Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3232362e3135342e302f32342d3234203d3e20383334.roa
File:                     3138352e3232362e3135342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          OoQ4I3OxKpNjMjrKcgJPYdGDaX27ZmnIdOJki+eI9WY=
Subject key identifier:   07:33:C4:44:46:08:BE:5D:CA:F9:CE:E4:22:B9:A8:E4:68:81:B8:5E
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       110CF48FB565EDB1906DD52DD6A0BA47F589A453
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3232362e3135342e302f32342d3234203d3e20383334.roa
Signing time:             Wed 26 Jun 2024 00:03:28 +0000
ROA not before:           Tue 25 Jun 2024 23:58:28 +0000
ROA not after:            Wed 25 Jun 2025 00:03:28 +0000
asID:                     834
IP address blocks:        185.226.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:0c:f4:8f:b5:65:ed:b1:90:6d:d5:2d:d6:a0:ba:47:f5:89:a4:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jun 25 23:58:28 2024 GMT
            Not After : Jun 25 00:03:28 2025 GMT
        Subject: CN=0733C4444608BE5DCAF9CEE422B9A8E46881B85E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:80:a3:73:4b:1d:b2:9b:dd:fd:77:e6:d4:1c:
                    8f:ca:41:ca:fa:84:92:0f:a5:20:1a:51:d3:36:69:
                    79:b8:0f:a4:0c:2a:69:6a:89:f0:54:0f:54:3d:c0:
                    10:39:2e:bb:cb:8c:96:00:d0:69:eb:68:b4:28:ff:
                    5d:ed:a7:a6:e7:25:e5:11:7d:91:c8:bb:dd:bb:f5:
                    cd:5a:88:9e:37:7e:3f:cd:11:6e:d5:ef:1f:7c:ca:
                    40:6a:2a:3c:ec:63:28:48:cc:7b:9d:fd:4a:b8:a7:
                    4b:11:c7:52:fc:f5:18:20:24:da:f4:df:83:e2:93:
                    35:62:49:b8:9b:6b:e5:71:73:a0:6a:6b:d6:f3:95:
                    7f:0f:10:62:d2:c3:19:bb:c4:67:26:7d:94:56:1e:
                    4b:7d:b9:d9:9a:ac:52:0a:89:9a:26:5a:c7:85:6f:
                    17:37:ff:98:be:fa:ab:10:b1:3a:f1:93:90:63:35:
                    f0:e1:d8:38:13:b2:37:66:40:3f:55:f5:f6:23:fa:
                    d5:70:61:55:7c:b9:db:d4:2c:4f:7b:9b:4e:3a:23:
                    ed:2b:c9:e7:61:6e:16:1c:ac:45:ef:f8:dd:af:b5:
                    a3:d7:ed:d1:35:92:d5:da:61:62:2c:4d:e8:7e:9d:
                    74:a9:9b:da:c5:ac:c6:cc:22:c0:a2:55:04:96:8c:
                    4f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:33:C4:44:46:08:BE:5D:CA:F9:CE:E4:22:B9:A8:E4:68:81:B8:5E
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3232362e3135342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:88:f7:c8:11:ff:60:11:c8:c1:ff:fa:50:9a:58:9b:62:0c:
         20:58:3e:34:d8:7d:27:78:e2:ad:74:13:aa:a2:81:1e:83:e5:
         a7:df:95:4d:77:81:fd:2a:ca:78:42:fa:04:bd:e8:70:41:da:
         91:e5:cf:e6:75:8e:7c:d2:89:92:08:3e:dc:56:ec:fc:6a:21:
         03:33:4c:84:34:5c:f9:0f:60:64:62:5b:9e:34:07:3c:4f:e5:
         6f:d6:78:50:7e:23:fd:6f:c9:a0:59:fa:1b:6e:22:0f:9d:b8:
         6d:c4:97:42:97:7e:fa:84:8b:b8:9f:cb:2b:68:ce:5e:03:3a:
         53:0f:07:43:e1:fe:2b:28:05:fd:02:c0:32:2f:46:68:bf:76:
         e4:e8:fa:53:7b:43:88:32:93:3c:8d:88:46:b9:84:11:c1:99:
         bb:c1:ad:de:0c:64:f4:c5:e4:3c:05:da:86:ab:30:fe:8f:01:
         95:61:28:05:b1:b6:28:85:00:5e:8d:7a:1e:f4:c3:2e:59:17:
         4a:eb:69:a7:ad:63:33:53:53:aa:0f:77:c8:23:cb:e1:03:b0:
         d1:87:a9:43:8f:99:1a:03:dd:1f:3e:06:3c:fb:95:14:50:b9:
         6a:c2:c8:5c:8c:86:62:19:af:74:e8:28:f9:31:24:83:89:cf:
         1c:ec:9e:30
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEQz0j7Vl7bGQbdUt1qC6R/WJpFMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA2MjUyMzU4MjhaFw0yNTA2MjUwMDAzMjhaMDMxMTAvBgNV
BAMTKDA3MzNDNDQ0NDYwOEJFNURDQUY5Q0VFNDIyQjlBOEU0Njg4MUI4NUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6gKNzSx2ym939d+bUHI/KQcr6
hJIPpSAaUdM2aXm4D6QMKmlqifBUD1Q9wBA5LrvLjJYA0GnraLQo/13tp6bnJeUR
fZHIu9279c1aiJ43fj/NEW7V7x98ykBqKjzsYyhIzHud/Uq4p0sRx1L89RggJNr0
34PikzViSbiba+Vxc6Bqa9bzlX8PEGLSwxm7xGcmfZRWHkt9udmarFIKiZomWseF
bxc3/5i++qsQsTrxk5BjNfDh2DgTsjdmQD9V9fYj+tVwYVV8udvULE97m046I+0r
yedhbhYcrEXv+N2vtaPX7dE1ktXaYWIsTeh+nXSpm9rFrMbMIsCiVQSWjE/ZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBzPEREYIvl3K+c7kIrmo5GiBuF4wHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzODM1MmUzMjMyMzYyZTMx
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALni
mjANBgkqhkiG9w0BAQsFAAOCAQEAm4j3yBH/YBHIwf/6UJpYm2IMIFg+NNh9J3ji
rXQTqqKBHoPlp9+VTXeB/SrKeEL6BL3ocEHakeXP5nWOfNKJkgg+3Fbs/GohAzNM
hDRc+Q9gZGJbnjQHPE/lb9Z4UH4j/W/JoFn6G24iD524bcSXQpd++oSLuJ/LK2jO
XgM6Uw8HQ+H+KygF/QLAMi9GaL925Oj6U3tDiDKTPI2IRrmEEcGZu8Gt3gxk9MXk
PAXahqsw/o8BlWEoBbG2KIUAXo16HvTDLlkXSutpp61jM1NTqg93yCPL4QOw0Yep
Q4+ZGgPdHz4GPPuVFFC5asLIXIyGYhmvdOgo+TEkg4nPHOyeMA==
-----END CERTIFICATE-----