Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234352e3135342e302f32342d3234203d3e20323036323833.roa
File:                     3138352e3234352e3135342e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          Hhoo+ZcD0uz2Lmub/hpiZtKVCI7gF7rFBvVO16yxv3w=
Subject key identifier:   DB:9C:DC:A8:AA:AC:D1:8E:F5:DB:05:70:8F:C1:63:3B:9A:1F:EB:B3
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       77D54A9D5D6CB6E0D7AA65E27329DBC2CEAFEB39
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234352e3135342e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 02 Apr 2024 09:29:50 +0000
ROA not before:           Tue 02 Apr 2024 09:24:50 +0000
ROA not after:            Tue 01 Apr 2025 09:29:50 +0000
asID:                     206283
IP address blocks:        185.245.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:d5:4a:9d:5d:6c:b6:e0:d7:aa:65:e2:73:29:db:c2:ce:af:eb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr  2 09:24:50 2024 GMT
            Not After : Apr  1 09:29:50 2025 GMT
        Subject: CN=DB9CDCA8AAACD18EF5DB05708FC1633B9A1FEBB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:91:6f:ab:a8:01:ec:e4:d3:16:33:a8:0b:13:
                    74:6a:fe:df:ce:bf:c5:58:68:fc:77:ca:b2:ca:40:
                    30:eb:cc:ee:e8:7d:94:f3:ac:46:d9:ad:ab:80:a6:
                    70:f3:d6:2c:5a:91:2b:d8:00:d7:c1:d9:ed:50:f9:
                    96:1f:7f:2c:e3:49:4a:ad:8a:e5:86:95:90:d0:ff:
                    ff:35:5b:be:9a:ed:7b:eb:b0:28:2e:5e:73:2e:ca:
                    b7:b9:99:3b:7d:de:b4:fc:e6:59:c0:c4:42:ce:e4:
                    a7:63:08:50:ed:06:75:28:d3:8a:a0:40:4c:bf:bd:
                    7e:24:ff:e7:60:5b:62:46:cf:68:97:c7:8f:f5:03:
                    8d:4c:dd:87:3c:a1:11:5a:7e:7a:9f:eb:d7:18:13:
                    71:fe:bf:6b:e9:7f:fd:e5:bf:be:7a:d4:3c:04:9f:
                    71:6e:6a:8b:d4:1e:52:b2:f9:22:ab:6a:91:e4:c5:
                    a6:a8:c5:51:48:e7:28:9c:ff:bd:51:00:76:ae:c8:
                    65:d2:28:2e:40:99:df:24:49:c8:f1:4d:4c:d0:0f:
                    61:70:66:3f:66:cb:fb:74:ce:c8:6a:d2:36:39:8f:
                    96:ac:16:24:cc:a1:4b:a2:fb:2d:2a:eb:05:43:a2:
                    29:2b:76:80:da:ba:61:57:89:93:c1:61:a0:ba:ca:
                    b3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9C:DC:A8:AA:AC:D1:8E:F5:DB:05:70:8F:C1:63:3B:9A:1F:EB:B3
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3234352e3135342e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:5f:16:1a:ea:45:95:fd:51:cb:9d:92:4d:ba:8a:2f:2b:ea:
         f0:32:75:cd:e4:71:33:98:da:a8:ae:6d:c1:71:4b:ff:3e:f9:
         e2:cc:2e:e8:36:bc:8a:cf:cb:19:4d:8b:d7:67:b2:b3:da:e7:
         93:e6:92:1f:4a:8a:d0:de:50:5e:37:6b:44:9e:81:db:d4:83:
         3b:70:92:f5:b7:86:9b:21:73:69:fa:c2:54:58:9c:92:a3:2f:
         15:14:db:b4:7d:9d:c2:4e:94:76:2e:3c:9b:78:ac:04:a6:3f:
         7e:03:1c:d1:fe:cd:89:e8:a6:3b:37:f9:07:3b:c0:7f:31:5b:
         ac:00:45:70:f2:e6:03:27:24:af:85:2c:fa:3c:f4:fc:7e:c9:
         52:78:e3:d5:df:09:92:aa:fc:c4:06:bc:e0:60:f4:02:df:19:
         ce:c7:67:fe:2c:6f:35:20:ce:fd:0a:71:ee:67:6f:b4:57:d9:
         77:21:4a:37:7f:f5:81:bf:14:6d:de:23:d4:a3:89:19:78:48:
         38:d8:df:d2:9c:cc:76:12:1d:6d:9f:7d:5e:e6:55:7e:3e:a1:
         0c:ae:09:15:36:a5:b5:5d:ec:81:3f:70:7b:71:c7:83:ab:12:
         ca:92:bf:7f:a7:6d:45:4a:11:45:73:bc:d1:7f:34:9c:4a:c3:
         99:94:db:64
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUd9VKnV1stuDXqmXicynbws6v6zkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA0MDIwOTI0NTBaFw0yNTA0MDEwOTI5NTBaMDMxMTAvBgNV
BAMTKERCOUNEQ0E4QUFBQ0QxOEVGNURCMDU3MDhGQzE2MzNCOUExRkVCQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGkW+rqAHs5NMWM6gLE3Rq/t/O
v8VYaPx3yrLKQDDrzO7ofZTzrEbZrauApnDz1ixakSvYANfB2e1Q+ZYffyzjSUqt
iuWGlZDQ//81W76a7XvrsCguXnMuyre5mTt93rT85lnAxELO5KdjCFDtBnUo04qg
QEy/vX4k/+dgW2JGz2iXx4/1A41M3Yc8oRFafnqf69cYE3H+v2vpf/3lv7561DwE
n3FuaovUHlKy+SKrapHkxaaoxVFI5yic/71RAHauyGXSKC5Amd8kScjxTUzQD2Fw
Zj9my/t0zshq0jY5j5asFiTMoUui+y0q6wVDoikrdoDaumFXiZPBYaC6yrP3AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU25zcqKqs0Y712wVwj8FjO5of67MwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzODM1MmUzMjM0MzUyZTMx
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjMyMzgzMy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALn1mjANBgkqhkiG9w0BAQsFAAOCAQEAFl8WGupFlf1Ry52STbqKLyvq8DJ1
zeRxM5jaqK5twXFL/z754swu6Da8is/LGU2L12eys9rnk+aSH0qK0N5QXjdrRJ6B
29SDO3CS9beGmyFzafrCVFickqMvFRTbtH2dwk6Udi48m3isBKY/fgMc0f7Nieim
Ozf5BzvAfzFbrABFcPLmAyckr4Us+jz0/H7JUnjj1d8Jkqr8xAa84GD0At8Zzsdn
/ixvNSDO/Qpx7mdvtFfZdyFKN3/1gb8Ubd4j1KOJGXhIONjf0pzMdhIdbZ99XuZV
fj6hDK4JFTaltV3sgT9we3HHg6sSypK/f6dtRUoRRXO80X80nErDmZTbZA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:14 2024 by rpki-client on console-fra.rpki-client.org