Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/39312e3231342e36362e302f32342d3332203d3e20313336373837.roa
File:                     39312e3231342e36362e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          JrXapG71DP9WNNx0RfNR7eBRbfZejaXfNv5KdncHU6U=
Subject key identifier:   3E:6E:67:4C:A1:0E:92:17:69:16:5B:53:39:88:23:5B:35:FD:C9:A7
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       39E5FE0C5B64BE66EC6147691851B33DD53DE90B
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/39312e3231342e36362e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:57 +0000
ROA not before:           Mon 26 Feb 2024 08:47:57 +0000
ROA not after:            Mon 24 Feb 2025 08:52:57 +0000
asID:                     136787
IP address blocks:        91.214.66.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:e5:fe:0c:5b:64:be:66:ec:61:47:69:18:51:b3:3d:d5:3d:e9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:57 2024 GMT
            Not After : Feb 24 08:52:57 2025 GMT
        Subject: CN=3E6E674CA10E921769165B533988235B35FDC9A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d4:5c:7d:dd:67:a6:10:e2:76:c4:70:0d:fe:
                    72:f2:b5:dd:8a:6e:b3:1b:2e:c1:0c:16:9c:43:d0:
                    be:98:9a:81:0f:66:66:f3:a4:bd:5b:00:cf:c0:76:
                    d1:08:fd:90:33:c5:4e:3b:b9:2a:51:f8:de:c7:cb:
                    20:37:a5:f4:f6:b1:fd:f0:4d:58:67:7a:79:b1:3d:
                    38:2a:78:d3:14:a6:8a:95:f7:21:9a:12:a2:f5:d0:
                    67:c7:65:ee:5b:45:1c:ef:14:55:cf:da:43:48:60:
                    f3:ef:97:90:e8:11:c8:f8:98:a2:3b:80:55:6f:f0:
                    9e:a1:e4:b0:d2:9a:2c:aa:c6:c0:90:00:54:28:7f:
                    04:09:29:69:bf:8b:59:60:e9:7c:c7:0b:25:50:ce:
                    fb:78:ab:2b:9e:eb:e8:4e:c4:82:c1:39:50:61:47:
                    b5:61:4f:e2:10:00:dc:54:b5:33:a3:09:a6:14:8d:
                    de:db:0d:7b:05:6f:db:a3:b4:99:73:d3:0b:23:bc:
                    dd:19:ef:13:85:e5:0a:39:43:e9:20:c1:61:ee:ee:
                    f0:86:b4:8f:ac:8a:31:f5:69:3d:7c:b5:cf:bd:54:
                    56:49:64:ae:0b:57:a9:32:a5:c0:b6:af:65:23:e5:
                    12:36:e4:65:21:97:0d:1b:af:06:98:4c:64:7f:81:
                    ae:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:6E:67:4C:A1:0E:92:17:69:16:5B:53:39:88:23:5B:35:FD:C9:A7
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/39312e3231342e36362e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:3e:a3:f8:3c:86:da:ac:44:0b:e8:ac:ce:5e:dc:83:4d:20:
         b0:aa:61:03:47:8e:81:ff:8c:91:91:80:45:26:6c:75:4f:f7:
         99:33:55:be:82:76:91:8a:05:c3:c9:ca:96:00:37:dd:9c:1e:
         34:f2:7a:6c:97:1a:4c:cc:10:b7:94:ef:c4:80:b0:d7:d9:47:
         f8:d6:cd:66:00:90:cc:92:ef:1c:0f:f2:d2:2e:e6:29:9c:ac:
         0b:32:b3:44:d4:58:ad:52:59:3f:51:1b:ac:fa:2e:95:0c:22:
         2d:e2:72:eb:3a:e9:a6:d5:40:82:5b:64:53:f9:6c:72:5a:98:
         55:98:72:34:7e:0b:ac:44:44:9b:d0:0f:57:b4:dc:1e:20:a5:
         a9:36:8f:98:6b:14:88:4a:45:e0:89:6b:dc:d1:21:8a:de:3e:
         ab:e5:1c:0b:07:22:15:1f:8e:74:9b:cc:72:f5:58:9f:7e:f8:
         b1:eb:3a:62:0d:13:9a:b6:b8:3e:ab:cf:51:18:91:41:1d:2f:
         51:0b:49:59:39:26:c4:28:bf:24:51:83:35:51:f5:c0:8c:de:
         f0:f8:0c:d5:9d:42:bd:d2:d3:34:bb:f7:a0:0f:17:57:da:c1:
         18:af:58:07:24:59:55:0f:d3:16:3b:92:ee:34:d6:8f:d2:50:
         c0:2e:72:97
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUOeX+DFtkvmbsYUdpGFGzPdU96QswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTdaFw0yNTAyMjQwODUyNTdaMDMxMTAvBgNV
BAMTKDNFNkU2NzRDQTEwRTkyMTc2OTE2NUI1MzM5ODgyMzVCMzVGREM5QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv1Fx93WemEOJ2xHAN/nLytd2K
brMbLsEMFpxD0L6YmoEPZmbzpL1bAM/AdtEI/ZAzxU47uSpR+N7HyyA3pfT2sf3w
TVhnenmxPTgqeNMUpoqV9yGaEqL10GfHZe5bRRzvFFXP2kNIYPPvl5DoEcj4mKI7
gFVv8J6h5LDSmiyqxsCQAFQofwQJKWm/i1lg6XzHCyVQzvt4qyue6+hOxILBOVBh
R7VhT+IQANxUtTOjCaYUjd7bDXsFb9ujtJlz0wsjvN0Z7xOF5Qo5Q+kgwWHu7vCG
tI+sijH1aT18tc+9VFZJZK4LV6kypcC2r2Uj5RI25GUhlw0brwaYTGR/ga7TAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUPm5nTKEOkhdpFltTOYgjWzX9yacwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzkzMTJlMzIzMTM0MmUzNjM2
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
W9ZCMA0GCSqGSIb3DQEBCwUAA4IBAQBoPqP4PIbarEQL6KzOXtyDTSCwqmEDR46B
/4yRkYBFJmx1T/eZM1W+gnaRigXDycqWADfdnB408npslxpMzBC3lO/EgLDX2Uf4
1s1mAJDMku8cD/LSLuYpnKwLMrNE1FitUlk/URus+i6VDCIt4nLrOumm1UCCW2RT
+WxyWphVmHI0fgusRESb0A9XtNweIKWpNo+YaxSISkXgiWvc0SGK3j6r5RwLByIV
H450m8xy9Viffvix6zpiDROatrg+q89RGJFBHS9RC0lZOSbEKL8kUYM1UfXAjN7w
+AzVnUK90tM0u/egDxdX2sEYr1gHJFlVD9MWO5LuNNaP0lDALnKX
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org