Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e3138372e3132382e302f32342d3234203d3e20313336373837.roa
File:                     3139332e3138372e3132382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          MbZJfBlgXRD510z0LyU4CCfX0tcpj3Pu9eoawQvzevQ=
Subject key identifier:   EA:16:6F:42:19:F2:CB:7D:3A:E4:C1:8D:26:48:0B:77:5D:77:15:57
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       665B20188BD950694DA9A67E6F448426818B18CC
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e3138372e3132382e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:19 +0000
ROA not before:           Mon 01 Apr 2024 13:58:19 +0000
ROA not after:            Mon 31 Mar 2025 14:03:19 +0000
asID:                     136787
IP address blocks:        193.187.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:5b:20:18:8b:d9:50:69:4d:a9:a6:7e:6f:44:84:26:81:8b:18:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr  1 13:58:19 2024 GMT
            Not After : Mar 31 14:03:19 2025 GMT
        Subject: CN=EA166F4219F2CB7D3AE4C18D26480B775D771557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:97:6e:6b:65:86:c2:43:53:a6:c1:83:bb:10:
                    ce:b0:8d:7d:cf:5d:31:90:b4:22:d7:a9:6e:8b:37:
                    f7:b4:27:d6:fb:d7:2b:aa:1c:ee:e3:17:f3:5d:56:
                    2c:49:50:67:26:f7:83:81:0f:c7:08:63:ca:4f:0a:
                    ad:0c:b7:2e:07:66:7d:54:fc:dc:fe:d8:f4:7f:f0:
                    82:70:10:f3:aa:1b:14:e2:9b:bf:09:46:68:67:d4:
                    6a:c2:32:36:87:e4:25:52:2a:41:8c:ed:44:5c:89:
                    3f:90:3b:dd:83:6c:1c:e8:2f:8d:55:e1:b0:df:58:
                    28:ac:13:fa:e1:0c:ef:9b:2c:41:5c:b3:d4:19:b6:
                    77:7b:cd:31:07:41:06:ee:55:bd:64:9f:0d:7e:4f:
                    53:ff:46:a0:d3:b3:b7:e5:6c:f9:dd:4a:65:b9:7b:
                    73:23:f8:d4:85:82:ad:53:24:23:a0:3d:85:ae:16:
                    ff:7e:98:44:d5:27:1b:f2:d3:52:79:8e:a5:90:8b:
                    91:50:1c:30:a3:28:16:13:db:81:80:36:21:2a:96:
                    8e:26:d1:6f:be:1d:88:a2:bb:6e:93:be:39:55:60:
                    59:b3:8e:9c:d3:85:cb:76:22:1d:02:48:65:34:43:
                    de:44:18:e9:88:cf:c1:ea:c6:43:66:30:65:23:2d:
                    a0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:16:6F:42:19:F2:CB:7D:3A:E4:C1:8D:26:48:0B:77:5D:77:15:57
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e3138372e3132382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.187.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:62:cc:c7:06:97:52:26:86:25:29:24:ff:5b:09:c2:35:1e:
         6b:bb:e1:b3:d2:d9:c4:62:84:15:e5:30:ef:eb:df:d8:ce:a7:
         18:8e:f2:a2:da:a5:34:45:2a:b8:1e:6f:de:d8:8f:3a:21:a5:
         1c:f2:10:40:fc:2f:44:75:76:80:7c:35:be:63:f9:74:3a:db:
         2d:0f:67:ad:e0:4b:ba:3f:43:b2:5e:9e:ff:c2:12:3f:3a:2d:
         84:bc:d7:c1:4e:34:9a:86:7e:85:28:60:36:dc:19:9f:e4:d3:
         5e:d0:01:a0:65:ec:18:12:36:24:31:ef:5b:3e:48:f9:27:98:
         0c:c8:7f:a8:5c:fd:43:62:60:b8:6a:f6:17:51:df:7b:ec:66:
         44:4e:3b:c8:cf:49:26:39:c3:d0:0a:21:12:da:b3:64:90:27:
         50:a9:d2:df:46:57:4d:c0:f0:a0:a6:99:37:55:c2:ff:94:d6:
         5b:98:d1:9a:f8:38:9f:0c:e3:12:b4:ee:4d:9c:77:05:2a:d2:
         21:91:1e:4d:55:be:bb:9e:fa:fe:43:a2:48:53:d9:ae:bc:06:
         ec:90:05:be:40:21:6b:03:49:f6:16:88:dd:1a:c8:eb:d9:3e:
         97:17:c7:3e:06:79:c2:a4:19:5b:b2:6b:d5:e5:e4:82:3f:4e:
         ce:db:ae:2a
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUZlsgGIvZUGlNqaZ+b0SEJoGLGMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA0MDExMzU4MTlaFw0yNTAzMzExNDAzMTlaMDMxMTAvBgNV
BAMTKEVBMTY2RjQyMTlGMkNCN0QzQUU0QzE4RDI2NDgwQjc3NUQ3NzE1NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7l25rZYbCQ1OmwYO7EM6wjX3P
XTGQtCLXqW6LN/e0J9b71yuqHO7jF/NdVixJUGcm94OBD8cIY8pPCq0Mty4HZn1U
/Nz+2PR/8IJwEPOqGxTim78JRmhn1GrCMjaH5CVSKkGM7URciT+QO92DbBzoL41V
4bDfWCisE/rhDO+bLEFcs9QZtnd7zTEHQQbuVb1knw1+T1P/RqDTs7flbPndSmW5
e3Mj+NSFgq1TJCOgPYWuFv9+mETVJxvy01J5jqWQi5FQHDCjKBYT24GANiEqlo4m
0W++HYiiu26TvjlVYFmzjpzThct2Ih0CSGU0Q95EGOmIz8HqxkNmMGUjLaCXAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU6hZvQhnyy3065MGNJkgLd113FVcwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTMzMmUzMTM4MzcyZTMx
MzIzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMG7gDANBgkqhkiG9w0BAQsFAAOCAQEAVGLMxwaXUiaGJSkk/1sJwjUea7vh
s9LZxGKEFeUw7+vf2M6nGI7yotqlNEUquB5v3tiPOiGlHPIQQPwvRHV2gHw1vmP5
dDrbLQ9nreBLuj9Dsl6e/8ISPzothLzXwU40moZ+hShgNtwZn+TTXtABoGXsGBI2
JDHvWz5I+SeYDMh/qFz9Q2JguGr2F1Hfe+xmRE47yM9JJjnD0AohEtqzZJAnUKnS
30ZXTcDwoKaZN1XC/5TWW5jRmvg4nwzjErTuTZx3BSrSIZEeTVW+u576/kOiSFPZ
rrwG7JAFvkAhawNJ9haI3RrI69k+lxfHPgZ5wqQZW7Jr1eXkgj9OztuuKg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org