCSqGSIb3DQEBCwUAA4IBAQCJpr8Ut014/8iApi1Jtkc6
jBec0VyWfXWbnNMKeveo6ZyAX71QeFeWcnmAwz7r7CFzKjaUtCSgHUfV5IgwGaNR
9qUlopc7BY3WPFgtxt7piNd/rze2tdqYnF6i1cAE5prik0pEGd7pIfITwzRwl+HI
p2bNBfuUmCF/9Sk6iISW+dmuER4ox2YvMTT700ATwBJjOWAjcTqdRQXn0McyGQ8v
8ZT6t+MhrAw07y36M/Yks3upLrTYfiGXgI4Y64EjOPIGW97WSJWzcHw8l1V/cDAI
NKJQJJypxLlVk1p4sssAOZjufIMCWuqkHemWAU7JaVNN6gYyCnE1t4XiFw2mlIpM
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org