Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3136302e3233382e33382e302f32342d3332203d3e20313336373837.roa
File:                     3136302e3233382e33382e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          Kt9gGlYJki1xmHlEikZg935KsQmk4sZ0qjJMvwLPgr0=
Subject key identifier:   2D:C5:5A:08:59:FD:B6:2C:A2:DD:8A:58:21:0E:E6:B7:D5:E7:34:8D
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       4B4022C4A2AF53DE1E8DF21934DB74BE9B77F80C
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3136302e3233382e33382e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:39 +0000
ROA not before:           Mon 26 Feb 2024 08:48:39 +0000
ROA not after:            Mon 24 Feb 2025 08:53:39 +0000
asID:                     136787
IP address blocks:        160.238.38.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:40:22:c4:a2:af:53:de:1e:8d:f2:19:34:db:74:be:9b:77:f8:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:39 2024 GMT
            Not After : Feb 24 08:53:39 2025 GMT
        Subject: CN=2DC55A0859FDB62CA2DD8A58210EE6B7D5E7348D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0f:35:ed:ce:2f:e6:db:22:d7:35:a6:a1:84:
                    dd:0b:19:15:ef:7d:e3:ec:d1:e1:24:c3:11:91:b4:
                    fc:90:ca:e9:19:a0:3b:b0:8d:c7:b8:0a:ca:e0:5f:
                    45:e0:a0:8b:a1:37:aa:30:e0:9e:3a:7c:04:68:7b:
                    19:02:24:82:12:f0:97:b6:29:79:6c:6f:9a:e8:43:
                    9b:75:35:f8:43:c6:13:fb:30:6d:be:6f:73:ff:cc:
                    0e:c4:f9:34:3c:4c:71:af:01:0c:d7:c3:20:35:10:
                    11:81:6a:74:74:34:9c:03:8c:46:70:2b:1d:3e:33:
                    2a:14:75:d0:36:30:31:ab:2d:c6:6b:31:ec:ea:b8:
                    96:5e:07:ee:39:2d:72:57:3b:3c:43:96:75:5e:15:
                    3f:06:68:06:22:ea:f8:41:8c:58:b8:a7:34:aa:f8:
                    fd:ab:20:6d:bb:9f:67:5b:31:36:3d:e8:bb:cf:6b:
                    eb:2e:8a:ba:67:a7:b7:79:25:1b:d6:55:3e:ea:f7:
                    bf:d5:88:55:3f:9f:cf:5f:75:da:f2:69:0d:c0:05:
                    b3:10:1d:92:1d:0a:ff:61:60:a0:c2:28:80:0c:61:
                    1b:ea:3a:1c:42:99:f1:9e:b9:05:c4:ea:d4:d5:4d:
                    0c:c1:51:cc:07:f4:8e:19:3f:ae:56:82:c1:5b:1d:
                    4b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:C5:5A:08:59:FD:B6:2C:A2:DD:8A:58:21:0E:E6:B7:D5:E7:34:8D
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3136302e3233382e33382e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.238.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:2a:f7:30:d6:fb:01:2e:86:32:21:06:55:ff:5a:83:a1:90:
         76:04:92:4b:16:d1:cd:76:e0:48:0a:b5:83:9f:a5:1d:e0:52:
         75:d0:d7:6c:bc:dc:00:bc:86:e9:c8:01:76:b8:7d:31:6c:60:
         70:a8:0e:63:05:da:35:3c:18:53:7b:5e:a7:a6:81:68:b8:b3:
         ed:38:39:9d:98:95:68:7a:e7:e7:03:be:a0:c1:5f:ac:49:86:
         38:b0:6f:a4:49:41:4b:e4:a3:19:d5:12:b6:c5:25:9c:f6:b0:
         b1:e7:fe:99:14:00:d2:14:98:01:97:b0:03:0a:06:6a:20:2d:
         19:4a:31:16:75:d8:44:22:4f:94:19:0c:2b:77:d1:37:8d:f2:
         23:7a:fc:ee:fb:84:c8:65:02:48:20:72:98:bf:a2:8a:30:c0:
         6e:18:88:3b:bf:d9:67:0d:57:88:31:58:ba:f4:ff:4f:c6:73:
         a0:8a:15:a7:82:fa:f9:1f:b5:33:5b:d5:b0:3c:f9:76:a8:ae:
         e3:36:22:8b:a1:66:6e:32:a9:10:2c:8f:40:8a:26:69:03:2d:
         a2:13:e5:ad:79:3d:50:82:c8:ff:b7:9d:83:31:68:de:50:07:
         0b:d3:65:05:43:b0:cc:5b:75:23:11:21:7f:15:11:66:fe:b1:
         ed:96:11:af
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUS0AixKKvU94ejfIZNNt0vpt3+AwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzlaFw0yNTAyMjQwODUzMzlaMDMxMTAvBgNV
BAMTKDJEQzU1QTA4NTlGREI2MkNBMkREOEE1ODIxMEVFNkI3RDVFNzM0OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDzXtzi/m2yLXNaahhN0LGRXv
fePs0eEkwxGRtPyQyukZoDuwjce4CsrgX0XgoIuhN6ow4J46fARoexkCJIIS8Je2
KXlsb5roQ5t1NfhDxhP7MG2+b3P/zA7E+TQ8THGvAQzXwyA1EBGBanR0NJwDjEZw
Kx0+MyoUddA2MDGrLcZrMezquJZeB+45LXJXOzxDlnVeFT8GaAYi6vhBjFi4pzSq
+P2rIG27n2dbMTY96LvPa+suirpnp7d5JRvWVT7q97/ViFU/n89fddryaQ3ABbMQ
HZIdCv9hYKDCKIAMYRvqOhxCmfGeuQXE6tTVTQzBUcwH9I4ZP65WgsFbHUszAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQULcVaCFn9tiyi3YpYIQ7mt9XnNI0wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzNjMwMmUzMjMzMzgyZTMz
MzgyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACg7iYwDQYJKoZIhvcNAQELBQADggEBAGMq9zDW+wEuhjIhBlX/WoOhkHYEkksW
0c124EgKtYOfpR3gUnXQ12y83AC8hunIAXa4fTFsYHCoDmMF2jU8GFN7XqemgWi4
s+04OZ2YlWh65+cDvqDBX6xJhjiwb6RJQUvkoxnVErbFJZz2sLHn/pkUANIUmAGX
sAMKBmogLRlKMRZ12EQiT5QZDCt30TeN8iN6/O77hMhlAkggcpi/ooowwG4YiDu/
2WcNV4gxWLr0/0/Gc6CKFaeC+vkftTNb1bA8+XaoruM2IouhZm4yqRAsj0CKJmkD
LaIT5a15PVCCyP+3nYMxaN5QBwvTZQVDsMxbdSMRIX8VEWb+se2WEa8=
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:31:48 2024 by rpki-client on console-ams.rpki-client.org