Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3137362e3232372e3234322e302f32342d3234203d3e20313336373837.roa
File:                     3137362e3232372e3234322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          sjxl6fddvcDNc93VZKNXB15Nej7F9VgJkIpMhrF7WW4=
Subject key identifier:   CA:8F:BD:A0:19:76:DC:6C:AB:81:BC:E0:26:52:7A:9C:EC:ED:1F:8C
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       E9C2B2C4FC5508F54C71FA2A755C0D30E11256
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3137362e3232372e3234322e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:22 +0000
ROA not before:           Mon 01 Apr 2024 13:58:22 +0000
ROA not after:            Mon 31 Mar 2025 14:03:22 +0000
asID:                     136787
IP address blocks:        176.227.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:c2:b2:c4:fc:55:08:f5:4c:71:fa:2a:75:5c:0d:30:e1:12:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:22 2024 GMT
            Not After : Mar 31 14:03:22 2025 GMT
        Subject: CN=CA8FBDA01976DC6CAB81BCE026527A9CECED1F8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5c:7d:c5:95:a4:c1:47:56:c3:0b:16:d1:6e:
                    26:56:4b:de:00:ed:fd:a8:3f:cc:81:61:28:03:2d:
                    0a:76:9e:18:c2:f4:55:76:c8:54:eb:4e:59:e7:8b:
                    64:64:63:92:63:61:9c:2a:3f:d0:61:23:ce:24:b1:
                    c5:bd:8e:17:3e:83:be:58:f2:9e:0c:dc:e4:77:82:
                    cf:dc:a4:3e:95:e9:e1:05:86:d0:3c:f2:db:35:8b:
                    76:e2:fd:86:d4:67:a3:04:34:fd:a0:4f:86:bd:50:
                    94:3e:38:24:c6:32:9a:4f:05:2b:aa:fc:c2:2e:12:
                    14:85:fd:8c:e1:51:ad:24:8a:a3:e8:54:6a:08:26:
                    18:70:13:73:a4:4a:39:6a:0d:b5:6d:35:82:7d:4c:
                    b4:6f:65:fa:c0:5d:b3:5f:0d:54:69:23:cf:5d:12:
                    39:91:35:59:fd:40:dc:b5:c3:2e:14:19:b3:4d:66:
                    a2:4a:14:72:f3:7c:e5:10:89:53:4e:0b:04:dc:63:
                    38:4b:3c:d8:ae:0f:50:50:7e:fa:da:ae:e2:db:ea:
                    62:c6:39:42:50:5e:19:e1:87:9c:3c:32:c1:d6:00:
                    c2:46:8a:ab:53:8c:e2:d2:87:45:4d:2d:4d:4e:33:
                    46:13:70:c8:e7:63:69:c7:b9:77:d9:1c:dd:c4:bc:
                    55:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:8F:BD:A0:19:76:DC:6C:AB:81:BC:E0:26:52:7A:9C:EC:ED:1F:8C
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3137362e3232372e3234322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.227.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:c9:f7:b8:b0:95:6e:39:8b:36:33:4f:80:78:69:9b:ff:6d:
         38:0c:de:0e:34:9d:04:09:95:12:b8:1f:54:12:1e:1a:a8:17:
         2a:52:6a:db:a0:91:58:d6:da:85:ac:e0:35:7d:da:7c:31:ec:
         a7:be:6b:14:78:47:32:96:f9:a8:4f:e6:c0:c8:a4:45:b1:0e:
         ed:e3:db:0e:d1:19:22:9b:f0:0d:a8:0e:24:b4:63:b4:f9:ce:
         ea:f9:c5:0f:b3:df:ef:86:98:3e:8a:ac:46:b3:0f:8a:0b:7f:
         e7:5d:4b:f7:da:05:9c:aa:ab:3c:30:67:0c:94:34:ba:5d:6b:
         5c:22:cb:18:a6:24:49:82:52:0b:34:02:9a:90:f4:0e:d8:57:
         aa:f2:8b:42:34:a5:e5:c4:0a:74:00:1c:c7:d5:d9:91:7d:f4:
         b9:ef:c5:5e:91:3c:7c:c5:b1:32:11:2c:4b:cf:18:c9:a7:61:
         2e:09:a9:87:e6:07:26:04:0a:d9:19:76:f9:08:4a:49:9d:52:
         ba:42:24:52:c1:fd:88:3d:5d:ed:3d:1c:c9:c0:2d:79:59:3a:
         7c:2e:4e:6c:0b:e9:b4:26:3a:70:39:a5:f8:f3:21:88:d9:18:
         7d:7f:51:46:a1:64:09:a4:e3:4d:13:02:8e:9e:d7:d2:7a:78:
         4a:19:c0:e7
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUAOnCssT8VQj1THH6KnVcDTDhElYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjJaFw0yNTAzMzExNDAzMjJaMDMxMTAvBgNV
BAMTKENBOEZCREEwMTk3NkRDNkNBQjgxQkNFMDI2NTI3QTlDRUNFRDFGOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZXH3FlaTBR1bDCxbRbiZWS94A
7f2oP8yBYSgDLQp2nhjC9FV2yFTrTlnni2RkY5JjYZwqP9BhI84kscW9jhc+g75Y
8p4M3OR3gs/cpD6V6eEFhtA88ts1i3bi/YbUZ6MENP2gT4a9UJQ+OCTGMppPBSuq
/MIuEhSF/YzhUa0kiqPoVGoIJhhwE3OkSjlqDbVtNYJ9TLRvZfrAXbNfDVRpI89d
EjmRNVn9QNy1wy4UGbNNZqJKFHLzfOUQiVNOCwTcYzhLPNiuD1BQfvraruLb6mLG
OUJQXhnhh5w8MsHWAMJGiqtTjOLSh0VNLU1OM0YTcMjnY2nHuXfZHN3EvFVBAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUyo+9oBl23GyrgbzgJlJ6nOztH4wwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzNzM2MmUzMjMyMzcyZTMy
MzQzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALDj8jANBgkqhkiG9w0BAQsFAAOCAQEALcn3uLCVbjmLNjNPgHhpm/9tOAze
DjSdBAmVErgfVBIeGqgXKlJq26CRWNbahazgNX3afDHsp75rFHhHMpb5qE/mwMik
RbEO7ePbDtEZIpvwDagOJLRjtPnO6vnFD7Pf74aYPoqsRrMPigt/511L99oFnKqr
PDBnDJQ0ul1rXCLLGKYkSYJSCzQCmpD0DthXqvKLQjSl5cQKdAAcx9XZkX30ue/F
XpE8fMWxMhEsS88YyadhLgmph+YHJgQK2Rl2+QhKSZ1SukIkUsH9iD1d7T0cycAt
eVk6fC5ObAvptCY6cDml+PMhiNkYfX9RRqFkCaTjTRMCjp7X0np4ShnA5w==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org