Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234302e3234352e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3234302e3234352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          Sw68QO8n3CXyjqPcNvVivV8MxhZ4SO6sbv9NRcuuRoU=
Subject key identifier:   41:38:E2:2E:CD:72:EC:D9:60:8D:D3:28:00:75:91:D5:BD:74:8C:FC
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       0CFF0FA74F1958CB1A185960314C54467BEE1299
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234302e3234352e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:24 +0000
ROA not before:           Wed 07 Feb 2024 12:28:24 +0000
ROA not after:            Wed 05 Feb 2025 12:33:24 +0000
asID:                     136787
IP address blocks:        185.240.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:ff:0f:a7:4f:19:58:cb:1a:18:59:60:31:4c:54:46:7b:ee:12:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:24 2024 GMT
            Not After : Feb  5 12:33:24 2025 GMT
        Subject: CN=4138E22ECD72ECD9608DD328007591D5BD748CFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7c:3a:17:df:32:e6:af:eb:76:8c:db:a5:29:
                    7e:86:90:0d:7e:7d:9d:f1:48:83:98:d9:b5:a4:36:
                    cf:8c:d8:06:eb:34:f2:49:78:f6:c9:5d:22:8f:92:
                    1c:e3:95:f3:e8:fc:42:ed:24:59:a5:c5:17:8f:7e:
                    d8:73:f0:58:e0:3b:be:31:33:0f:e0:47:f8:a9:e2:
                    47:4b:d8:43:05:dc:28:12:ed:4b:d9:70:ee:39:1e:
                    60:2c:a2:52:fc:b2:ee:6c:c7:56:52:bb:a4:e1:0f:
                    49:ac:31:9f:a3:ab:54:72:85:f0:87:71:7f:17:bd:
                    2d:b6:d1:bc:c2:09:51:bc:79:49:a7:ea:ec:69:65:
                    11:63:ae:09:09:2d:1f:34:06:ad:ef:b0:ba:d1:ce:
                    a6:55:4b:25:c1:9e:d4:7f:29:65:24:96:ce:e4:e2:
                    bf:4d:99:90:8f:85:7b:c5:b1:2c:96:39:4d:01:2e:
                    12:b4:96:40:ef:b2:10:79:63:02:dc:2b:dd:84:69:
                    a3:3a:8d:51:c9:15:24:08:27:20:fb:67:b1:ea:84:
                    09:76:80:42:30:d2:4f:90:4b:c1:b8:58:ea:f5:4c:
                    96:39:7f:0b:8f:21:8a:9a:2b:d9:43:b6:13:1a:49:
                    1b:f3:5b:89:e6:de:16:46:8d:15:0b:c4:84:f6:de:
                    64:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:38:E2:2E:CD:72:EC:D9:60:8D:D3:28:00:75:91:D5:BD:74:8C:FC
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234302e3234352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:0a:ba:a8:9d:38:c3:4d:26:31:0b:45:92:25:2c:02:92:18:
         07:ae:ea:1b:ba:41:22:68:62:ba:f6:68:e3:f8:53:0e:00:eb:
         80:d7:27:1e:96:78:aa:16:a0:08:ff:6e:1d:a1:1a:0e:12:ea:
         8f:12:35:c0:5d:ba:f9:46:7f:a2:98:d8:ba:5a:d2:11:f0:80:
         60:e3:9d:39:c8:d4:82:bd:54:52:a2:ed:5b:54:e7:5a:d7:f9:
         59:e4:e5:96:5d:ea:19:9a:a2:32:7b:05:10:8d:0f:33:27:e7:
         06:b0:e9:15:b0:07:a3:2d:c1:6a:ab:98:a8:ec:79:62:dc:92:
         da:ba:15:96:bd:e4:f3:b3:c3:40:33:01:e5:58:dd:ed:19:a1:
         82:84:47:73:e4:14:32:0e:31:07:dd:94:88:c5:ed:8c:04:38:
         a5:7a:00:78:23:46:15:71:4c:f9:ac:3b:57:7d:fe:99:58:c2:
         4f:79:8e:bf:dc:62:b0:c6:b8:9b:f4:08:fc:65:bc:25:ca:5a:
         72:0e:ed:4b:dd:f1:38:dc:6b:1b:3a:36:94:0c:c2:47:df:1a:
         29:18:7a:a0:13:e0:79:be:52:9a:d4:02:06:c3:88:62:5c:38:
         c1:bb:a5:c5:9b:8b:1a:89:03:f4:41:32:81:43:ad:95:e4:b7:
         7d:aa:71:4d
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUDP8Pp08ZWMsaGFlgMUxURnvuEpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4MjRaFw0yNTAyMDUxMjMzMjRaMDMxMTAvBgNV
BAMTKDQxMzhFMjJFQ0Q3MkVDRDk2MDhERDMyODAwNzU5MUQ1QkQ3NDhDRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPfDoX3zLmr+t2jNulKX6GkA1+
fZ3xSIOY2bWkNs+M2AbrNPJJePbJXSKPkhzjlfPo/ELtJFmlxRePfthz8FjgO74x
Mw/gR/ip4kdL2EMF3CgS7UvZcO45HmAsolL8su5sx1ZSu6ThD0msMZ+jq1RyhfCH
cX8XvS220bzCCVG8eUmn6uxpZRFjrgkJLR80Bq3vsLrRzqZVSyXBntR/KWUkls7k
4r9NmZCPhXvFsSyWOU0BLhK0lkDvshB5YwLcK92EaaM6jVHJFSQIJyD7Z7HqhAl2
gEIw0k+QS8G4WOr1TJY5fwuPIYqaK9lDthMaSRvzW4nm3hZGjRULxIT23mTfAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUQTjiLs1y7NlgjdMoAHWR1b10jPwwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzODM1MmUzMjM0MzAyZTMy
MzQzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnw9TANBgkqhkiG9w0BAQsFAAOCAQEAQAq6qJ04w00mMQtFkiUsApIYB67q
G7pBImhiuvZo4/hTDgDrgNcnHpZ4qhagCP9uHaEaDhLqjxI1wF26+UZ/opjYulrS
EfCAYOOdOcjUgr1UUqLtW1TnWtf5WeTlll3qGZqiMnsFEI0PMyfnBrDpFbAHoy3B
aquYqOx5YtyS2roVlr3k87PDQDMB5Vjd7RmhgoRHc+QUMg4xB92UiMXtjAQ4pXoA
eCNGFXFM+aw7V33+mVjCT3mOv9xisMa4m/QI/GW8Jcpacg7tS93xONxrGzo2lAzC
R98aKRh6oBPgeb5SmtQCBsOIYlw4wbulxZuLGokD9EEygUOtleS3fapxTQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org