Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e20313431313538.roa
File:                     38322e3131382e33312e302f32342d3234203d3e20313431313538.roa (raw, json)
Hash identifier:          r2HEZMW47IfZatlPMe0Hr71fYtjGPRQ+cIaOIcEKBpc=
Subject key identifier:   75:90:19:77:AD:ED:42:AB:74:C3:F7:0C:71:48:5D:BE:3A:8F:63:61
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       077174CAD277978023531F6CDE3938FB8513FC84
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e20313431313538.roa
Signing time:             Thu 04 Apr 2024 11:05:14 +0000
ROA not before:           Thu 04 Apr 2024 11:00:14 +0000
ROA not after:            Thu 03 Apr 2025 11:05:14 +0000
asID:                     141158
IP address blocks:        82.118.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:71:74:ca:d2:77:97:80:23:53:1f:6c:de:39:38:fb:85:13:fc:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:14 2024 GMT
            Not After : Apr  3 11:05:14 2025 GMT
        Subject: CN=75901977ADED42AB74C3F70C71485DBE3A8F6361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d8:92:9d:82:53:39:6b:5b:bb:eb:a5:b2:fe:
                    f8:62:38:1d:48:b9:88:8a:98:07:af:71:ef:52:cd:
                    b0:b9:06:ca:9e:40:1e:03:c6:e3:76:87:85:3b:ce:
                    b0:91:83:ef:fa:e2:45:81:31:cb:06:26:ac:b7:78:
                    2c:c7:7a:95:b2:26:7c:f6:5b:68:c7:30:37:c9:82:
                    6f:3b:56:1a:ad:ac:cd:af:82:56:7a:1f:c4:e9:c2:
                    98:a8:4a:3c:04:f0:1c:56:3a:88:d1:5b:10:1e:76:
                    7f:8a:93:fc:2a:a4:78:b6:02:9d:f0:40:5a:0a:d5:
                    b6:09:d7:9f:3d:4d:9a:0d:9e:ea:0d:b8:98:89:74:
                    82:84:6c:17:ed:b6:f0:95:c4:56:4b:03:a9:96:68:
                    cc:77:77:6f:d1:c1:4a:44:e2:f4:66:77:ea:3a:5b:
                    5f:e3:23:40:78:ab:ca:41:f5:36:96:f5:12:a0:2b:
                    9f:f1:ae:23:ee:36:47:cd:81:c1:51:3c:ff:63:e9:
                    c5:12:66:ef:c4:ad:ae:24:13:54:88:ac:0d:0c:8d:
                    26:e7:07:0d:05:b0:7d:44:02:af:ec:1c:e2:d8:73:
                    e3:26:ef:43:9b:e6:f2:00:a5:8e:32:4e:65:8f:ca:
                    08:bc:14:3d:fd:3e:ee:8c:36:44:78:f7:01:4b:74:
                    56:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:90:19:77:AD:ED:42:AB:74:C3:F7:0C:71:48:5D:BE:3A:8F:63:61
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e20313431313538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:10:a1:f2:39:94:fb:ef:15:d6:81:88:14:a5:9d:93:16:46:
         c9:f7:1e:b6:fe:cb:3f:88:be:f1:e3:cc:8e:3b:25:71:96:82:
         59:fe:5b:5b:dd:54:8d:b1:ef:b1:0b:00:ec:28:f8:e6:25:ea:
         47:fd:a4:a6:be:a5:66:4d:10:23:96:1e:69:a0:b7:e4:19:62:
         e0:ec:ed:90:9f:a2:da:f7:da:5a:16:f4:f7:a4:25:0e:b1:52:
         92:2f:e3:e7:94:23:31:2b:88:c8:00:d5:0e:d0:26:a2:90:1a:
         71:e5:1c:b9:ae:25:cd:46:22:48:11:c5:07:ef:a6:7a:21:54:
         17:fd:2f:4a:9c:9d:ec:e7:56:40:22:5d:53:0d:fd:1a:c6:81:
         fb:cb:7a:c1:6b:d8:74:58:fe:e3:9e:ba:e7:f9:ed:f1:4f:9f:
         b3:4e:5a:56:52:e6:55:ae:e2:fc:da:88:5a:0e:33:74:f0:c9:
         25:ab:0c:a2:b7:38:59:53:49:81:87:58:f3:f3:0b:c2:86:e5:
         fa:32:c0:1c:3a:22:a1:1c:08:a5:19:fa:77:2a:85:4f:d4:93:
         88:43:ce:7b:53:d7:af:f7:da:43:43:e5:3a:5c:78:5b:0d:34:
         e8:28:bb:69:8b:5d:24:d5:4d:ec:8f:39:0f:97:8a:53:79:87:
         76:d7:48:46
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUB3F0ytJ3l4AjUx9s3jk4+4UT/IQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTRaFw0yNTA0MDMxMTA1MTRaMDMxMTAvBgNV
BAMTKDc1OTAxOTc3QURFRDQyQUI3NEMzRjcwQzcxNDg1REJFM0E4RjYzNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq2JKdglM5a1u766Wy/vhiOB1I
uYiKmAevce9SzbC5BsqeQB4DxuN2h4U7zrCRg+/64kWBMcsGJqy3eCzHepWyJnz2
W2jHMDfJgm87VhqtrM2vglZ6H8TpwpioSjwE8BxWOojRWxAedn+Kk/wqpHi2Ap3w
QFoK1bYJ1589TZoNnuoNuJiJdIKEbBfttvCVxFZLA6mWaMx3d2/RwUpE4vRmd+o6
W1/jI0B4q8pB9TaW9RKgK5/xriPuNkfNgcFRPP9j6cUSZu/Era4kE1SIrA0MjSbn
Bw0FsH1EAq/sHOLYc+Mm70Ob5vIApY4yTmWPygi8FD39Pu6MNkR49wFLdFZLAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUdZAZd63tQqt0w/cMcUhdvjqPY2EwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDMxMzEzNTM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
UnYfMA0GCSqGSIb3DQEBCwUAA4IBAQC0EKHyOZT77xXWgYgUpZ2TFkbJ9x62/ss/
iL7x48yOOyVxloJZ/ltb3VSNse+xCwDsKPjmJepH/aSmvqVmTRAjlh5poLfkGWLg
7O2Qn6La99paFvT3pCUOsVKSL+PnlCMxK4jIANUO0CaikBpx5Ry5riXNRiJIEcUH
76Z6IVQX/S9KnJ3s51ZAIl1TDf0axoH7y3rBa9h0WP7jnrrn+e3xT5+zTlpWUuZV
ruL82ohaDjN08MklqwyitzhZU0mBh1jz8wvChuX6MsAcOiKhHAilGfp3KoVP1JOI
Q857U9ev99pDQ+U6XHhbDTToKLtpi10k1U3sjzkPl4pTeYd210hG
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:40:56 2024 by rpki-client on console-ams.rpki-client.org