Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3138352e3234302e3130342e302f32342d3234203d3e20323130353338.roa
File:                     3138352e3234302e3130342e302f32342d3234203d3e20323130353338.roa (raw, json)
Hash identifier:          e7DAYp4SHfxn2VHLApclYeubQioRqGakPF4YwyLlJQg=
Subject key identifier:   75:8A:B4:F5:0B:E3:7C:6C:A0:FD:96:BB:58:D2:67:D4:FA:75:50:B7
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       4D87B01655EA415A9CBF7B8331D5780F9757B397
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3138352e3234302e3130342e302f32342d3234203d3e20323130353338.roa
Signing time:             Fri 26 Jul 2024 20:41:26 +0000
ROA not before:           Fri 26 Jul 2024 20:36:26 +0000
ROA not after:            Fri 25 Jul 2025 20:41:26 +0000
asID:                     210538
IP address blocks:        185.240.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:87:b0:16:55:ea:41:5a:9c:bf:7b:83:31:d5:78:0f:97:57:b3:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Jul 26 20:36:26 2024 GMT
            Not After : Jul 25 20:41:26 2025 GMT
        Subject: CN=758AB4F50BE37C6CA0FD96BB58D267D4FA7550B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9e:d4:d4:ee:f2:94:c3:d3:48:aa:55:f5:ab:
                    1e:41:0d:e1:69:de:0d:bf:cf:9b:48:42:00:be:74:
                    52:af:50:be:de:30:a3:7f:18:4b:c6:4a:af:82:da:
                    51:52:e5:d9:af:ec:d0:a9:49:b9:bb:d8:27:43:ae:
                    89:b7:48:ec:62:73:11:2f:fc:c9:cd:48:4b:de:88:
                    16:ef:71:97:67:e7:85:c5:44:d0:5f:c3:3f:9c:ce:
                    74:30:c4:0e:5b:b4:a5:43:73:11:4b:d0:a0:8d:dd:
                    32:e9:bc:3f:9c:26:24:43:61:6d:25:2d:d9:60:7e:
                    e3:0a:6b:5e:ba:fe:d6:17:1e:43:14:ac:38:78:45:
                    d0:6e:ee:57:bd:b9:d0:26:5a:b4:55:ac:57:b0:2c:
                    79:68:61:ce:e2:c3:b4:00:f7:00:ba:60:ce:3c:c4:
                    39:7f:09:3c:ff:08:5a:52:1f:0a:f7:fb:0a:6a:0c:
                    13:3c:b3:6c:8c:4a:20:8a:4d:e1:bf:45:d7:89:05:
                    75:8b:ba:56:4d:c9:06:6c:2c:fd:78:d9:b3:34:b8:
                    e9:db:48:ad:e4:08:23:da:b9:73:40:7e:5c:c7:49:
                    52:7d:fa:b5:54:20:d9:8e:95:14:e5:b5:ee:0b:32:
                    b7:95:1b:07:84:3c:02:07:2b:7c:77:ff:16:92:b0:
                    93:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:8A:B4:F5:0B:E3:7C:6C:A0:FD:96:BB:58:D2:67:D4:FA:75:50:B7
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3138352e3234302e3130342e302f32342d3234203d3e20323130353338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:fa:c2:8e:b0:d2:01:ab:b5:5d:35:f4:a7:79:93:66:ad:ce:
         a0:45:82:b2:1f:49:a9:2c:c7:07:e7:7e:68:b2:c3:5a:25:22:
         11:45:39:d2:66:f5:a4:c4:0e:dc:2d:46:05:dd:bc:83:9a:c3:
         7f:fd:88:81:c7:77:2d:d5:eb:17:6d:cb:69:2e:69:95:8e:7d:
         2f:27:ec:b1:6d:33:ef:d9:66:04:46:c2:3e:ef:9d:80:27:71:
         66:7f:bb:0e:2f:c6:25:f4:1f:cf:ed:70:b1:0e:72:9b:e0:09:
         92:e3:30:4a:d6:7e:56:91:95:2d:3c:3f:57:8c:26:57:d1:b2:
         5b:c4:c2:99:fd:e3:f8:41:8e:62:2f:9b:d2:1c:93:c2:bf:0c:
         ca:23:1c:ab:94:b5:99:62:61:9a:ce:c7:34:72:e1:f9:f1:7e:
         1f:55:36:ea:9f:5f:f0:4b:67:e4:cb:06:af:62:3c:c5:72:ef:
         9c:24:2f:95:33:13:d3:9d:db:b8:07:59:af:1a:ea:dc:c4:f2:
         5a:c2:6c:18:50:f9:92:59:60:84:ba:78:d7:95:0c:ba:6b:e0:
         60:63:21:d5:9f:15:8d:82:e1:fa:d0:fc:0f:f0:eb:fe:97:e5:
         2b:ef:db:9f:bf:f4:17:44:18:7e:b2:3b:aa:27:10:ba:4e:80:
         27:3c:86:7d
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUTYewFlXqQVqcv3uDMdV4D5dXs5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA3MjYyMDM2MjZaFw0yNTA3MjUyMDQxMjZaMDMxMTAvBgNV
BAMTKDc1OEFCNEY1MEJFMzdDNkNBMEZEOTZCQjU4RDI2N0Q0RkE3NTUwQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwntTU7vKUw9NIqlX1qx5BDeFp
3g2/z5tIQgC+dFKvUL7eMKN/GEvGSq+C2lFS5dmv7NCpSbm72CdDrom3SOxicxEv
/MnNSEveiBbvcZdn54XFRNBfwz+cznQwxA5btKVDcxFL0KCN3TLpvD+cJiRDYW0l
LdlgfuMKa166/tYXHkMUrDh4RdBu7le9udAmWrRVrFewLHloYc7iw7QA9wC6YM48
xDl/CTz/CFpSHwr3+wpqDBM8s2yMSiCKTeG/RdeJBXWLulZNyQZsLP142bM0uOnb
SK3kCCPauXNAflzHSVJ9+rVUINmOlRTlte4LMreVGweEPAIHK3x3/xaSsJNfAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUdYq09QvjfGyg/Za7WNJn1Pp1ULcwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzEzODM1MmUzMjM0MzAyZTMx
MzAzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMDM1MzMzOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnwaDANBgkqhkiG9w0BAQsFAAOCAQEASPrCjrDSAau1XTX0p3mTZq3OoEWC
sh9JqSzHB+d+aLLDWiUiEUU50mb1pMQO3C1GBd28g5rDf/2Igcd3LdXrF23LaS5p
lY59LyfssW0z79lmBEbCPu+dgCdxZn+7Di/GJfQfz+1wsQ5ym+AJkuMwStZ+VpGV
LTw/V4wmV9GyW8TCmf3j+EGOYi+b0hyTwr8MyiMcq5S1mWJhms7HNHLh+fF+H1U2
6p9f8Etn5MsGr2I8xXLvnCQvlTMT053buAdZrxrq3MTyWsJsGFD5kllghLp415UM
umvgYGMh1Z8VjYLh+tD8D/Dr/pflK+/bn7/0F0QYfrI7qicQuk6AJzyGfQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 01:46:57 2024 by rpki-client on console-fra.rpki-client.org