Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/38332e3137312e3230332e302f32342d3234203d3e20323033303631.roa
File:                     38332e3137312e3230332e302f32342d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          XJWxbaW9c+u6EDwVkt1wKPbhN3t2fr+pjFtPXQiTi50=
Subject key identifier:   DC:1F:2E:44:48:F7:0D:0E:20:A6:16:E1:15:D0:A0:31:E5:41:65:73
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       43538DB712C03D5FBB7D33A803469F5332AC0FAF
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/38332e3137312e3230332e302f32342d3234203d3e20323033303631.roa
Signing time:             Mon 26 Feb 2024 08:52:54 +0000
ROA not before:           Mon 26 Feb 2024 08:47:54 +0000
ROA not after:            Mon 24 Feb 2025 08:52:54 +0000
asID:                     203061
IP address blocks:        83.171.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:53:8d:b7:12:c0:3d:5f:bb:7d:33:a8:03:46:9f:53:32:ac:0f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:54 2024 GMT
            Not After : Feb 24 08:52:54 2025 GMT
        Subject: CN=DC1F2E4448F70D0E20A616E115D0A031E5416573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:30:02:62:2c:b6:ea:e9:71:43:7f:1a:96:88:
                    d6:2c:f8:47:7e:0a:6d:cd:e7:b9:40:75:1c:8b:f0:
                    5e:c5:20:ec:64:2b:7f:76:a9:10:a8:e5:e0:f9:08:
                    ff:e7:48:14:12:a5:1e:eb:bd:14:58:ec:e4:7e:00:
                    6b:cb:0f:8a:0f:d7:eb:e8:13:21:03:58:e4:9e:e4:
                    a0:50:ed:6f:63:0d:3b:db:71:5c:12:59:20:92:b2:
                    c6:f3:bb:bd:81:71:91:16:67:fd:d0:aa:bd:f5:3a:
                    0d:13:5e:bc:ef:ee:03:15:d0:ab:9e:60:09:4c:de:
                    3b:f0:88:c7:fe:d4:ed:f1:06:4b:d3:ae:dc:b4:f6:
                    9c:99:f8:04:b6:16:47:a3:86:16:9b:4e:67:59:69:
                    a6:48:a6:cc:d2:35:ed:49:27:95:52:c5:5a:92:d8:
                    c6:81:09:76:a8:0a:b3:44:98:8d:9e:f9:11:61:47:
                    23:f3:48:a3:a7:f3:81:f7:06:85:5b:32:aa:3e:39:
                    35:63:29:e6:eb:e9:32:c7:71:9a:9c:29:27:f7:45:
                    5c:5c:cc:13:ec:8f:33:8f:ca:89:27:4e:56:8f:bc:
                    54:29:60:2b:2b:07:ed:ab:de:64:68:26:1c:d9:f1:
                    6d:c6:b8:c7:42:be:8f:81:ec:ae:a5:a2:43:24:3c:
                    51:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:1F:2E:44:48:F7:0D:0E:20:A6:16:E1:15:D0:A0:31:E5:41:65:73
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/38332e3137312e3230332e302f32342d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:bc:9f:3b:f5:46:38:cd:d1:2d:d7:ad:86:12:15:24:78:5c:
         bd:21:93:e1:37:ec:6b:46:cb:8e:d8:e9:ef:f4:33:fb:4b:fb:
         de:67:f4:d0:af:4d:21:3a:15:12:af:09:d8:c8:ea:e8:7e:bd:
         1d:d8:a1:2a:22:67:31:05:41:4e:5e:5d:33:34:fb:d5:aa:19:
         32:de:65:3a:0f:a5:e3:29:c8:4a:0f:32:b9:4a:55:76:42:76:
         f0:f6:a0:1d:9c:62:83:e8:cd:4f:d6:02:f7:c7:d0:6d:c0:ac:
         94:a9:28:91:83:df:38:a9:eb:ec:a6:ba:9e:46:08:4d:f2:a5:
         eb:48:25:f7:33:84:84:5f:47:ed:3c:e6:3c:e8:5a:35:9b:e1:
         36:32:0c:8f:60:62:18:e7:3b:1a:5b:c7:bf:a6:46:47:41:cc:
         23:e3:b2:17:a0:13:80:97:c6:56:2f:06:97:29:47:a6:d6:0f:
         e4:b2:a8:3a:ee:d3:41:d4:4f:5c:45:40:a5:00:bf:e8:42:2c:
         a7:a3:91:5f:8c:7f:49:9f:ec:a9:45:a5:45:90:28:df:43:03:
         6c:89:12:08:95:15:50:18:80:a5:29:46:ba:0a:2b:45:78:eb:
         be:d4:67:00:e3:0d:23:ba:98:c3:fa:0e:3d:7c:7d:7b:54:e0:
         f8:de:8d:0f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQ1ONtxLAPV+7fTOoA0afUzKsD68wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTRaFw0yNTAyMjQwODUyNTRaMDMxMTAvBgNV
BAMTKERDMUYyRTQ0NDhGNzBEMEUyMEE2MTZFMTE1RDBBMDMxRTU0MTY1NzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQMAJiLLbq6XFDfxqWiNYs+Ed+
Cm3N57lAdRyL8F7FIOxkK392qRCo5eD5CP/nSBQSpR7rvRRY7OR+AGvLD4oP1+vo
EyEDWOSe5KBQ7W9jDTvbcVwSWSCSssbzu72BcZEWZ/3Qqr31Og0TXrzv7gMV0Kue
YAlM3jvwiMf+1O3xBkvTrty09pyZ+AS2FkejhhabTmdZaaZIpszSNe1JJ5VSxVqS
2MaBCXaoCrNEmI2e+RFhRyPzSKOn84H3BoVbMqo+OTVjKebr6TLHcZqcKSf3RVxc
zBPsjzOPyoknTlaPvFQpYCsrB+2r3mRoJhzZ8W3GuMdCvo+B7K6lokMkPFFZAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU3B8uREj3DQ4gphbhFdCgMeVBZXMwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzgzMzJlMzEzNzMxMmUzMjMw
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzMzMDM2MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABTq8swDQYJKoZIhvcNAQELBQADggEBAIu8nzv1RjjN0S3XrYYSFSR4XL0hk+E3
7GtGy47Y6e/0M/tL+95n9NCvTSE6FRKvCdjI6uh+vR3YoSoiZzEFQU5eXTM0+9Wq
GTLeZToPpeMpyEoPMrlKVXZCdvD2oB2cYoPozU/WAvfH0G3ArJSpKJGD3zip6+ym
up5GCE3ypetIJfczhIRfR+085jzoWjWb4TYyDI9gYhjnOxpbx7+mRkdBzCPjsheg
E4CXxlYvBpcpR6bWD+SyqDru00HUT1xFQKUAv+hCLKejkV+Mf0mf7KlFpUWQKN9D
A2yJEgiVFVAYgKUpRroKK0V4677UZwDjDSO6mMP6Dj18fXtU4PjejQ8=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org