Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139322e3136362e3234362e302f32342d3234203d3e20313437303439.roa
File:                     3139322e3136362e3234362e302f32342d3234203d3e20313437303439.roa (raw, json)
Hash identifier:          JKiSgjRffy39arCfezkt15SyPxwzaHGkF+UyemNov6k=
Subject key identifier:   A8:E7:5A:FE:E8:19:C0:9F:95:DD:A8:79:C8:9E:34:92:56:43:AC:C5
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       038A840F18F078D1B3B5ADDDFACBEA6290C08D17
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139322e3136362e3234362e302f32342d3234203d3e20313437303439.roa
Signing time:             Mon 26 Feb 2024 08:52:58 +0000
ROA not before:           Mon 26 Feb 2024 08:47:58 +0000
ROA not after:            Mon 24 Feb 2025 08:52:58 +0000
asID:                     147049
IP address blocks:        192.166.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:8a:84:0f:18:f0:78:d1:b3:b5:ad:dd:fa:cb:ea:62:90:c0:8d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:58 2024 GMT
            Not After : Feb 24 08:52:58 2025 GMT
        Subject: CN=A8E75AFEE819C09F95DDA879C89E34925643ACC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:56:e5:82:1e:b7:ae:20:28:d5:75:81:f1:ef:
                    59:b8:aa:62:09:b1:65:d4:04:e8:91:b5:7e:8c:81:
                    12:f5:2f:20:da:c3:4c:e6:15:3e:db:b3:1c:c8:b6:
                    69:ff:4f:34:45:e7:6a:a5:7e:e8:8c:a9:b8:be:f0:
                    ac:da:70:df:f3:85:a0:c3:c6:97:33:02:ce:45:54:
                    93:3d:7c:64:43:d7:c6:c3:e7:10:a2:58:7e:49:0c:
                    f6:7e:06:e3:20:b1:a9:ee:f3:29:07:47:06:fe:19:
                    56:b5:08:a2:1d:02:c1:d4:a5:a4:f6:6b:db:2c:61:
                    fb:2b:18:0b:69:a3:1b:6e:93:dc:ab:0b:81:ce:c6:
                    1e:a7:f0:a0:e9:b0:d2:3c:58:7d:a9:41:4f:30:ab:
                    ea:e9:b4:ed:1d:67:f3:e5:14:05:b8:ea:3f:05:5e:
                    19:79:ce:ed:9d:35:e5:d5:31:df:05:85:e6:cd:99:
                    a6:27:20:71:c7:d6:9c:65:1c:7f:2a:3e:c4:28:cc:
                    78:c4:ae:40:27:49:2b:4e:e2:e8:11:78:2c:d8:15:
                    73:cd:d1:a6:c2:a8:01:1a:fe:fe:3d:4b:48:4b:3d:
                    65:f0:77:85:45:9e:88:cf:80:b8:9f:51:bb:b3:cf:
                    a1:8c:06:7f:d8:db:c4:63:c4:4d:54:6c:21:c0:2a:
                    44:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E7:5A:FE:E8:19:C0:9F:95:DD:A8:79:C8:9E:34:92:56:43:AC:C5
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139322e3136362e3234362e302f32342d3234203d3e20313437303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:21:6c:63:a1:35:86:37:f7:94:21:64:45:0d:b7:2d:d5:7b:
         96:3f:18:ec:39:f4:d8:29:d1:81:89:38:0a:ec:24:7e:f7:ed:
         89:c8:48:52:6e:17:4e:c9:01:45:92:34:f4:95:c3:29:f1:ac:
         4d:90:e7:06:53:e3:42:38:47:20:08:87:89:98:13:24:63:a5:
         6a:9f:1c:e2:ce:42:8a:c2:81:54:fd:fe:34:1c:ce:92:da:83:
         6e:5b:f7:0d:46:cf:45:cd:d0:6d:9d:17:74:2a:a9:56:1d:c2:
         c0:74:59:60:6d:de:e4:b7:b9:00:85:52:6b:a8:ad:eb:da:0a:
         85:d2:cf:13:16:7c:39:9d:b0:f7:06:9d:22:59:bf:51:6c:bc:
         b7:e7:d8:f8:9b:ff:e7:92:12:34:b3:f9:67:cd:b2:6b:d6:7f:
         3b:0f:4e:ed:ea:04:52:da:4a:b1:73:f5:10:21:63:05:91:d9:
         8e:8d:db:64:10:ba:3a:53:d7:d3:e3:a0:4f:a9:d9:30:d3:9c:
         03:b3:64:c2:ca:c3:90:a7:b7:b8:ff:89:61:73:2e:49:58:ff:
         5d:40:f1:47:08:44:1a:b6:50:fb:e2:23:21:65:19:c8:0e:a4:
         f7:49:15:7b:c4:29:5a:ea:87:6d:39:27:c8:2f:7a:b5:6e:d2:
         88:47:89:f2
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUA4qEDxjweNGzta3d+svqYpDAjRcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NThaFw0yNTAyMjQwODUyNThaMDMxMTAvBgNV
BAMTKEE4RTc1QUZFRTgxOUMwOUY5NUREQTg3OUM4OUUzNDkyNTY0M0FDQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgVuWCHreuICjVdYHx71m4qmIJ
sWXUBOiRtX6MgRL1LyDaw0zmFT7bsxzItmn/TzRF52qlfuiMqbi+8KzacN/zhaDD
xpczAs5FVJM9fGRD18bD5xCiWH5JDPZ+BuMgsanu8ykHRwb+GVa1CKIdAsHUpaT2
a9ssYfsrGAtpoxtuk9yrC4HOxh6n8KDpsNI8WH2pQU8wq+rptO0dZ/PlFAW46j8F
Xhl5zu2dNeXVMd8FhebNmaYnIHHH1pxlHH8qPsQozHjErkAnSStO4ugReCzYFXPN
0abCqAEa/v49S0hLPWXwd4VFnojPgLifUbuzz6GMBn/Y28RjxE1UbCHAKkRJAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUqOda/ugZwJ+V3ah5yJ40klZDrMUwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTMyMmUzMTM2MzYyZTMy
MzQzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzNzMwMzQzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMCm9jANBgkqhkiG9w0BAQsFAAOCAQEAXyFsY6E1hjf3lCFkRQ23LdV7lj8Y
7Dn02CnRgYk4CuwkfvftichIUm4XTskBRZI09JXDKfGsTZDnBlPjQjhHIAiHiZgT
JGOlap8c4s5CisKBVP3+NBzOktqDblv3DUbPRc3QbZ0XdCqpVh3CwHRZYG3e5Le5
AIVSa6it69oKhdLPExZ8OZ2w9wadIlm/UWy8t+fY+Jv/55ISNLP5Z82ya9Z/Ow9O
7eoEUtpKsXP1ECFjBZHZjo3bZBC6OlPX0+OgT6nZMNOcA7NkwsrDkKe3uP+JYXMu
SVj/XUDxRwhEGrZQ++IjIWUZyA6k90kVe8QpWuqHbTknyC96tW7SiEeJ8g==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org