Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232392e3131322e302f32332d3234203d3e203437353833.roa
File:                     3138352e3232392e3131322e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          CsTyHE7g6A5CQtmGR5q9nNsV4mD5P4vB0itgIPLU3qM=
Subject key identifier:   72:B2:27:08:09:82:9B:5B:1E:D3:B1:8F:B0:A5:E2:68:33:C0:0B:CB
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       6E51674033EF4019403CD797B6F9DB3C4B7EB2CF
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232392e3131322e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:36 +0000
ROA not before:           Mon 26 Feb 2024 08:48:36 +0000
ROA not after:            Mon 24 Feb 2025 08:53:36 +0000
asID:                     47583
IP address blocks:        185.229.112.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:51:67:40:33:ef:40:19:40:3c:d7:97:b6:f9:db:3c:4b:7e:b2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:36 2024 GMT
            Not After : Feb 24 08:53:36 2025 GMT
        Subject: CN=72B2270809829B5B1ED3B18FB0A5E26833C00BCB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ca:b2:07:4b:44:74:40:62:31:83:3e:eb:79:
                    25:14:16:38:b5:e1:bf:33:af:52:90:35:a6:ba:a9:
                    eb:20:1b:1e:5b:79:36:ab:2b:b5:b5:26:f7:c0:25:
                    eb:00:8d:f7:c4:68:a5:90:a1:20:dc:83:98:67:98:
                    32:d7:21:67:5d:db:96:58:a2:b4:51:c3:cd:84:1e:
                    dd:a4:2b:28:4f:08:8a:27:0a:2f:71:06:6e:da:f8:
                    47:aa:e1:06:1a:15:6c:b0:f4:89:94:a3:9b:e3:78:
                    c1:cc:fe:3c:25:1a:af:49:6d:9f:c0:ef:1f:11:61:
                    5c:bf:e5:61:3b:55:e5:40:b4:23:c1:32:c0:1f:19:
                    b4:5a:fc:c7:3e:5e:9a:f1:81:a0:2a:e2:8d:35:01:
                    c5:ea:ef:3a:81:22:db:f0:ca:f8:fa:63:56:46:3c:
                    f5:8a:5a:dd:07:c9:88:49:77:99:47:14:da:df:1b:
                    1b:f8:c8:17:c1:84:18:7c:5c:69:a0:50:71:e2:62:
                    81:4f:4a:82:9e:d5:56:32:33:37:d6:3d:00:20:9a:
                    54:b8:15:23:b9:1b:ac:0a:4d:81:1c:05:32:22:3f:
                    48:3e:ff:0b:e2:d8:4d:58:7f:8f:45:26:4f:be:a2:
                    f5:ed:06:ed:51:37:21:83:3c:55:e4:58:99:6a:10:
                    e6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B2:27:08:09:82:9B:5B:1E:D3:B1:8F:B0:A5:E2:68:33:C0:0B:CB
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232392e3131322e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:95:1f:80:1b:21:cf:e8:ee:91:27:19:b2:f3:6c:e0:24:20:
         a8:29:55:ea:c3:a4:af:45:8f:2a:ab:ea:75:cc:63:cd:28:f0:
         d3:a0:17:c7:2a:7d:82:6f:e2:20:7a:1b:e5:b8:6c:7a:5e:af:
         fe:fb:80:12:0c:54:29:83:25:a0:a4:9c:60:b1:0a:8b:5f:42:
         49:8c:ff:5f:a0:1a:7d:eb:f3:0b:65:46:80:e4:3a:d2:1a:6a:
         0d:15:d1:0b:e7:de:4c:8e:d8:4f:bf:41:ed:88:a8:78:04:60:
         00:4a:a5:35:43:85:9c:bf:42:3c:27:ae:16:8c:39:0d:9c:aa:
         6f:d3:0d:cc:14:72:74:fc:6e:09:89:fb:12:a5:1c:62:9c:ca:
         25:e5:85:47:94:1a:1d:5c:50:5b:8b:bc:1f:c0:8b:a2:2e:c6:
         06:ea:bd:f1:fc:21:d9:bf:1a:d5:27:6d:9d:9c:a9:4b:97:7b:
         5c:03:11:1d:55:c6:fb:12:c0:71:0f:fb:53:95:01:07:32:2a:
         80:61:b4:2e:e7:15:b6:3b:6e:8c:cb:95:d9:4b:7c:a7:76:8d:
         3a:4a:52:a5:ea:56:0e:ac:90:bd:75:01:5e:85:16:30:28:39:
         49:4a:3e:ee:b0:9e:70:28:ec:50:48:ef:a3:32:89:1b:0a:ab:
         20:30:ba:68
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUblFnQDPvQBlAPNeXtvnbPEt+ss8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzZaFw0yNTAyMjQwODUzMzZaMDMxMTAvBgNV
BAMTKDcyQjIyNzA4MDk4MjlCNUIxRUQzQjE4RkIwQTVFMjY4MzNDMDBCQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCyrIHS0R0QGIxgz7reSUUFji1
4b8zr1KQNaa6qesgGx5beTarK7W1JvfAJesAjffEaKWQoSDcg5hnmDLXIWdd25ZY
orRRw82EHt2kKyhPCIonCi9xBm7a+Eeq4QYaFWyw9ImUo5vjeMHM/jwlGq9JbZ/A
7x8RYVy/5WE7VeVAtCPBMsAfGbRa/Mc+XprxgaAq4o01AcXq7zqBItvwyvj6Y1ZG
PPWKWt0HyYhJd5lHFNrfGxv4yBfBhBh8XGmgUHHiYoFPSoKe1VYyMzfWPQAgmlS4
FSO5G6wKTYEcBTIiP0g+/wvi2E1Yf49FJk++ovXtBu1RNyGDPFXkWJlqEOZHAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUcrInCAmCm1se07GPsKXiaDPAC8swHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjMyMzkyZTMx
MzEzMjJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAG55XAwDQYJKoZIhvcNAQELBQADggEBAJSVH4AbIc/o7pEnGbLzbOAkIKgpVerD
pK9Fjyqr6nXMY80o8NOgF8cqfYJv4iB6G+W4bHper/77gBIMVCmDJaCknGCxCotf
QkmM/1+gGn3r8wtlRoDkOtIaag0V0Qvn3kyO2E+/Qe2IqHgEYABKpTVDhZy/Qjwn
rhaMOQ2cqm/TDcwUcnT8bgmJ+xKlHGKcyiXlhUeUGh1cUFuLvB/Ai6IuxgbqvfH8
Idm/GtUnbZ2cqUuXe1wDER1VxvsSwHEP+1OVAQcyKoBhtC7nFbY7bozLldlLfKd2
jTpKUqXqVg6skL11AV6FFjAoOUlKPu6wnnAo7FBI76MyiRsKqyAwumg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org