Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231332e3233322e38362e302f32342d3332203d3e20313336373837.roa
File:                     3231332e3233322e38362e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          KxxUBCq/L4T5woBijo4puYmHlr4hKJMTD5oM9JZ12qI=
Subject key identifier:   D3:80:32:D5:CA:A7:30:46:57:0B:7A:98:D1:03:1B:37:62:F3:CF:D3
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       4016325EF45B844C427E6309930D15BB775DB0AB
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231332e3233322e38362e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:55 +0000
ROA not before:           Mon 26 Feb 2024 08:47:55 +0000
ROA not after:            Mon 24 Feb 2025 08:52:55 +0000
asID:                     136787
IP address blocks:        213.232.86.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:16:32:5e:f4:5b:84:4c:42:7e:63:09:93:0d:15:bb:77:5d:b0:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:55 2024 GMT
            Not After : Feb 24 08:52:55 2025 GMT
        Subject: CN=D38032D5CAA73046570B7A98D1031B3762F3CFD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a7:c5:c0:ae:2f:45:9d:90:dd:2b:7d:ff:1f:
                    97:72:50:2c:12:45:da:c7:c9:2f:ae:99:3e:f1:0a:
                    5c:a9:b5:c5:83:8c:f2:eb:a8:bc:a5:24:5b:aa:64:
                    48:88:63:e4:35:da:64:9a:04:8b:49:58:07:f7:7c:
                    ea:80:d7:7a:a4:ba:68:70:de:25:eb:80:38:82:27:
                    e1:f8:73:1b:cd:fa:30:fb:b7:99:a6:32:55:ff:5f:
                    12:d4:ba:e0:c7:9b:3c:9a:8b:2e:15:53:d8:b3:83:
                    38:e7:a8:68:15:4c:52:45:27:b8:6f:0a:4d:f9:c0:
                    5e:38:0b:28:0c:59:e0:47:44:2e:df:3d:35:1d:cd:
                    4c:f0:7d:79:03:5f:7e:41:41:87:df:2b:57:d3:9b:
                    e9:8b:8b:78:3d:29:1a:4a:d7:50:28:56:e1:a4:27:
                    9c:04:89:44:d8:e5:27:51:ee:03:8d:58:2f:58:69:
                    d5:1a:83:a1:22:b2:d5:29:e4:5b:d6:87:03:f0:9f:
                    c0:01:2c:5c:a9:7d:80:d9:83:7f:86:f0:2c:02:75:
                    b8:b1:d9:de:21:e9:54:5f:a4:71:ea:f3:51:f9:14:
                    7a:7c:d7:3f:8d:22:78:3d:59:93:56:14:c3:65:38:
                    31:55:ed:68:68:ce:3d:1b:82:cd:d4:46:f5:98:41:
                    52:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:80:32:D5:CA:A7:30:46:57:0B:7A:98:D1:03:1B:37:62:F3:CF:D3
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231332e3233322e38362e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:08:0c:a0:28:31:ed:ba:01:c3:35:d4:7c:1d:ea:ca:dd:ea:
         0b:42:14:26:a5:b9:59:34:0d:de:c3:a7:f0:85:80:48:fa:63:
         4a:2d:e0:d5:91:83:ce:e6:ae:8c:6f:c0:6d:43:52:74:f7:61:
         f5:69:5a:86:e9:05:0e:ee:04:ee:65:ee:64:25:d7:73:ca:eb:
         d3:80:57:52:cb:39:f3:ff:9a:7e:cb:2a:5d:d7:22:fd:83:c2:
         08:40:96:93:0c:8a:cf:2d:e7:4c:af:e7:ed:1d:79:7c:7c:30:
         bc:ba:37:11:6d:70:39:5d:66:07:99:19:8c:08:76:b6:ab:98:
         97:77:1c:bc:57:ca:5d:9e:8c:3a:fd:c7:a2:32:bf:81:87:8f:
         37:99:9a:83:bf:c1:19:19:72:11:5a:60:4b:af:4d:17:03:7d:
         0c:83:e7:a9:ca:90:75:ef:3b:f7:c6:de:5e:fb:4f:d7:fa:54:
         1d:81:9b:e3:08:d3:4f:4a:ab:4f:c6:ce:74:1d:57:c8:9b:3f:
         17:3b:6e:ae:0c:08:06:02:02:28:24:0b:05:4e:b0:c2:a6:b8:
         b8:d3:eb:4d:13:75:12:3d:d4:28:08:df:57:31:2d:58:e5:74:
         97:db:25:d1:08:84:29:a1:55:2a:bc:02:43:50:05:c5:79:56:
         13:b0:76:0d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQBYyXvRbhExCfmMJkw0Vu3ddsKswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTVaFw0yNTAyMjQwODUyNTVaMDMxMTAvBgNV
BAMTKEQzODAzMkQ1Q0FBNzMwNDY1NzBCN0E5OEQxMDMxQjM3NjJGM0NGRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbp8XAri9FnZDdK33/H5dyUCwS
RdrHyS+umT7xClyptcWDjPLrqLylJFuqZEiIY+Q12mSaBItJWAf3fOqA13qkumhw
3iXrgDiCJ+H4cxvN+jD7t5mmMlX/XxLUuuDHmzyaiy4VU9izgzjnqGgVTFJFJ7hv
Ck35wF44CygMWeBHRC7fPTUdzUzwfXkDX35BQYffK1fTm+mLi3g9KRpK11AoVuGk
J5wEiUTY5SdR7gONWC9YadUag6EistUp5FvWhwPwn8ABLFypfYDZg3+G8CwCdbix
2d4h6VRfpHHq81H5FHp81z+NIng9WZNWFMNlODFV7Whozj0bgs3URvWYQVI1AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU04Ay1cqnMEZXC3qY0QMbN2Lzz9MwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzIzMTMzMmUzMjMzMzIyZTM4
MzYyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADV6FYwDQYJKoZIhvcNAQELBQADggEBAJUIDKAoMe26AcM11Hwd6srd6gtCFCal
uVk0Dd7Dp/CFgEj6Y0ot4NWRg87mroxvwG1DUnT3YfVpWobpBQ7uBO5l7mQl13PK
69OAV1LLOfP/mn7LKl3XIv2DwghAlpMMis8t50yv5+0deXx8MLy6NxFtcDldZgeZ
GYwIdrarmJd3HLxXyl2ejDr9x6Iyv4GHjzeZmoO/wRkZchFaYEuvTRcDfQyD56nK
kHXvO/fG3l77T9f6VB2Bm+MI009Kq0/GznQdV8ibPxc7bq4MCAYCAigkCwVOsMKm
uLjT600TdRI91CgI31cxLVjldJfbJdEIhCmhVSq8AkNQBcV5VhOwdg0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org