Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3234312e3233382e302f32332d3234203d3e20323037353934.roa
File:                     3138352e3234312e3233382e302f32332d3234203d3e20323037353934.roa (raw, json)
Hash identifier:          zfAz4NeaXuj1/6ZxwhgwRjMUzBfWUCQvGpd1qisCrlU=
Subject key identifier:   9B:82:03:A6:7D:99:1A:56:FB:59:6D:A3:7A:BF:8C:11:20:83:31:92
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       018B4A5124BC4760530A59F191AADC99DA99FC50
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3234312e3233382e302f32332d3234203d3e20323037353934.roa
Signing time:             Mon 26 Feb 2024 08:53:34 +0000
ROA not before:           Mon 26 Feb 2024 08:48:34 +0000
ROA not after:            Mon 24 Feb 2025 08:53:34 +0000
asID:                     207594
IP address blocks:        185.241.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:4a:51:24:bc:47:60:53:0a:59:f1:91:aa:dc:99:da:99:fc:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:34 2024 GMT
            Not After : Feb 24 08:53:34 2025 GMT
        Subject: CN=9B8203A67D991A56FB596DA37ABF8C1120833192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:71:71:6f:74:b2:33:7b:df:7b:16:17:65:12:
                    6f:90:72:8d:dd:50:35:16:63:de:e8:18:43:b2:cb:
                    af:27:01:2a:02:24:33:7e:90:81:35:da:d3:c5:3c:
                    b7:c3:f6:65:2b:86:8b:51:ea:19:68:bd:49:04:0a:
                    17:23:07:14:41:90:3c:b5:88:7d:c5:b0:38:a5:9f:
                    31:56:0f:d1:3b:b7:07:18:b9:43:13:01:c9:79:a9:
                    c1:54:f3:eb:5f:1b:a4:d9:b8:66:60:0b:a2:45:c1:
                    76:34:ad:48:2c:80:92:2b:30:db:8f:2b:4f:0d:0c:
                    19:f8:66:23:1a:b4:2f:87:56:8b:8c:7c:75:5f:60:
                    18:c3:7f:8f:d8:20:4d:2f:85:11:00:23:46:48:58:
                    dc:e4:af:12:2c:6f:54:9b:0f:3d:37:a9:e2:0c:bc:
                    d5:74:13:86:2b:c7:c6:13:bd:9e:8b:f2:1d:c9:20:
                    2d:77:f4:63:45:c2:fd:6d:ec:d5:23:d3:5d:7c:d1:
                    eb:d0:95:70:e5:41:36:3d:59:1c:55:9f:71:70:e9:
                    96:ca:7d:ac:9d:ec:9a:02:33:a2:85:a3:3e:ca:97:
                    7e:33:48:67:b3:b4:b3:12:63:59:c1:a1:16:1b:6e:
                    03:cf:8d:77:d1:d3:8a:ef:12:2d:79:b7:3a:a0:e1:
                    f1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:82:03:A6:7D:99:1A:56:FB:59:6D:A3:7A:BF:8C:11:20:83:31:92
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3234312e3233382e302f32332d3234203d3e20323037353934.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:3f:2e:a7:5f:92:28:89:e5:29:5c:fe:16:47:62:91:32:55:
         77:84:ec:70:2e:a4:ff:c7:67:f3:e5:35:3f:29:7a:3e:f4:62:
         5f:39:31:c3:eb:7e:08:37:38:47:cc:f9:56:03:c4:02:46:b1:
         26:6d:d4:01:47:6f:ad:9b:a6:20:1b:ed:d5:c8:6f:2b:31:00:
         d3:1d:d9:55:c1:b1:23:f6:dd:40:0c:bc:51:6a:18:86:64:1e:
         18:db:7f:b1:24:5f:2c:bf:b3:bc:03:9d:df:42:35:5c:15:b7:
         0f:06:f0:8d:66:8d:2f:8d:5b:c7:94:91:a7:57:77:7c:91:77:
         20:b8:81:db:ba:53:8b:cd:2b:a6:c0:3e:cc:19:9e:60:d0:84:
         36:c0:a6:6f:44:93:8b:95:d8:b1:2f:bf:e5:29:a1:e8:fe:87:
         91:8b:b1:ee:f1:21:3c:97:98:59:72:5f:06:ec:06:11:77:94:
         1a:da:6a:4e:2e:d6:d3:11:5a:09:e5:ee:45:d6:51:e6:f3:64:
         40:d8:81:0b:4d:50:90:4a:e7:b3:6c:ed:84:3e:e3:50:d0:4b:
         e9:5e:0d:4c:29:cd:a2:3f:ed:b1:18:3a:d7:9c:50:c0:bc:a0:
         d7:ab:cd:4d:12:e8:c5:73:52:e0:70:48:01:7e:ab:39:d7:ef:
         10:cf:bb:8d
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUAYtKUSS8R2BTClnxkarcmdqZ/FAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzRaFw0yNTAyMjQwODUzMzRaMDMxMTAvBgNV
BAMTKDlCODIwM0E2N0Q5OTFBNTZGQjU5NkRBMzdBQkY4QzExMjA4MzMxOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6cXFvdLIze997FhdlEm+Qco3d
UDUWY97oGEOyy68nASoCJDN+kIE12tPFPLfD9mUrhotR6hlovUkEChcjBxRBkDy1
iH3FsDilnzFWD9E7twcYuUMTAcl5qcFU8+tfG6TZuGZgC6JFwXY0rUgsgJIrMNuP
K08NDBn4ZiMatC+HVouMfHVfYBjDf4/YIE0vhREAI0ZIWNzkrxIsb1SbDz03qeIM
vNV0E4Yrx8YTvZ6L8h3JIC139GNFwv1t7NUj01180evQlXDlQTY9WRxVn3Fw6ZbK
fayd7JoCM6KFoz7Kl34zSGeztLMSY1nBoRYbbgPPjXfR04rvEi15tzqg4fGNAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUm4IDpn2ZGlb7WW2jer+MESCDMZIwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjM0MzEyZTMy
MzMzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMyMzAzNzM1MzkzNC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAbnx7jANBgkqhkiG9w0BAQsFAAOCAQEAdD8up1+SKInlKVz+FkdikTJVd4Ts
cC6k/8dn8+U1Pyl6PvRiXzkxw+t+CDc4R8z5VgPEAkaxJm3UAUdvrZumIBvt1chv
KzEA0x3ZVcGxI/bdQAy8UWoYhmQeGNt/sSRfLL+zvAOd30I1XBW3DwbwjWaNL41b
x5SRp1d3fJF3ILiB27pTi80rpsA+zBmeYNCENsCmb0STi5XYsS+/5Smh6P6HkYux
7vEhPJeYWXJfBuwGEXeUGtpqTi7W0xFaCeXuRdZR5vNkQNiBC01QkErns2zthD7j
UNBL6V4NTCnNoj/tsRg615xQwLyg16vNTRLoxXNS4HBIAX6rOdfvEM+7jQ==
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:45:08 2024 by rpki-client on console-ams.rpki-client.org