Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3231372e32382e3133382e302f32342d3234203d3e20323039393736.roa
File:                     3231372e32382e3133382e302f32342d3234203d3e20323039393736.roa (raw, json)
Hash identifier:          tVUvIrXWXtAXUhoND4zxAbjUSLIKfmnAMtjbKc/53Lo=
Subject key identifier:   8C:39:9B:AC:91:CF:1C:74:4F:54:1B:16:23:F2:94:F4:C8:59:79:D2
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       43FF1BC3AE4389E9BE7BBE8B21584B24BE9CF26E
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3231372e32382e3133382e302f32342d3234203d3e20323039393736.roa
Signing time:             Tue 23 Jan 2024 06:20:28 +0000
ROA not before:           Tue 23 Jan 2024 06:15:28 +0000
ROA not after:            Tue 21 Jan 2025 06:20:28 +0000
asID:                     209976
IP address blocks:        217.28.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:ff:1b:c3:ae:43:89:e9:be:7b:be:8b:21:58:4b:24:be:9c:f2:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 23 06:15:28 2024 GMT
            Not After : Jan 21 06:20:28 2025 GMT
        Subject: CN=8C399BAC91CF1C744F541B1623F294F4C85979D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:29:b7:c3:4d:33:73:05:b7:1b:ee:0a:47:87:
                    98:57:d5:2c:da:30:f2:a4:f6:20:b3:fc:6c:86:d4:
                    d5:e2:55:b1:55:93:6a:5b:29:95:1c:46:86:dd:f1:
                    e8:b8:5d:17:69:75:7f:b4:7a:36:00:bf:fc:42:a0:
                    c1:1e:55:e0:9d:5d:52:68:30:53:33:81:35:23:ae:
                    e9:c5:5f:2d:1b:cd:fe:ca:db:dc:8d:23:c1:87:52:
                    c2:e3:9a:48:4a:03:09:b7:dd:99:9c:62:6a:8e:57:
                    9c:36:65:af:9f:e5:4a:1e:c7:b3:b7:6a:13:bf:2a:
                    bb:70:95:b1:2c:31:e9:6a:5b:95:ad:bb:0e:3e:eb:
                    39:4d:c6:74:51:28:71:40:fb:17:f8:db:6b:c1:c6:
                    c0:bc:30:59:25:6f:a3:5b:39:91:a0:8c:31:13:bb:
                    1e:7b:d3:81:c5:9c:6d:cb:07:63:f5:35:d1:fa:47:
                    80:9c:90:73:2a:56:9a:cf:d6:6a:f8:04:50:e8:d7:
                    8f:b0:a9:75:40:59:1d:f0:e1:99:13:fd:20:70:f5:
                    df:97:02:ff:bc:cd:29:e0:94:c6:46:d8:c3:3a:b6:
                    83:d0:32:1b:c8:86:1d:ba:8f:f7:f8:9f:cc:8e:ab:
                    cd:d6:70:f9:1a:f6:bd:ce:fa:b6:4e:40:e0:5e:84:
                    38:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:39:9B:AC:91:CF:1C:74:4F:54:1B:16:23:F2:94:F4:C8:59:79:D2
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3231372e32382e3133382e302f32342d3234203d3e20323039393736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:57:94:ef:26:02:03:29:1f:65:63:d8:82:43:f5:b6:59:fe:
         41:9f:b5:c8:69:64:86:fd:7a:80:eb:fd:a0:4d:21:87:cb:b4:
         04:41:64:75:e8:d5:85:b3:ad:10:ff:2d:67:8d:77:89:fc:8f:
         37:c7:27:96:8a:19:6c:2f:09:14:74:51:9d:30:68:a1:e8:cb:
         16:3d:de:b8:6e:19:4e:34:0c:7b:2a:cb:13:e8:98:7c:29:cb:
         8a:cb:26:ea:c3:c1:33:9b:33:7e:7f:00:83:0c:e2:8c:d7:64:
         ad:07:a0:a8:c1:3d:f6:25:00:25:ec:4d:ab:17:4a:9b:be:af:
         76:ae:54:0a:12:59:9c:94:83:38:7e:83:9b:cd:0f:95:94:57:
         d7:36:57:f4:f6:68:57:d4:07:96:9b:a5:32:36:f2:6d:1e:16:
         18:1d:7a:fb:a8:1e:bf:b3:f4:8e:dc:0e:02:30:0d:fb:02:22:
         14:cd:96:d5:d2:aa:45:de:93:e1:c2:26:d3:aa:82:56:bd:03:
         2b:47:39:14:9d:fc:80:5a:54:e7:6f:11:65:5f:6d:3d:5f:3b:
         db:2c:6a:db:eb:f9:e2:72:fc:c5:1b:5d:61:6f:95:02:10:11:
         1b:f1:49:e5:03:47:66:03:f0:8f:10:56:68:8d:a4:8c:6b:54:
         b3:23:bd:e0
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQ/8bw65Diem+e76LIVhLJL6c8m4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjMwNjE1MjhaFw0yNTAxMjEwNjIwMjhaMDMxMTAvBgNV
BAMTKDhDMzk5QkFDOTFDRjFDNzQ0RjU0MUIxNjIzRjI5NEY0Qzg1OTc5RDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqKbfDTTNzBbcb7gpHh5hX1Sza
MPKk9iCz/GyG1NXiVbFVk2pbKZUcRobd8ei4XRdpdX+0ejYAv/xCoMEeVeCdXVJo
MFMzgTUjrunFXy0bzf7K29yNI8GHUsLjmkhKAwm33ZmcYmqOV5w2Za+f5Uoex7O3
ahO/KrtwlbEsMelqW5Wtuw4+6zlNxnRRKHFA+xf422vBxsC8MFklb6NbOZGgjDET
ux5704HFnG3LB2P1NdH6R4CckHMqVprP1mr4BFDo14+wqXVAWR3w4ZkT/SBw9d+X
Av+8zSnglMZG2MM6toPQMhvIhh26j/f4n8yOq83WcPka9r3O+rZOQOBehDgfAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUjDmbrJHPHHRPVBsWI/KU9MhZedIwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzIzMTM3MmUzMjM4MmUzMTMz
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzkzOTM3MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADZHIowDQYJKoZIhvcNAQELBQADggEBAF9XlO8mAgMpH2Vj2IJD9bZZ/kGftchp
ZIb9eoDr/aBNIYfLtARBZHXo1YWzrRD/LWeNd4n8jzfHJ5aKGWwvCRR0UZ0waKHo
yxY93rhuGU40DHsqyxPomHwpy4rLJurDwTObM35/AIMM4ozXZK0HoKjBPfYlACXs
TasXSpu+r3auVAoSWZyUgzh+g5vND5WUV9c2V/T2aFfUB5abpTI28m0eFhgdevuo
Hr+z9I7cDgIwDfsCIhTNltXSqkXek+HCJtOqgla9AytHORSd/IBaVOdvEWVfbT1f
O9ssatvr+eJy/MUbXWFvlQIQERvxSeUDR2YD8I8QVmiNpIxrVLMjveA=
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:40:56 2024 by rpki-client on console-ams.rpki-client.org