Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3138332e3138332e302f32342d3234203d3e20323034313730.roa
File:                     3138352e3138332e3138332e302f32342d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          NGcsNXqDMfkAsZuewWvQ2qNwTRyV8qd0kTSrer2Z6dc=
Subject key identifier:   A3:D5:A9:26:20:DA:32:C7:2D:4D:CC:34:83:91:00:C1:07:88:71:07
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       4BC934D795263B59BEFF72C32F8AB5CDE2907A8C
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3138332e3138332e302f32342d3234203d3e20323034313730.roa
Signing time:             Mon 26 Feb 2024 08:53:36 +0000
ROA not before:           Mon 26 Feb 2024 08:48:36 +0000
ROA not after:            Mon 24 Feb 2025 08:53:36 +0000
asID:                     204170
IP address blocks:        185.183.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:c9:34:d7:95:26:3b:59:be:ff:72:c3:2f:8a:b5:cd:e2:90:7a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:36 2024 GMT
            Not After : Feb 24 08:53:36 2025 GMT
        Subject: CN=A3D5A92620DA32C72D4DCC34839100C107887107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:30:7b:20:5f:81:82:98:d8:85:73:45:b2:da:
                    2f:26:b7:49:69:73:6f:6f:ff:6e:4b:6c:d2:59:e4:
                    e6:38:75:e7:95:b5:bf:16:bb:77:0a:ba:08:e0:f4:
                    b3:35:29:6e:ec:98:78:bf:fb:3e:65:d8:e1:d0:80:
                    19:c4:71:fb:86:11:b5:95:ae:d3:1b:3a:d8:f6:d7:
                    1c:28:10:6e:0b:7a:eb:df:69:86:2c:92:cb:1b:c4:
                    2a:e8:08:cf:22:23:3b:d6:18:dc:59:60:a9:64:cc:
                    ca:8b:c2:8c:ca:92:2f:2a:be:55:4a:53:2b:5a:82:
                    76:18:64:18:e1:67:91:61:ce:e0:45:e6:6c:52:5b:
                    21:e4:a2:0f:de:07:53:94:98:2b:02:4a:96:fc:9d:
                    22:7e:f5:fe:1b:a6:5e:30:f8:2e:9e:a0:e4:02:ab:
                    8c:cd:0a:cc:bf:16:76:12:17:f5:e7:9e:31:d6:6b:
                    75:a7:1d:7c:23:fa:af:94:26:85:3a:79:5e:de:ee:
                    59:dc:18:3d:bd:79:43:85:fa:8c:b6:1b:8f:1b:f0:
                    a9:ae:65:6d:50:af:6c:61:b4:ed:a8:b7:98:55:27:
                    8d:5e:9e:4e:ba:27:8c:d0:c2:66:ea:0e:70:df:f7:
                    fd:6d:c8:0d:e7:d2:fc:fb:d5:67:78:45:dd:de:8c:
                    2f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D5:A9:26:20:DA:32:C7:2D:4D:CC:34:83:91:00:C1:07:88:71:07
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3138332e3138332e302f32342d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:0b:4e:2d:a3:cf:32:7c:67:28:cc:20:fd:45:94:c7:e7:4c:
         da:a6:07:3c:b8:7d:bc:4d:b2:96:dd:1b:3f:8d:5a:11:c8:c6:
         81:48:a9:c9:0f:3c:18:74:a2:07:22:c6:dc:d0:38:59:f8:d8:
         46:51:f8:7c:61:2e:b1:43:d1:8a:0e:0a:d6:b8:2d:7b:6a:a0:
         89:81:76:56:06:b0:2a:85:70:17:6e:0d:bf:31:32:29:25:de:
         01:22:d9:51:18:82:f6:f3:73:2c:bb:9c:06:61:10:c3:fc:b0:
         29:eb:d8:55:7c:4b:84:89:65:3c:3d:e5:56:aa:88:e8:a9:0e:
         49:af:e6:09:9f:43:9f:07:1f:93:ef:2d:fd:44:e4:90:57:5f:
         98:db:e4:24:24:6a:23:af:82:bf:fa:92:17:f0:b2:1f:2c:33:
         8f:36:30:39:1e:c0:fd:3f:44:6e:33:5f:11:d1:5f:2e:a9:ff:
         04:29:77:dd:a4:a2:bd:46:67:73:0f:cc:83:2a:37:26:e7:2a:
         3f:f1:a3:1e:ba:d8:c2:2f:69:08:1f:4d:61:ed:a6:54:17:0a:
         44:6a:d8:76:9d:47:b6:95:4c:73:2c:96:35:63:c2:12:8c:e5:
         99:23:a9:7a:72:c9:42:84:ff:9f:b0:df:fa:88:07:f7:58:24:
         24:1c:c0:71
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUS8k015UmO1m+/3LDL4q1zeKQeowwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzZaFw0yNTAyMjQwODUzMzZaMDMxMTAvBgNV
BAMTKEEzRDVBOTI2MjBEQTMyQzcyRDREQ0MzNDgzOTEwMEMxMDc4ODcxMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MHsgX4GCmNiFc0Wy2i8mt0lp
c29v/25LbNJZ5OY4deeVtb8Wu3cKugjg9LM1KW7smHi/+z5l2OHQgBnEcfuGEbWV
rtMbOtj21xwoEG4LeuvfaYYskssbxCroCM8iIzvWGNxZYKlkzMqLwozKki8qvlVK
UytagnYYZBjhZ5FhzuBF5mxSWyHkog/eB1OUmCsCSpb8nSJ+9f4bpl4w+C6eoOQC
q4zNCsy/FnYSF/XnnjHWa3WnHXwj+q+UJoU6eV7e7lncGD29eUOF+oy2G48b8Kmu
ZW1Qr2xhtO2ot5hVJ41enk66J4zQwmbqDnDf9/1tyA3n0vz71Wd4Rd3ejC/tAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUo9WpJiDaMsctTcw0g5EAwQeIcQcwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMTM4MzMyZTMx
MzgzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNDMxMzczMC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALm3tzANBgkqhkiG9w0BAQsFAAOCAQEAVQtOLaPPMnxnKMwg/UWUx+dM2qYH
PLh9vE2ylt0bP41aEcjGgUipyQ88GHSiByLG3NA4WfjYRlH4fGEusUPRig4K1rgt
e2qgiYF2VgawKoVwF24NvzEyKSXeASLZURiC9vNzLLucBmEQw/ywKevYVXxLhIll
PD3lVqqI6KkOSa/mCZ9Dnwcfk+8t/UTkkFdfmNvkJCRqI6+Cv/qSF/CyHywzjzYw
OR7A/T9EbjNfEdFfLqn/BCl33aSivUZncw/Mgyo3JucqP/GjHrrYwi9pCB9NYe2m
VBcKRGrYdp1HtpVMcyyWNWPCEozlmSOpenLJQoT/n7Df+ogH91gkJBzAcQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org