Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234332e31352e302f32342d3234203d3e20323036323833.roa
File:                     3138352e3234332e31352e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          56MYWEXoNQdBuwWH/EEhKVi3R8fvKbPLAoW7aBz++Yg=
Subject key identifier:   BD:9A:57:7D:AE:88:5D:F1:23:23:4E:07:D0:13:DB:97:40:72:99:FE
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       20657BFDA885E4E17BAF635C34F0C4940F1E7B1E
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234332e31352e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 02 Apr 2024 09:29:25 +0000
ROA not before:           Tue 02 Apr 2024 09:24:25 +0000
ROA not after:            Tue 01 Apr 2025 09:29:25 +0000
asID:                     206283
IP address blocks:        185.243.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:65:7b:fd:a8:85:e4:e1:7b:af:63:5c:34:f0:c4:94:0f:1e:7b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr  2 09:24:25 2024 GMT
            Not After : Apr  1 09:29:25 2025 GMT
        Subject: CN=BD9A577DAE885DF123234E07D013DB97407299FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f1:fd:d2:ce:19:cb:7d:96:9d:c1:df:b6:9a:
                    22:2a:91:2d:dd:4f:1e:e3:ed:d0:ed:e9:d4:74:96:
                    6f:51:3d:2e:ea:c3:a8:24:a3:1f:6b:02:5a:7c:75:
                    45:52:b6:95:8a:3f:ed:d3:3f:c9:41:3e:b9:ce:c9:
                    51:98:ab:1e:de:ed:4c:23:ee:08:05:80:64:95:a5:
                    9c:bb:93:8d:11:9e:0e:79:d6:9e:01:be:f2:c9:e5:
                    d1:43:74:84:b5:47:d6:2c:6e:0c:80:a2:9e:b2:4d:
                    95:51:6f:81:bd:75:e3:04:52:88:e0:71:22:59:97:
                    d1:46:c4:47:45:57:91:2d:e0:a5:34:62:a2:76:ca:
                    e4:4a:0d:ec:46:89:ae:5d:6b:36:90:09:4b:07:c7:
                    c3:b0:b1:bb:ce:db:79:b6:94:30:ef:b0:37:e9:b3:
                    3e:94:d1:d0:85:d1:1d:9b:9f:76:aa:80:31:e2:e0:
                    3f:24:0d:e7:0f:74:8a:a5:28:00:48:9c:4b:69:bd:
                    64:f0:29:53:17:6a:d1:35:14:e3:9c:3f:37:5b:1c:
                    f2:df:22:57:1d:df:7e:2d:10:32:8f:66:a1:d0:ba:
                    95:95:00:83:f2:d8:82:42:53:0e:c9:fa:dd:10:15:
                    2f:01:04:85:1d:19:3e:3b:e7:2b:da:e7:9d:d6:09:
                    1b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9A:57:7D:AE:88:5D:F1:23:23:4E:07:D0:13:DB:97:40:72:99:FE
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234332e31352e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:16:f9:09:45:58:10:61:11:da:77:3f:6f:bd:0f:60:60:13:
         a4:3d:36:b7:a5:09:10:1a:ab:e5:0b:19:48:4a:11:82:82:63:
         15:15:c3:62:f5:10:46:71:ec:d6:17:87:00:23:aa:03:77:9d:
         18:80:70:d3:48:a4:f3:80:e6:70:71:b4:14:7f:59:e0:d8:b8:
         33:85:0f:2b:31:a2:a2:59:48:d3:11:03:fb:d0:fc:bb:fc:d5:
         c0:e5:50:30:f0:59:db:2e:38:8f:d2:93:3c:f8:98:f4:c7:3a:
         cc:32:51:fc:50:cb:08:2e:3e:33:9d:a2:85:25:c8:21:cb:dd:
         10:e4:dd:bd:c9:c7:15:4c:a2:73:86:fc:33:f5:d4:f8:fe:1d:
         b4:fc:fb:f1:bd:71:fd:07:c7:16:9a:fb:29:49:81:78:00:db:
         5e:9f:29:1b:36:9e:80:71:2c:1b:3c:16:e3:fa:5b:2b:08:03:
         6c:6b:0b:9b:77:47:e1:29:c3:17:31:8c:cc:fe:db:47:fb:eb:
         ae:5e:5c:bd:84:8e:c7:f6:52:50:9f:c0:fa:62:a3:b4:a8:31:
         74:5c:13:ee:5b:7a:4c:56:29:09:59:a2:77:fc:83:76:39:69:
         ba:60:29:ff:92:71:5b:3d:e9:5c:f2:f7:17:14:1e:da:a8:b4:
         92:c2:21:3d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUIGV7/aiF5OF7r2NcNPDElA8eex4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA0MDIwOTI0MjVaFw0yNTA0MDEwOTI5MjVaMDMxMTAvBgNV
BAMTKEJEOUE1NzdEQUU4ODVERjEyMzIzNEUwN0QwMTNEQjk3NDA3Mjk5RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc8f3SzhnLfZadwd+2miIqkS3d
Tx7j7dDt6dR0lm9RPS7qw6gkox9rAlp8dUVStpWKP+3TP8lBPrnOyVGYqx7e7Uwj
7ggFgGSVpZy7k40Rng551p4BvvLJ5dFDdIS1R9YsbgyAop6yTZVRb4G9deMEUojg
cSJZl9FGxEdFV5Et4KU0YqJ2yuRKDexGia5dazaQCUsHx8OwsbvO23m2lDDvsDfp
sz6U0dCF0R2bn3aqgDHi4D8kDecPdIqlKABInEtpvWTwKVMXatE1FOOcPzdbHPLf
Ilcd334tEDKPZqHQupWVAIPy2IJCUw7J+t0QFS8BBIUdGT475yva553WCRtNAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUvZpXfa6IXfEjI04H0BPbl0Bymf4wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzODM1MmUzMjM0MzMyZTMx
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzYzMjM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC58w8wDQYJKoZIhvcNAQELBQADggEBADIW+QlFWBBhEdp3P2+9D2BgE6Q9Nrel
CRAaq+ULGUhKEYKCYxUVw2L1EEZx7NYXhwAjqgN3nRiAcNNIpPOA5nBxtBR/WeDY
uDOFDysxoqJZSNMRA/vQ/Lv81cDlUDDwWdsuOI/Skzz4mPTHOswyUfxQywguPjOd
ooUlyCHL3RDk3b3JxxVMonOG/DP11Pj+HbT8+/G9cf0Hxxaa+ylJgXgA216fKRs2
noBxLBs8FuP6WysIA2xrC5t3R+EpwxcxjMz+20f7665eXL2Ejsf2UlCfwPpio7So
MXRcE+5bekxWKQlZonf8g3Y5abpgKf+ScVs96Vzy9xcUHtqotJLCIT0=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:14 2024 by rpki-client on console-fra.rpki-client.org