Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3136302e3233382e33392e302f32342d3332203d3e20313336373837.roa
File:                     3136302e3233382e33392e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          UpAIsAhhl5I0qTL12mE7Kc5s9CJdqEL/ThhcFCaHYj4=
Subject key identifier:   B0:4B:C1:3B:FC:5C:2B:D1:B8:5D:39:F6:41:B0:FE:FA:7E:00:B1:28
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       3850F3FC05EA471D64747CBDEE51A03DEBC80A03
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3136302e3233382e33392e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:41 +0000
ROA not before:           Mon 26 Feb 2024 08:48:41 +0000
ROA not after:            Mon 24 Feb 2025 08:53:41 +0000
asID:                     136787
IP address blocks:        160.238.39.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:50:f3:fc:05:ea:47:1d:64:74:7c:bd:ee:51:a0:3d:eb:c8:0a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:41 2024 GMT
            Not After : Feb 24 08:53:41 2025 GMT
        Subject: CN=B04BC13BFC5C2BD1B85D39F641B0FEFA7E00B128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4c:bc:22:df:e9:c9:75:65:44:c5:0e:e5:13:
                    7b:35:67:bf:d5:a2:54:78:bc:4b:e6:e4:c3:a5:a4:
                    a9:70:ea:80:c2:5e:e8:fd:c3:bc:a5:ff:71:33:0b:
                    cd:13:0c:9c:3f:8d:a2:8b:5e:69:35:f6:0d:4a:df:
                    f3:be:15:08:d2:23:23:50:53:f7:d8:77:99:36:03:
                    54:a2:25:3e:8d:c0:68:d3:73:9a:c1:2a:6e:0c:20:
                    9d:27:fb:ee:dd:5a:a7:8c:88:d9:f4:b1:8f:3a:ef:
                    cb:63:7b:95:4f:3f:26:98:c5:98:1b:7d:07:cb:47:
                    0d:a1:ea:89:e8:72:19:31:67:f2:6a:d7:b8:de:15:
                    62:eb:10:49:1f:6e:61:05:18:89:c6:3c:0f:fc:e1:
                    95:48:2d:e9:86:09:ab:00:79:b8:43:fd:2c:09:7c:
                    e2:8a:48:30:64:67:5c:ca:3c:52:45:16:92:d8:1c:
                    66:94:37:d1:08:5d:51:3c:11:40:79:b4:31:8e:04:
                    3b:7c:35:f0:59:e2:75:61:78:01:fb:f6:41:fa:aa:
                    39:3d:de:ae:3e:36:cf:fd:71:ec:aa:a6:da:d2:df:
                    19:80:f9:75:91:5d:33:c7:f7:c4:dd:bc:41:9e:a7:
                    f3:aa:4a:dc:8f:f1:d9:cc:13:54:84:fa:87:01:c4:
                    ba:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:4B:C1:3B:FC:5C:2B:D1:B8:5D:39:F6:41:B0:FE:FA:7E:00:B1:28
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3136302e3233382e33392e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.238.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c7:1b:aa:3d:ba:2f:0d:a7:39:a0:ab:e1:6e:2b:e8:29:1d:
         4c:0a:96:3e:50:b3:b7:37:03:51:8b:b3:94:5e:6c:e2:f3:4e:
         4d:29:ab:51:11:e7:8e:d2:07:c8:cb:96:04:33:08:c4:4a:b6:
         05:6d:ab:1d:ea:a7:77:27:08:c3:70:89:90:83:d1:3d:eb:6c:
         d3:aa:48:bf:c7:38:2b:9e:07:cb:a1:16:33:13:0e:c1:be:44:
         f1:1a:31:47:24:b3:f2:c7:e0:95:32:d0:67:bb:37:ab:e1:d5:
         9d:5c:35:d7:86:f7:06:a8:25:2e:af:37:bc:cf:0b:8a:7a:0f:
         5c:43:c7:d1:c3:4c:ad:a8:d5:22:ce:74:69:6f:45:be:d6:79:
         41:cf:1b:24:63:e5:d8:2c:08:d7:8b:8a:e6:48:a1:16:3a:53:
         4e:68:e8:67:e7:0c:11:cf:50:ba:fb:4c:d1:b3:24:42:8f:2c:
         d7:63:75:49:b0:c5:a8:26:ff:30:61:8d:a6:ad:b5:40:50:cb:
         c8:15:5f:55:16:94:d2:34:6b:0d:1a:87:39:5b:0a:cf:1b:de:
         97:ec:2a:fb:e4:95:5f:71:06:36:1f:1f:22:23:71:8f:88:87:
         67:a7:5a:22:97:5b:7e:f5:5f:7e:cb:0f:9a:b5:18:0a:f9:52:
         ff:4c:ac:f7
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUOFDz/AXqRx1kdHy97lGgPevICgMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDFaFw0yNTAyMjQwODUzNDFaMDMxMTAvBgNV
BAMTKEIwNEJDMTNCRkM1QzJCRDFCODVEMzlGNjQxQjBGRUZBN0UwMEIxMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkTLwi3+nJdWVExQ7lE3s1Z7/V
olR4vEvm5MOlpKlw6oDCXuj9w7yl/3EzC80TDJw/jaKLXmk19g1K3/O+FQjSIyNQ
U/fYd5k2A1SiJT6NwGjTc5rBKm4MIJ0n++7dWqeMiNn0sY8678tje5VPPyaYxZgb
fQfLRw2h6onochkxZ/Jq17jeFWLrEEkfbmEFGInGPA/84ZVILemGCasAebhD/SwJ
fOKKSDBkZ1zKPFJFFpLYHGaUN9EIXVE8EUB5tDGOBDt8NfBZ4nVheAH79kH6qjk9
3q4+Ns/9ceyqptrS3xmA+XWRXTPH98TdvEGep/OqStyP8dnME1SE+ocBxLrlAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUsEvBO/xcK9G4XTn2QbD++n4AsSgwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzNjMwMmUzMjMzMzgyZTMz
MzkyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACg7icwDQYJKoZIhvcNAQELBQADggEBAHLHG6o9ui8Npzmgq+FuK+gpHUwKlj5Q
s7c3A1GLs5RebOLzTk0pq1ER547SB8jLlgQzCMRKtgVtqx3qp3cnCMNwiZCD0T3r
bNOqSL/HOCueB8uhFjMTDsG+RPEaMUcks/LH4JUy0Ge7N6vh1Z1cNdeG9waoJS6v
N7zPC4p6D1xDx9HDTK2o1SLOdGlvRb7WeUHPGyRj5dgsCNeLiuZIoRY6U05o6Gfn
DBHPULr7TNGzJEKPLNdjdUmwxagm/zBhjaattUBQy8gVX1UWlNI0aw0ahzlbCs8b
3pfsKvvklV9xBjYfHyIjcY+Ih2enWiKXW371X37LD5q1GAr5Uv9MrPc=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org