Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3137322e35322e302f32342d3234203d3e20313437303439.roa
File:                     3138352e3137322e35322e302f32342d3234203d3e20313437303439.roa (raw, json)
Hash identifier:          LdWeAFkfCaiEPXy7kJMKUqEzTytXYLiDiu6xQYMGj4E=
Subject key identifier:   5D:B2:05:0A:CB:A5:08:D5:6E:4E:E6:65:39:41:A0:E2:84:A6:8A:9E
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       1D1C9DE6C4CE6BF131162BA7395417519BF221C0
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3137322e35322e302f32342d3234203d3e20313437303439.roa
Signing time:             Mon 20 May 2024 11:03:42 +0000
ROA not before:           Mon 20 May 2024 10:58:42 +0000
ROA not after:            Mon 19 May 2025 11:03:42 +0000
asID:                     147049
IP address blocks:        185.172.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:1c:9d:e6:c4:ce:6b:f1:31:16:2b:a7:39:54:17:51:9b:f2:21:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: May 20 10:58:42 2024 GMT
            Not After : May 19 11:03:42 2025 GMT
        Subject: CN=5DB2050ACBA508D56E4EE6653941A0E284A68A9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:82:b4:aa:89:83:e9:6f:10:60:fe:1e:6d:a6:
                    fa:31:4c:35:df:98:06:7c:00:16:29:e4:de:c6:48:
                    7c:e9:03:1f:00:68:0b:86:bc:2a:88:41:47:57:57:
                    5f:a9:a6:0b:09:cc:a7:8b:0d:f8:51:4a:b2:83:6f:
                    52:7c:eb:10:06:89:49:46:92:4c:12:29:ea:ba:55:
                    ea:1a:8e:42:18:56:56:04:ec:b6:c3:ac:56:52:a2:
                    41:5d:1a:52:ab:41:88:13:96:c5:c1:78:77:a5:4f:
                    60:70:e1:2b:f9:ef:81:04:3c:38:0b:35:0b:c8:a8:
                    5b:bf:93:bc:4d:32:9b:32:cd:04:f1:4e:a9:ff:7d:
                    c4:1f:bc:ad:ef:1e:e3:cf:39:76:c2:08:96:af:50:
                    95:e1:b1:a7:99:a2:a6:db:62:1f:7e:82:7a:b3:2f:
                    c0:a0:a9:93:c9:5c:2a:e1:64:94:42:fc:5f:49:3d:
                    c8:36:91:31:a5:1f:35:fe:49:03:7f:02:d1:89:61:
                    f8:bf:4b:24:c0:43:05:38:73:d7:7c:fd:4a:e4:f8:
                    c3:64:d8:29:de:6f:e3:97:a4:2e:5b:58:9b:71:97:
                    eb:8a:8d:81:50:29:5d:37:38:2f:cd:8f:da:d9:61:
                    21:ab:52:5f:32:39:0f:a4:3a:b6:56:52:59:d6:5e:
                    8b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B2:05:0A:CB:A5:08:D5:6E:4E:E6:65:39:41:A0:E2:84:A6:8A:9E
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3137322e35322e302f32342d3234203d3e20313437303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:e7:4a:cf:78:eb:e4:10:4b:0c:05:38:d9:97:e4:f2:4e:ce:
         84:d2:ce:54:43:1b:6e:7a:9a:62:89:88:ea:60:a3:29:f6:56:
         7d:d3:d7:51:bf:51:db:79:dc:0b:fe:24:0d:75:1e:a0:55:74:
         cf:6a:77:6c:84:e5:c6:3d:32:85:fd:67:7f:50:87:53:54:76:
         8c:43:7d:77:ea:b0:ea:83:ff:f5:06:11:c0:31:99:33:a5:65:
         ef:1b:7d:5b:82:84:07:83:37:b3:bb:48:5e:d2:b8:d7:55:a3:
         59:59:27:2b:fe:37:9a:d6:da:01:e5:64:62:af:d9:d2:df:13:
         00:9a:fb:0b:c4:9f:1d:2e:56:4d:7a:95:02:ad:9d:66:fd:c5:
         8d:2e:1f:2b:70:69:cf:c7:28:e0:23:13:35:13:e8:98:1f:8b:
         52:44:e2:ed:d6:50:c3:5b:78:1b:80:41:57:c0:67:39:69:4b:
         69:47:26:6d:2a:d9:37:a9:aa:9b:57:d2:e8:30:2e:83:cd:64:
         9e:06:4d:62:15:b9:19:bc:1e:d6:34:b2:6d:11:d1:14:6e:56:
         ac:19:5c:4f:77:6d:5f:6d:77:19:be:79:0c:e0:93:1a:98:de:
         07:c7:83:2e:7d:10:17:fd:81:99:b0:d7:46:61:e7:a0:70:82:
         1a:65:06:92
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUHRyd5sTOa/ExFiunOVQXUZvyIcAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDA1MjAxMDU4NDJaFw0yNTA1MTkxMTAzNDJaMDMxMTAvBgNV
BAMTKDVEQjIwNTBBQ0JBNTA4RDU2RTRFRTY2NTM5NDFBMEUyODRBNjhBOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRgrSqiYPpbxBg/h5tpvoxTDXf
mAZ8ABYp5N7GSHzpAx8AaAuGvCqIQUdXV1+ppgsJzKeLDfhRSrKDb1J86xAGiUlG
kkwSKeq6VeoajkIYVlYE7LbDrFZSokFdGlKrQYgTlsXBeHelT2Bw4Sv574EEPDgL
NQvIqFu/k7xNMpsyzQTxTqn/fcQfvK3vHuPPOXbCCJavUJXhsaeZoqbbYh9+gnqz
L8CgqZPJXCrhZJRC/F9JPcg2kTGlHzX+SQN/AtGJYfi/SyTAQwU4c9d8/Urk+MNk
2Cneb+OXpC5bWJtxl+uKjYFQKV03OC/Nj9rZYSGrUl8yOQ+kOrZWUlnWXot/AgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUXbIFCsulCNVuTuZlOUGg4oSmip4wHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzcz
MjJlMzUzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzNzMwMzQzOS5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmsNDANBgkqhkiG9w0BAQsFAAOCAQEAe+dKz3jr5BBLDAU42Zfk8k7O
hNLOVEMbbnqaYomI6mCjKfZWfdPXUb9R23ncC/4kDXUeoFV0z2p3bITlxj0yhf1n
f1CHU1R2jEN9d+qw6oP/9QYRwDGZM6Vl7xt9W4KEB4M3s7tIXtK411WjWVknK/43
mtbaAeVkYq/Z0t8TAJr7C8SfHS5WTXqVAq2dZv3FjS4fK3Bpz8co4CMTNRPomB+L
UkTi7dZQw1t4G4BBV8BnOWlLaUcmbSrZN6mqm1fS6DAug81kngZNYhW5Gbwe1jSy
bRHRFG5WrBlcT3dtX213Gb55DOCTGpjeB8eDLn0QF/2BmbDXRmHnoHCCGmUGkg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org