Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38332e3133382e35302e302f32342d3234203d3e20333936303236.roa
File:                     38332e3133382e35302e302f32342d3234203d3e20333936303236.roa (raw, json)
Hash identifier:          ROshz8droRWJVd4rm2DnnBWseQFkJrKJ50c2V6tyBz0=
Subject key identifier:   2A:2A:6F:52:FB:CA:10:B2:96:21:45:AA:29:EB:7B:AF:1D:96:45:40
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       405B9DA6720427F697CDB8E746910A51B5A4BA86
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38332e3133382e35302e302f32342d3234203d3e20333936303236.roa
Signing time:             Mon 09 Sep 2024 21:05:20 +0000
ROA not before:           Mon 09 Sep 2024 21:00:20 +0000
ROA not after:            Mon 08 Sep 2025 21:05:20 +0000
asID:                     396026
IP address blocks:        83.138.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:5b:9d:a6:72:04:27:f6:97:cd:b8:e7:46:91:0a:51:b5:a4:ba:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Sep  9 21:00:20 2024 GMT
            Not After : Sep  8 21:05:20 2025 GMT
        Subject: CN=2A2A6F52FBCA10B2962145AA29EB7BAF1D964540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3e:f2:2e:00:94:f8:97:20:a4:a9:b2:2f:45:
                    f6:24:73:d6:c1:a5:e1:07:4b:1c:18:78:78:fd:8a:
                    2e:74:13:b9:33:13:63:68:a7:70:99:f9:0b:e4:af:
                    58:1d:44:29:37:1e:8e:2d:a4:7f:4c:11:29:7a:a8:
                    f1:6f:b5:a5:0f:f3:72:a2:e7:a8:d4:bf:f9:48:fe:
                    9f:49:d3:70:15:3e:ea:89:3c:ce:12:23:ec:fd:95:
                    a6:cf:66:dd:4f:78:7e:b0:6d:8f:cd:c9:d5:a0:59:
                    5c:77:7f:6e:a1:47:9b:c0:8c:ee:57:b9:82:95:5e:
                    77:08:af:c2:7b:4d:b5:2a:59:18:97:80:52:df:6e:
                    30:5c:4b:1b:da:e9:ab:5c:63:67:d9:1c:92:46:64:
                    ee:e0:29:7a:e5:ac:b6:b9:73:1a:b7:96:dc:fd:40:
                    fd:0f:e5:42:e6:8d:27:01:04:5f:84:07:62:2c:9c:
                    aa:d7:bb:b5:fb:46:96:3e:5b:cf:ac:40:f8:d5:6d:
                    33:e2:b0:cb:6e:4a:ce:db:d1:0e:1e:8c:d3:8e:01:
                    07:47:46:6e:b2:40:0f:a7:6c:c6:65:55:7b:32:ef:
                    92:0a:46:56:45:a9:2e:4c:72:8b:f3:c9:df:27:dd:
                    82:b1:6c:28:61:de:d8:a5:04:4c:83:d7:b5:f6:85:
                    35:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2A:6F:52:FB:CA:10:B2:96:21:45:AA:29:EB:7B:AF:1D:96:45:40
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38332e3133382e35302e302f32342d3234203d3e20333936303236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.138.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:f6:74:02:3a:bc:bf:37:99:6c:c0:69:2d:9a:77:a5:e2:4d:
         51:a5:24:9b:7c:e1:b1:e6:8a:74:a7:70:5c:b3:d1:02:6f:99:
         18:5f:9b:a5:ed:5b:d5:82:34:46:1d:9d:fa:2c:e0:ec:83:46:
         aa:cd:08:35:29:9a:a4:22:df:fd:b0:77:42:78:a1:51:c6:f8:
         11:5b:ca:58:07:fa:a1:f1:f5:3d:4e:89:c7:ad:6b:9d:7f:f7:
         43:9a:dc:59:48:70:f8:2a:10:f0:4d:d2:b4:c3:19:5d:77:a9:
         c8:df:59:05:4d:ab:71:07:32:5a:73:48:31:cf:20:38:55:2a:
         40:de:93:18:f6:d9:25:6c:68:c0:31:f1:90:8c:d0:bd:29:08:
         52:5a:3f:fb:6c:a8:a3:63:90:ea:5e:7d:05:1c:b0:64:d0:ba:
         29:44:0d:62:37:00:ab:8e:4e:52:2e:38:64:df:7f:56:19:df:
         4b:59:c8:16:cd:a0:11:7d:3d:af:5e:b3:c8:18:07:3d:9f:7b:
         a6:3b:a2:7c:d0:c1:3c:cf:e1:c9:92:90:40:52:76:8e:b5:85:
         2f:9b:70:4b:fc:1c:84:dc:a4:af:62:eb:d0:eb:a4:c2:f2:a7:
         17:9f:7e:1e:f2:f5:da:3c:2d:07:81:4b:bb:a3:7c:e8:30:9b:
         98:96:52:d0
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQFudpnIEJ/aXzbjnRpEKUbWkuoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA5MDkyMTAwMjBaFw0yNTA5MDgyMTA1MjBaMDMxMTAvBgNV
BAMTKDJBMkE2RjUyRkJDQTEwQjI5NjIxNDVBQTI5RUI3QkFGMUQ5NjQ1NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMPvIuAJT4lyCkqbIvRfYkc9bB
peEHSxwYeHj9ii50E7kzE2Nop3CZ+Qvkr1gdRCk3Ho4tpH9MESl6qPFvtaUP83Ki
56jUv/lI/p9J03AVPuqJPM4SI+z9labPZt1PeH6wbY/NydWgWVx3f26hR5vAjO5X
uYKVXncIr8J7TbUqWRiXgFLfbjBcSxva6atcY2fZHJJGZO7gKXrlrLa5cxq3ltz9
QP0P5ULmjScBBF+EB2IsnKrXu7X7RpY+W8+sQPjVbTPisMtuSs7b0Q4ejNOOAQdH
Rm6yQA+nbMZlVXsy75IKRlZFqS5Mcovzyd8n3YKxbChh3tilBEyD17X2hTVlAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUKipvUvvKELKWIUWqKet7rx2WRUAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzgzMzJlMzEzMzM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzOTM2MzAzMjM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
U4oyMA0GCSqGSIb3DQEBCwUAA4IBAQCP9nQCOry/N5lswGktmnel4k1RpSSbfOGx
5op0p3Bcs9ECb5kYX5ul7VvVgjRGHZ36LODsg0aqzQg1KZqkIt/9sHdCeKFRxvgR
W8pYB/qh8fU9TonHrWudf/dDmtxZSHD4KhDwTdK0wxldd6nI31kFTatxBzJac0gx
zyA4VSpA3pMY9tklbGjAMfGQjNC9KQhSWj/7bKijY5DqXn0FHLBk0LopRA1iNwCr
jk5SLjhk339WGd9LWcgWzaARfT2vXrPIGAc9n3umO6J80ME8z+HJkpBAUnaOtYUv
m3BL/ByE3KSvYuvQ66TC8qcXn34e8vXaPC0HgUu7o3zoMJuYllLQ
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org