Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3230352e31332e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3230352e31332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          AtRdhE4NeCR05QY5mQ6OZEyNtJSzmjqZgTK94NRw0EM=
Subject key identifier:   7A:01:4E:4C:ED:5B:6D:17:0A:24:16:DB:65:E1:71:1F:4F:18:45:02
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       7F57C45B6E03E9B101BB28D0846969DDF34F337E
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3230352e31332e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 19 Mar 2024 10:16:45 +0000
ROA not before:           Tue 19 Mar 2024 10:11:45 +0000
ROA not after:            Tue 18 Mar 2025 10:16:45 +0000
asID:                     136787
IP address blocks:        185.205.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:57:c4:5b:6e:03:e9:b1:01:bb:28:d0:84:69:69:dd:f3:4f:33:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Mar 19 10:11:45 2024 GMT
            Not After : Mar 18 10:16:45 2025 GMT
        Subject: CN=7A014E4CED5B6D170A2416DB65E1711F4F184502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:12:6f:23:c3:7a:00:73:ad:5a:46:b1:ef:03:
                    8a:a1:5d:95:02:e7:ab:95:93:ef:5a:fe:65:92:37:
                    6a:c2:33:93:c3:ca:23:af:c5:70:03:9a:2b:e6:4e:
                    f6:e1:37:be:ce:97:16:02:f3:84:a4:47:80:fb:08:
                    48:e8:66:e4:33:4f:db:cb:18:d5:49:15:dd:b2:2a:
                    e1:e8:c7:55:15:69:85:86:f4:03:df:1e:8b:0f:40:
                    dd:61:16:e0:9c:4f:5f:51:e9:35:b3:85:03:02:e3:
                    ed:d2:40:20:47:ae:fe:3c:ed:40:cf:a1:3e:30:70:
                    3f:cf:74:eb:9b:5d:5a:bd:fc:0c:13:e6:67:9e:29:
                    92:00:9f:7b:c6:2b:ff:41:89:63:55:d1:9e:22:46:
                    0a:18:3e:87:e3:ea:b9:74:dc:f0:f9:71:b7:73:14:
                    90:7b:ca:c3:7f:4d:2e:f6:b7:95:6a:76:9b:02:0c:
                    d2:c1:0a:f8:15:c2:e6:13:41:e3:dd:bb:ed:12:36:
                    4d:8d:f1:8d:e6:40:ae:df:52:84:94:a6:90:bb:3f:
                    31:f2:83:5f:b1:88:40:c0:98:37:35:f8:c8:d9:ed:
                    76:f3:b5:a7:3d:d3:b6:a0:d0:52:ef:2e:3c:70:a5:
                    4f:11:1c:55:e7:9b:3f:16:fc:2a:21:ae:27:ee:d0:
                    49:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:01:4E:4C:ED:5B:6D:17:0A:24:16:DB:65:E1:71:1F:4F:18:45:02
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3230352e31332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:d4:e6:df:ed:8e:69:de:21:8f:96:ab:c6:d6:2f:91:5a:13:
         4b:c4:0f:10:57:01:24:b0:2a:28:a5:47:a6:3f:61:d9:d4:8b:
         92:a4:e1:63:ca:c7:57:6b:e6:d7:0e:da:ad:61:5f:9a:26:1e:
         54:3c:eb:57:1f:80:1d:c2:bd:44:41:9c:38:b0:f9:d5:ba:ca:
         31:7c:e5:98:0a:1a:cc:3c:fc:8d:45:4a:a0:24:4b:9f:ab:72:
         d4:04:dd:71:f3:ef:8e:60:31:14:52:83:50:57:2f:fc:7f:7f:
         cc:9d:6b:3b:3b:06:9c:ff:9d:ed:95:ab:6d:e3:7e:50:70:dc:
         42:62:d6:cc:58:07:19:61:34:c4:e5:01:5f:65:5f:41:88:40:
         60:54:5f:77:68:81:7d:62:b6:b6:3a:3a:18:52:b5:94:8b:83:
         b6:d7:4d:c3:98:3a:e2:61:91:74:b7:88:2c:f5:1b:6d:30:63:
         7f:88:50:d7:35:b8:f8:96:14:c6:65:83:c6:c7:21:b5:7b:c0:
         1c:f1:d8:78:68:90:36:87:df:56:cc:1e:3a:f0:33:4a:d9:0d:
         35:10:4b:24:4f:ca:7c:34:bc:5b:01:cd:b0:c8:9f:14:76:53:
         63:20:1e:30:b0:e7:d5:55:21:9c:83:ae:78:e9:87:5f:c7:66:
         8d:bf:59:84
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUf1fEW24D6bEBuyjQhGlp3fNPM34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAzMTkxMDExNDVaFw0yNTAzMTgxMDE2NDVaMDMxMTAvBgNV
BAMTKDdBMDE0RTRDRUQ1QjZEMTcwQTI0MTZEQjY1RTE3MTFGNEYxODQ1MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsEm8jw3oAc61aRrHvA4qhXZUC
56uVk+9a/mWSN2rCM5PDyiOvxXADmivmTvbhN77OlxYC84SkR4D7CEjoZuQzT9vL
GNVJFd2yKuHox1UVaYWG9APfHosPQN1hFuCcT19R6TWzhQMC4+3SQCBHrv487UDP
oT4wcD/PdOubXVq9/AwT5meeKZIAn3vGK/9BiWNV0Z4iRgoYPofj6rl03PD5cbdz
FJB7ysN/TS72t5VqdpsCDNLBCvgVwuYTQePdu+0SNk2N8Y3mQK7fUoSUppC7PzHy
g1+xiEDAmDc1+MjZ7Xbztac907ag0FLvLjxwpU8RHFXnmz8W/Cohrifu0EnNAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUegFOTO1bbRcKJBbbZeFxH08YRQIwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjMwMzUyZTMx
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5zQ0wDQYJKoZIhvcNAQELBQADggEBAC3U5t/tjmneIY+Wq8bWL5FaE0vEDxBX
ASSwKiilR6Y/YdnUi5Kk4WPKx1dr5tcO2q1hX5omHlQ861cfgB3CvURBnDiw+dW6
yjF85ZgKGsw8/I1FSqAkS5+rctQE3XHz745gMRRSg1BXL/x/f8ydazs7Bpz/ne2V
q23jflBw3EJi1sxYBxlhNMTlAV9lX0GIQGBUX3dogX1itrY6OhhStZSLg7bXTcOY
OuJhkXS3iCz1G20wY3+IUNc1uPiWFMZlg8bHIbV7wBzx2HhokDaH31bMHjrwM0rZ
DTUQSyRPynw0vFsBzbDInxR2U2MgHjCw59VVIZyDrnjph1/HZo2/WYQ=
-----END CERTIFICATE-----
Generated at Mon Nov 25 01:46:59 2024 by rpki-client on console-fra.rpki-client.org