Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234352e3135322e302f32342d3234203d3e20323036323833.roa
File:                     3138352e3234352e3135322e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          vgIEqpuRU1EMlTkr/LZ2YIW4x4hY47dEJ51K5rlQUK8=
Subject key identifier:   8C:8D:C1:8E:A1:03:EF:8E:F8:14:8E:88:5A:08:59:FA:19:5C:9F:C8
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       11A983EE16B051202C0EC16ED0EB8A7BB61FC860
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234352e3135322e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 02 Apr 2024 09:29:35 +0000
ROA not before:           Tue 02 Apr 2024 09:24:35 +0000
ROA not after:            Tue 01 Apr 2025 09:29:35 +0000
asID:                     206283
IP address blocks:        185.245.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:a9:83:ee:16:b0:51:20:2c:0e:c1:6e:d0:eb:8a:7b:b6:1f:c8:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr  2 09:24:35 2024 GMT
            Not After : Apr  1 09:29:35 2025 GMT
        Subject: CN=8C8DC18EA103EF8EF8148E885A0859FA195C9FC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:88:ad:f7:66:bf:ca:f8:ee:29:22:e4:c5:
                    14:cf:21:1e:64:cb:ac:6c:f5:be:a7:db:1d:15:70:
                    fb:cb:31:5e:37:ab:d3:6e:77:f5:da:08:a0:d9:dd:
                    93:1e:b9:e1:48:e2:df:9a:c5:cd:89:f1:50:cf:f9:
                    61:57:64:06:3b:1e:2d:2a:a9:71:c0:a2:15:95:46:
                    47:dd:3c:13:47:da:bc:52:88:ae:2f:e0:b9:fd:53:
                    1f:61:78:a3:8c:09:c0:df:93:b6:63:8d:2c:08:90:
                    6a:dc:e1:2d:75:f7:3f:bd:83:aa:ab:01:a1:88:6c:
                    35:5b:af:2a:d7:19:e5:bd:6b:be:ab:88:3d:6f:74:
                    19:78:ba:31:e9:02:ef:a4:19:35:e0:30:8d:81:2d:
                    9b:bc:04:31:82:df:47:24:68:c2:2f:32:8d:d5:97:
                    00:a3:ae:7f:a5:b1:80:fe:cd:d1:b1:72:58:68:fd:
                    70:2b:10:62:be:19:79:de:ea:3a:10:7e:78:1f:6b:
                    90:d6:1e:c2:ee:40:de:c0:5a:e2:7b:29:e1:03:77:
                    53:7d:dc:12:f8:fe:6f:e7:bd:eb:20:05:d0:2c:68:
                    19:35:fd:0d:2f:9e:89:af:c8:c7:f9:06:06:73:df:
                    a4:8f:30:e8:a5:58:51:d0:34:f2:b8:a2:8c:68:db:
                    f8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:8D:C1:8E:A1:03:EF:8E:F8:14:8E:88:5A:08:59:FA:19:5C:9F:C8
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234352e3135322e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:80:30:00:37:e3:e2:30:1c:dd:ba:30:cc:20:0d:13:b0:a9:
         cc:86:8f:4f:c2:6d:91:42:e8:d5:d5:72:0a:20:e6:d0:a4:cd:
         1f:06:09:5e:2f:c8:a9:3c:70:1a:27:34:48:81:1e:fc:a8:91:
         fc:13:7c:59:1d:38:d0:fe:39:fa:c1:07:1f:63:f8:76:c6:62:
         f6:0c:ca:e5:26:00:98:a3:91:20:5e:07:a2:4d:ed:ee:e0:cf:
         0e:15:fc:4c:1f:3c:86:d0:46:0a:d5:83:e6:46:96:11:12:36:
         d4:df:56:7e:ee:2d:a5:09:73:b9:93:e5:c4:8c:b8:3d:5f:94:
         7a:e9:89:25:24:97:ce:d4:24:32:81:37:22:b9:5e:fe:61:7e:
         92:c8:28:6e:25:99:ae:ec:8f:70:e3:75:f9:8a:ae:23:9b:0c:
         5b:80:28:54:49:64:95:a5:b8:a6:86:d9:fc:f5:19:a3:03:67:
         60:3d:fe:06:98:9b:08:bb:66:69:28:b3:53:7a:39:97:73:cf:
         4a:72:c7:fa:fd:e7:bd:a7:38:e6:60:d3:13:e1:26:35:21:f0:
         55:67:4f:94:c1:a6:71:f0:35:c2:2c:eb:fd:78:75:2f:f0:31:
         31:2d:67:8e:b4:d0:6e:f1:64:ce:0c:f6:4e:b3:5d:08:d9:07:
         fe:30:76:a6
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUEamD7hawUSAsDsFu0OuKe7YfyGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA0MDIwOTI0MzVaFw0yNTA0MDEwOTI5MzVaMDMxMTAvBgNV
BAMTKDhDOERDMThFQTEwM0VGOEVGODE0OEU4ODVBMDg1OUZBMTk1QzlGQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeTYit92a/yvjuKSLkxRTPIR5k
y6xs9b6n2x0VcPvLMV43q9Nud/XaCKDZ3ZMeueFI4t+axc2J8VDP+WFXZAY7Hi0q
qXHAohWVRkfdPBNH2rxSiK4v4Ln9Ux9heKOMCcDfk7ZjjSwIkGrc4S119z+9g6qr
AaGIbDVbryrXGeW9a76riD1vdBl4ujHpAu+kGTXgMI2BLZu8BDGC30ckaMIvMo3V
lwCjrn+lsYD+zdGxclho/XArEGK+GXne6joQfngfa5DWHsLuQN7AWuJ7KeEDd1N9
3BL4/m/nvesgBdAsaBk1/Q0vnomvyMf5BgZz36SPMOilWFHQNPK4ooxo2/h/AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUjI3BjqED7474FI6IWghZ+hlcn8gwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzODM1MmUzMjM0MzUyZTMx
MzUzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjMyMzgzMy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALn1mDANBgkqhkiG9w0BAQsFAAOCAQEAiYAwADfj4jAc3bowzCANE7CpzIaP
T8JtkULo1dVyCiDm0KTNHwYJXi/IqTxwGic0SIEe/KiR/BN8WR040P45+sEHH2P4
dsZi9gzK5SYAmKORIF4Hok3t7uDPDhX8TB88htBGCtWD5kaWERI21N9Wfu4tpQlz
uZPlxIy4PV+UeumJJSSXztQkMoE3Irle/mF+ksgobiWZruyPcON1+YquI5sMW4Ao
VElklaW4pobZ/PUZowNnYD3+BpibCLtmaSizU3o5l3PPSnLH+v3nvac45mDTE+Em
NSHwVWdPlMGmcfA1wizr/Xh1L/AxMS1njrTQbvFkzgz2TrNdCNkH/jB2pg==
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:14 2024 by rpki-client on console-fra.rpki-client.org