Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3235302e3231322e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3235302e3231322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          Fp2cWDti4pxqUU7R8qNCyp9OOzz2/VAnSWpRc/aZf5k=
Subject key identifier:   4E:4E:36:33:81:EC:15:05:AF:E6:B7:0A:2C:4A:5F:D9:46:F9:74:03
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       339A4475697B1702E9F2FC684097D8F0F0B128AF
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3235302e3231322e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:54:34 +0000
ROA not before:           Sat 02 Mar 2024 21:49:34 +0000
ROA not after:            Sat 01 Mar 2025 21:54:34 +0000
asID:                     136787
IP address blocks:        185.250.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:9a:44:75:69:7b:17:02:e9:f2:fc:68:40:97:d8:f0:f0:b1:28:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar  2 21:49:34 2024 GMT
            Not After : Mar  1 21:54:34 2025 GMT
        Subject: CN=4E4E363381EC1505AFE6B70A2C4A5FD946F97403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:3b:79:45:72:b9:71:27:46:f5:d8:2d:7e:1c:
                    e5:ab:31:a6:87:e0:af:7c:e6:49:c9:05:4d:63:97:
                    d7:2b:50:47:e9:de:b3:b5:3c:c8:a7:59:31:40:01:
                    87:a2:36:02:61:2a:12:26:a6:97:6e:72:1c:04:be:
                    b0:87:10:4a:5d:2b:09:27:d6:32:5a:d5:d1:02:2e:
                    c5:7e:81:49:75:13:99:f1:54:90:8f:a1:f8:a6:d2:
                    3b:d0:7f:c3:7d:41:c0:41:b0:6c:c3:b6:18:e6:6e:
                    08:d2:84:96:b3:8e:98:02:4d:49:15:be:89:e7:2e:
                    ff:c2:8d:7f:f2:59:46:51:c7:b0:5e:69:df:ba:e0:
                    35:fa:65:69:16:62:e5:4b:6a:7e:b3:a3:85:6c:f8:
                    c9:02:b8:d7:47:91:d2:43:7c:3d:8f:dc:a0:58:7a:
                    fc:6e:5d:1f:f4:07:78:da:67:54:c6:ca:23:8d:48:
                    9c:98:1f:8f:f3:f2:d8:34:ae:49:c8:06:09:c2:09:
                    c6:6f:d7:8a:85:89:f3:46:b1:b2:ec:bd:23:04:59:
                    76:f2:84:b9:4b:71:8d:d9:90:77:a3:f6:cb:06:cc:
                    f8:bb:82:f6:99:f3:a4:60:5d:ff:bd:2e:be:f4:d2:
                    d8:ab:38:e0:76:63:06:95:7c:99:89:75:28:a8:bf:
                    4d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:4E:36:33:81:EC:15:05:AF:E6:B7:0A:2C:4A:5F:D9:46:F9:74:03
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e3235302e3231322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ea:3e:7d:da:b1:a5:8d:0f:c9:14:2d:7f:77:35:a6:6c:b0:
         2b:7b:b6:0a:3d:6d:bd:78:6b:c3:56:0e:52:b7:6d:25:78:02:
         64:98:fe:57:c1:6f:b8:aa:13:c1:ba:bf:4b:fd:5d:20:9c:8e:
         45:b4:23:ff:5e:43:bc:54:78:f7:ee:e2:6a:4c:63:b3:50:58:
         67:21:c4:8b:a9:66:76:d0:e0:10:78:28:db:96:99:ce:18:2f:
         61:80:a5:3f:cc:4a:c1:a4:54:fc:03:57:bc:bf:a8:24:c8:28:
         22:48:f1:fb:c9:1b:7b:d8:f7:5e:36:70:c3:6a:d3:89:f7:ea:
         fa:c2:9d:54:68:db:f2:f1:83:04:c3:b8:f0:fb:85:a4:b9:a3:
         da:e2:25:ea:ca:52:71:45:3f:f1:7a:f6:ea:45:51:60:b6:3d:
         e1:d5:1f:a6:9f:04:ac:27:26:5f:cf:3b:4d:6d:04:bb:c7:60:
         71:e1:bf:d5:51:4d:12:d5:4c:aa:20:11:d4:ef:85:64:52:98:
         6f:cb:f9:86:f0:43:f8:d8:44:33:08:66:e2:3f:8e:1d:58:d5:
         8b:d2:25:64:bd:05:b2:8b:be:59:09:86:ca:dc:64:03:c7:bd:
         e0:7f:9b:a2:82:50:da:2f:90:3e:cc:e1:b6:d6:28:d3:c9:c6:
         2c:60:df:dc
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUM5pEdWl7FwLp8vxoQJfY8PCxKK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMDIyMTQ5MzRaFw0yNTAzMDEyMTU0MzRaMDMxMTAvBgNV
BAMTKDRFNEUzNjMzODFFQzE1MDVBRkU2QjcwQTJDNEE1RkQ5NDZGOTc0MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOO3lFcrlxJ0b12C1+HOWrMaaH
4K985knJBU1jl9crUEfp3rO1PMinWTFAAYeiNgJhKhImppduchwEvrCHEEpdKwkn
1jJa1dECLsV+gUl1E5nxVJCPofim0jvQf8N9QcBBsGzDthjmbgjShJazjpgCTUkV
vonnLv/CjX/yWUZRx7Bead+64DX6ZWkWYuVLan6zo4Vs+MkCuNdHkdJDfD2P3KBY
evxuXR/0B3jaZ1TGyiONSJyYH4/z8tg0rknIBgnCCcZv14qFifNGsbLsvSMEWXby
hLlLcY3ZkHej9ssGzPi7gvaZ86RgXf+9Lr700tirOOB2YwaVfJmJdSiov00VAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUTk42M4HsFQWv5rcKLEpf2Ub5dAMwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzODM1MmUzMjM1MzAyZTMy
MzEzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALn61DANBgkqhkiG9w0BAQsFAAOCAQEAdOo+fdqxpY0PyRQtf3c1pmywK3u2
Cj1tvXhrw1YOUrdtJXgCZJj+V8FvuKoTwbq/S/1dIJyORbQj/15DvFR49+7iakxj
s1BYZyHEi6lmdtDgEHgo25aZzhgvYYClP8xKwaRU/ANXvL+oJMgoIkjx+8kbe9j3
XjZww2rTiffq+sKdVGjb8vGDBMO48PuFpLmj2uIl6spScUU/8Xr26kVRYLY94dUf
pp8ErCcmX887TW0Eu8dgceG/1VFNEtVMqiAR1O+FZFKYb8v5hvBD+NhEMwhm4j+O
HVjVi9IlZL0Fsou+WQmGytxkA8e94H+booJQ2i+QPszhttYo08nGLGDf3A==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org