Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3133302e3138352e3131382e302f32342d3332203d3e203531313637.roa
File:                     3133302e3138352e3131382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          4sJyToRbuuO1DwKdrr8WM0hApYUUrV0kpDEn8b6YwdA=
Subject key identifier:   5E:94:4C:F6:71:E9:F7:EC:31:29:F7:C3:0D:78:02:E3:B5:04:8D:4F
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       1A3B5EF98777DF26EA9AFB9AF6B8AE75EBED05B9
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3133302e3138352e3131382e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:42 +0000
ROA not before:           Mon 26 Feb 2024 08:48:42 +0000
ROA not after:            Mon 24 Feb 2025 08:53:42 +0000
asID:                     51167
IP address blocks:        130.185.118.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:3b:5e:f9:87:77:df:26:ea:9a:fb:9a:f6:b8:ae:75:eb:ed:05:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:42 2024 GMT
            Not After : Feb 24 08:53:42 2025 GMT
        Subject: CN=5E944CF671E9F7EC3129F7C30D7802E3B5048D4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:83:90:f2:33:4f:b9:a6:71:52:49:37:3e:93:
                    27:f0:20:2e:10:68:4f:2e:a4:8a:f2:3c:e7:a4:f1:
                    e6:f8:cb:d5:32:a3:a8:58:3b:8b:fb:49:b2:86:2c:
                    8f:82:9f:8c:8e:f1:63:7c:fc:ea:a4:58:03:77:b4:
                    71:51:f7:e2:55:a5:76:e7:7f:8f:8f:2b:bc:2f:84:
                    5d:f8:35:de:14:19:f8:46:bf:6f:df:ff:3f:ae:22:
                    f9:4c:85:51:1c:1e:cf:f5:5a:45:ba:de:90:d9:c5:
                    3c:a8:d3:e6:3d:09:1e:e8:00:33:ab:30:3d:d9:34:
                    51:02:c2:ca:17:b8:5a:9a:2c:75:66:44:51:00:76:
                    2f:2a:49:17:77:db:d2:e8:cf:83:86:f3:8e:6f:b1:
                    f4:42:29:d1:d9:53:d5:03:32:72:78:1a:6c:9b:cf:
                    9f:a5:3c:b0:d1:fa:05:20:50:87:e6:12:0d:38:d7:
                    6b:42:a1:a3:4b:dd:89:c5:63:59:d2:d5:8f:87:5e:
                    d6:5e:b6:7f:b4:36:68:91:6d:de:8e:a3:9a:0d:e8:
                    d8:de:5b:31:75:63:ac:2a:3a:95:28:7c:50:97:2a:
                    ea:38:d5:01:65:1c:87:bd:d7:0a:60:57:46:a9:62:
                    c1:7a:30:f8:eb:fc:65:99:2a:df:f4:10:f5:79:e3:
                    6a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:94:4C:F6:71:E9:F7:EC:31:29:F7:C3:0D:78:02:E3:B5:04:8D:4F
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3133302e3138352e3131382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1d:5b:11:6c:c0:fe:dd:98:4d:bf:90:97:ca:76:4c:9e:76:
         6b:97:ca:be:14:dd:26:66:ba:51:c5:13:69:6b:f9:a0:d0:96:
         e4:19:ad:b1:52:b3:4c:a8:92:93:85:bd:c8:45:e3:3e:10:12:
         5a:96:5d:7d:16:65:38:2f:bf:31:b9:97:e4:7a:64:52:95:d0:
         9d:d5:98:4e:4a:05:62:39:8a:74:36:e7:c3:f3:72:78:d2:67:
         8c:0e:97:88:17:3e:b5:42:8f:c8:65:39:53:e5:7b:73:a0:e3:
         05:5c:60:e8:27:c3:2b:2c:ae:f0:f1:3b:2b:99:26:55:ae:e2:
         c8:eb:0e:f2:40:de:94:3e:47:b7:e7:17:5f:02:fc:9c:37:77:
         7f:12:df:a6:f1:ca:7f:0f:e9:77:23:75:3c:e4:b1:04:80:41:
         7f:92:e7:7c:fc:ee:42:39:02:cc:2e:dc:43:d7:9d:87:bb:d3:
         38:63:18:47:ce:26:64:03:56:ed:f5:70:a3:47:bd:0a:62:6f:
         e7:a0:de:7f:c6:bb:ed:50:a5:c5:87:68:7c:3c:5e:96:9b:91:
         50:06:91:19:a8:08:3a:89:cd:7e:9e:1b:2a:dd:23:3d:4d:a3:
         ee:24:32:58:2b:13:85:5e:f0:4b:a8:6a:60:a2:fc:24:35:c2:
         5a:8e:3e:d6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUGjte+Yd33ybqmvua9riudevtBbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDJaFw0yNTAyMjQwODUzNDJaMDMxMTAvBgNV
BAMTKDVFOTQ0Q0Y2NzFFOUY3RUMzMTI5RjdDMzBENzgwMkUzQjUwNDhENEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxg5DyM0+5pnFSSTc+kyfwIC4Q
aE8upIryPOek8eb4y9Uyo6hYO4v7SbKGLI+Cn4yO8WN8/OqkWAN3tHFR9+JVpXbn
f4+PK7wvhF34Nd4UGfhGv2/f/z+uIvlMhVEcHs/1WkW63pDZxTyo0+Y9CR7oADOr
MD3ZNFECwsoXuFqaLHVmRFEAdi8qSRd329Loz4OG845vsfRCKdHZU9UDMnJ4Gmyb
z5+lPLDR+gUgUIfmEg0412tCoaNL3YnFY1nS1Y+HXtZetn+0NmiRbd6Oo5oN6Nje
WzF1Y6wqOpUofFCXKuo41QFlHIe91wpgV0apYsF6MPjr/GWZKt/0EPV542p/AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUXpRM9nHp9+wxKffDDXgC47UEjU8wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzMzMwMmUzMTM4MzUyZTMx
MzEzODJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACCuXYwDQYJKoZIhvcNAQELBQADggEBAEcdWxFswP7dmE2/kJfKdkyedmuXyr4U
3SZmulHFE2lr+aDQluQZrbFSs0yokpOFvchF4z4QElqWXX0WZTgvvzG5l+R6ZFKV
0J3VmE5KBWI5inQ258PzcnjSZ4wOl4gXPrVCj8hlOVPle3Og4wVcYOgnwyssrvDx
OyuZJlWu4sjrDvJA3pQ+R7fnF18C/Jw3d38S36bxyn8P6XcjdTzksQSAQX+S53z8
7kI5Aswu3EPXnYe70zhjGEfOJmQDVu31cKNHvQpib+eg3n/Gu+1QpcWHaHw8Xpab
kVAGkRmoCDqJzX6eGyrdIz1No+4kMlgrE4Ve8EuoamCi/CQ1wlqOPtY=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org