Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/39322e3131392e38332e302f32342d3234203d3e20313336373837.roa
File:                     39322e3131392e38332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          R4D9tjRanroVF/7iRyFdY4rZLWt5f7ke360L3+qHy+s=
Subject key identifier:   7D:81:47:F6:8C:8E:59:72:C5:CD:CB:2A:14:99:F8:16:64:06:60:99
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       02436F43C62D514D8A812DE106AA415F838C8985
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/39322e3131392e38332e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:55 +0000
ROA not before:           Wed 07 Feb 2024 12:28:55 +0000
ROA not after:            Wed 05 Feb 2025 12:33:55 +0000
asID:                     136787
IP address blocks:        92.119.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:43:6f:43:c6:2d:51:4d:8a:81:2d:e1:06:aa:41:5f:83:8c:89:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:55 2024 GMT
            Not After : Feb  5 12:33:55 2025 GMT
        Subject: CN=7D8147F68C8E5972C5CDCB2A1499F81664066099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:90:ae:d0:58:f1:64:23:39:3a:75:7e:3e:ff:
                    a5:e7:62:e2:40:8a:ed:13:ed:3b:c0:86:55:5c:d2:
                    54:3f:a6:50:10:4b:e1:10:27:7b:d9:fe:48:97:9e:
                    df:ea:9d:21:3c:34:54:36:ed:10:01:9a:d2:f2:7e:
                    5f:f4:0a:90:17:7c:53:4d:63:6c:d9:70:ae:07:eb:
                    7b:15:18:e2:88:82:6d:b0:b5:63:90:ee:a2:48:b1:
                    71:16:f7:09:aa:9c:09:c0:d3:ce:07:3c:a0:ee:83:
                    dc:17:0e:ea:43:9a:9e:64:d9:e0:f2:8c:aa:e9:24:
                    b4:77:be:c5:41:ee:3a:37:f2:b2:c2:d1:60:e1:e5:
                    f2:1c:11:e0:44:cd:56:75:1c:68:aa:8d:54:da:ba:
                    d2:20:77:9e:7c:a0:d7:ab:7d:28:50:7e:35:e2:92:
                    9c:f6:58:4b:91:00:4a:48:7f:f1:54:2a:a3:3c:34:
                    1c:84:df:f1:03:f0:a7:7d:d1:dd:bc:7c:f6:86:d3:
                    2a:bc:4c:32:d3:79:c4:1b:5c:69:84:09:84:26:bd:
                    d0:44:9c:53:e5:a3:41:ef:8e:a9:ee:93:8e:2c:56:
                    4e:99:3d:69:a5:f5:db:3b:72:14:0c:86:fc:1e:16:
                    46:b3:6b:25:26:22:ee:6c:c0:e0:ba:a1:08:75:ad:
                    92:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:81:47:F6:8C:8E:59:72:C5:CD:CB:2A:14:99:F8:16:64:06:60:99
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/39322e3131392e38332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:48:d8:0b:df:e4:e0:67:6a:e4:98:bf:df:cf:94:e6:b7:d7:
         d7:35:b5:d8:ea:e4:5b:cd:99:88:86:9f:e8:3a:ca:9e:8f:9b:
         e0:8f:4d:7d:3a:aa:e1:3e:f8:be:04:e0:73:ad:3c:dc:9b:8d:
         fe:57:83:e7:ee:07:55:43:a0:37:f3:4b:ce:4d:f3:54:c5:3f:
         1b:21:51:4b:f4:19:21:2b:8a:fd:9e:8a:5b:d8:f3:ac:13:19:
         94:80:bd:7e:b3:3f:55:55:cc:59:1b:a1:3a:bf:08:06:8a:58:
         55:ef:ec:ff:cf:1e:13:12:64:c2:f0:b4:47:7b:ef:f5:49:7e:
         ee:6c:c8:13:a7:a6:ae:3b:53:8b:70:66:7b:d4:97:a3:60:0f:
         be:7b:f5:c9:c5:21:f5:3e:15:24:7c:e5:e8:ae:8c:11:45:f8:
         18:63:41:9c:c4:b1:33:a9:f4:56:9d:37:11:ef:1c:92:5c:ac:
         79:dd:09:03:63:e1:88:96:bf:5a:09:5e:2f:93:ce:aa:01:b5:
         5f:72:e8:91:a0:ac:b0:50:f1:71:84:b5:89:62:d8:e5:1e:93:
         ac:d1:c6:db:f0:b5:7b:30:74:d7:4f:1d:ed:fa:73:50:eb:2b:
         12:f5:a8:8a:08:5e:8b:bf:6d:67:fc:01:4c:b2:78:c2:ba:75:
         4b:db:f4:6e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUAkNvQ8YtUU2KgS3hBqpBX4OMiYUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4NTVaFw0yNTAyMDUxMjMzNTVaMDMxMTAvBgNV
BAMTKDdEODE0N0Y2OEM4RTU5NzJDNUNEQ0IyQTE0OTlGODE2NjQwNjYwOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCukK7QWPFkIzk6dX4+/6XnYuJA
iu0T7TvAhlVc0lQ/plAQS+EQJ3vZ/kiXnt/qnSE8NFQ27RABmtLyfl/0CpAXfFNN
Y2zZcK4H63sVGOKIgm2wtWOQ7qJIsXEW9wmqnAnA084HPKDug9wXDupDmp5k2eDy
jKrpJLR3vsVB7jo38rLC0WDh5fIcEeBEzVZ1HGiqjVTautIgd558oNerfShQfjXi
kpz2WEuRAEpIf/FUKqM8NByE3/ED8Kd90d28fPaG0yq8TDLTecQbXGmECYQmvdBE
nFPlo0Hvjqnuk44sVk6ZPWml9ds7chQMhvweFkazayUmIu5swOC6oQh1rZI/AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUfYFH9oyOWXLFzcsqFJn4FmQGYJkwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzkzMjJlMzEzMTM5MmUzODMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
XHdTMA0GCSqGSIb3DQEBCwUAA4IBAQCJSNgL3+TgZ2rkmL/fz5Tmt9fXNbXY6uRb
zZmIhp/oOsqej5vgj019OqrhPvi+BOBzrTzcm43+V4Pn7gdVQ6A380vOTfNUxT8b
IVFL9BkhK4r9nopb2POsExmUgL1+sz9VVcxZG6E6vwgGilhV7+z/zx4TEmTC8LRH
e+/1SX7ubMgTp6auO1OLcGZ71JejYA++e/XJxSH1PhUkfOXorowRRfgYY0GcxLEz
qfRWnTcR7xySXKx53QkDY+GIlr9aCV4vk86qAbVfcuiRoKywUPFxhLWJYtjlHpOs
0cbb8LV7MHTXTx3t+nNQ6ysS9aiKCF6Lv21n/AFMsnjCunVL2/Ru
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org