Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3230362e3136302e302f32332d3234203d3e203437353833.roa
File:                     3138352e3230362e3136302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          DCKRlTOilKrevaKl47jkVBHYzzTMpP4x93HuYtfzyMQ=
Subject key identifier:   02:71:15:00:A8:97:A3:ED:A5:49:24:16:36:3F:EA:BD:B6:CB:4A:2F
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       618FC8B7A756DC3A7CB5766F4E3A1BE0EB43BF03
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3230362e3136302e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:36 +0000
ROA not before:           Mon 26 Feb 2024 08:48:36 +0000
ROA not after:            Mon 24 Feb 2025 08:53:36 +0000
asID:                     47583
IP address blocks:        185.206.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8f:c8:b7:a7:56:dc:3a:7c:b5:76:6f:4e:3a:1b:e0:eb:43:bf:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:36 2024 GMT
            Not After : Feb 24 08:53:36 2025 GMT
        Subject: CN=02711500A897A3EDA5492416363FEABDB6CB4A2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e4:92:dc:2a:4a:ed:31:4d:21:b8:e4:b5:14:
                    24:fc:d2:29:4d:59:ff:ae:88:6c:ae:f4:0d:5c:56:
                    1a:ab:76:46:90:ba:51:1b:cd:74:ff:a2:50:78:36:
                    54:3f:4a:61:cc:96:a1:d5:eb:9d:cb:09:81:16:1c:
                    de:03:7b:61:0b:e4:88:1e:0d:4b:ab:bd:c8:4f:b7:
                    61:ba:96:ab:be:9d:c0:ec:80:be:70:ca:b1:40:c7:
                    a6:8b:fd:9e:21:59:1c:e1:08:30:c3:80:94:c1:35:
                    7f:84:b4:cb:3f:c8:89:e9:b0:e3:72:67:f2:14:28:
                    ae:83:c2:a2:b1:a6:f0:0b:3d:76:8d:67:67:55:01:
                    08:8a:7c:d8:6a:6c:69:35:f7:7b:27:05:93:4f:c3:
                    a8:90:9a:80:c5:23:b2:9f:e7:66:69:91:12:56:ba:
                    48:78:11:29:be:c7:0c:c0:f1:bf:5e:c8:49:52:c4:
                    0a:98:3e:ae:12:0e:c4:24:f2:fa:ab:7b:aa:4e:09:
                    fb:9e:e1:55:ce:5c:34:c9:13:4b:99:e1:d7:4c:e6:
                    c8:07:2c:7e:38:b7:b5:62:f5:4a:4e:dd:ac:71:1b:
                    50:62:2a:9c:43:7c:03:b2:86:61:e4:6d:fa:19:8e:
                    b0:16:14:e2:9f:d7:88:e4:5a:b5:03:2e:b1:5e:d2:
                    b4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:71:15:00:A8:97:A3:ED:A5:49:24:16:36:3F:EA:BD:B6:CB:4A:2F
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3230362e3136302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:2d:1d:4c:cb:d4:37:2b:38:3c:5e:c6:a3:71:3a:9c:f7:89:
         93:0e:1d:50:b8:d7:1d:b3:1e:4a:04:b3:4a:e5:23:5d:68:a8:
         c9:26:60:4f:41:48:8d:f2:7a:7b:51:94:7b:58:df:39:b6:45:
         18:19:bc:60:04:43:90:be:3c:8d:40:49:82:5e:32:19:67:b1:
         a9:fa:8e:1c:45:c4:3a:eb:46:7a:a8:81:34:57:ef:f7:59:be:
         8e:45:04:db:6d:43:a9:fb:40:5f:19:18:b5:17:d6:ab:0d:df:
         cb:19:c8:ac:f8:3c:e6:03:aa:12:52:86:d3:6b:4a:69:7e:39:
         82:fe:99:18:cb:4e:9c:0c:19:97:01:fa:ec:2c:b7:7b:a5:4d:
         34:f1:18:0c:7d:3a:ad:fb:01:86:94:56:ec:52:76:ea:c1:dc:
         a9:6d:da:cd:ab:6c:19:cd:38:98:cd:bd:75:a1:a1:31:6d:cd:
         13:f4:7e:cc:0a:29:aa:09:94:46:95:3a:be:8d:96:cc:20:40:
         63:c0:5a:4e:44:1c:8e:98:b5:9a:56:cb:88:6d:72:f1:da:1f:
         2e:24:9d:ce:56:37:36:0c:43:2c:8d:80:11:c6:26:b2:8d:5d:
         e1:d0:5e:95:8f:28:fa:46:e7:96:e8:db:68:64:50:77:a7:15:
         e4:f7:d1:dc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUYY/It6dW3Dp8tXZvTjob4OtDvwMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzZaFw0yNTAyMjQwODUzMzZaMDMxMTAvBgNV
BAMTKDAyNzExNTAwQTg5N0EzRURBNTQ5MjQxNjM2M0ZFQUJEQjZDQjRBMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj5JLcKkrtMU0huOS1FCT80ilN
Wf+uiGyu9A1cVhqrdkaQulEbzXT/olB4NlQ/SmHMlqHV653LCYEWHN4De2EL5Ige
DUurvchPt2G6lqu+ncDsgL5wyrFAx6aL/Z4hWRzhCDDDgJTBNX+EtMs/yInpsONy
Z/IUKK6DwqKxpvALPXaNZ2dVAQiKfNhqbGk193snBZNPw6iQmoDFI7Kf52ZpkRJW
ukh4ESm+xwzA8b9eyElSxAqYPq4SDsQk8vqre6pOCfue4VXOXDTJE0uZ4ddM5sgH
LH44t7Vi9UpO3axxG1BiKpxDfAOyhmHkbfoZjrAWFOKf14jkWrUDLrFe0rTLAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUAnEVAKiXo+2lSSQWNj/qvbbLSi8wHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjMwMzYyZTMx
MzYzMDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAG5zqAwDQYJKoZIhvcNAQELBQADggEBAKgtHUzL1DcrODxexqNxOpz3iZMOHVC4
1x2zHkoEs0rlI11oqMkmYE9BSI3yentRlHtY3zm2RRgZvGAEQ5C+PI1ASYJeMhln
san6jhxFxDrrRnqogTRX7/dZvo5FBNttQ6n7QF8ZGLUX1qsN38sZyKz4POYDqhJS
htNrSml+OYL+mRjLTpwMGZcB+uwst3ulTTTxGAx9Oq37AYaUVuxSdurB3Klt2s2r
bBnNOJjNvXWhoTFtzRP0fswKKaoJlEaVOr6NlswgQGPAWk5EHI6YtZpWy4htcvHa
Hy4knc5WNzYMQyyNgBHGJrKNXeHQXpWPKPpG55bo22hkUHenFeT30dw=
-----END CERTIFICATE-----
Generated at Sat Jun 15 07:40:43 2024 by rpki-client on console-fra.rpki-client.org