Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3137362e39372e3230362e302f32342d3234203d3e20313336373837.roa
File:                     3137362e39372e3230362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          GpUoz4yZyyR7f4XNb5G7tt7Cf3zpSTp2xqrJeXaD2Jk=
Subject key identifier:   E9:2D:8F:84:AF:C6:6C:9F:88:27:17:A2:E5:53:68:02:3E:FF:E2:B6
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       5D1FEDA9F161AB1163391E31AF54D96881C72BFE
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3137362e39372e3230362e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 27 Dec 2023 14:45:53 +0000
ROA not before:           Wed 27 Dec 2023 14:40:53 +0000
ROA not after:            Wed 25 Dec 2024 14:45:53 +0000
asID:                     136787
IP address blocks:        176.97.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:1f:ed:a9:f1:61:ab:11:63:39:1e:31:af:54:d9:68:81:c7:2b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Dec 27 14:40:53 2023 GMT
            Not After : Dec 25 14:45:53 2024 GMT
        Subject: CN=E92D8F84AFC66C9F882717A2E55368023EFFE2B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:61:a1:ac:d7:79:2d:4b:ad:22:2f:ff:c2:b5:
                    fd:9a:be:2e:99:b0:27:5e:4b:b1:d7:01:23:18:d0:
                    63:93:25:3e:9b:53:b0:2b:d8:9d:e3:eb:f4:8f:0f:
                    e2:05:58:30:e2:cf:99:75:85:52:7f:96:14:04:17:
                    f4:0f:83:53:0b:2c:59:b1:1a:e3:a9:35:47:b1:46:
                    02:28:a3:5e:90:ce:1f:ea:e6:33:c5:9c:62:bd:1c:
                    13:a3:4e:20:1a:75:cc:5a:c9:97:4d:ff:6c:e7:3f:
                    13:46:30:ef:ab:36:21:76:6b:39:cc:d5:3f:43:7a:
                    bf:4c:6f:0b:92:bd:bb:ee:7d:08:0f:7d:82:eb:b4:
                    c9:e8:09:a7:ed:a9:1d:92:d8:4f:03:f9:e5:1e:12:
                    ba:14:81:5a:78:6b:b0:54:16:82:87:2c:6b:e8:81:
                    82:95:2a:44:eb:5f:8a:c8:8e:8f:57:e6:fa:1f:7b:
                    13:b0:74:39:1d:37:b8:d7:bb:f0:b6:ba:62:d3:2f:
                    65:4b:f7:9f:20:8d:74:0e:dc:05:dd:73:f2:c7:9b:
                    33:11:12:a1:f1:a6:e8:9b:eb:de:04:09:b5:c0:60:
                    f5:6b:1c:9f:31:a2:79:6f:04:eb:de:3a:c9:0e:e6:
                    31:7c:17:25:c1:5e:fc:f0:e7:53:e2:f1:d5:02:7c:
                    a6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:2D:8F:84:AF:C6:6C:9F:88:27:17:A2:E5:53:68:02:3E:FF:E2:B6
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3137362e39372e3230362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:51:ba:20:98:4c:98:14:47:7e:5b:b5:49:8d:fe:fc:83:9f:
         ee:d6:08:2d:be:05:f7:4f:7c:ce:55:7c:32:58:0d:b6:fb:d1:
         ae:60:d8:f6:29:ef:7e:1f:43:d1:4e:c0:7f:ce:dc:e3:6b:c2:
         6e:14:5a:71:81:c7:67:89:48:09:22:ea:3a:98:ae:af:71:8c:
         cb:e7:b2:48:82:19:8c:35:5b:d5:bc:2e:e9:c5:ab:ac:b4:6e:
         eb:1f:29:08:f3:9e:63:b6:39:da:9f:99:d7:71:1c:6d:a6:62:
         eb:48:4c:28:d8:dc:46:aa:85:aa:4e:af:93:47:c7:b6:4d:28:
         bb:0c:5d:af:7d:ea:57:42:dd:fc:d3:29:c2:18:6e:19:6f:38:
         eb:7b:58:54:10:8d:44:d2:1b:0a:c2:e0:39:09:d2:78:23:37:
         24:35:7d:b0:88:b8:e7:48:4a:36:26:cd:8f:fe:4f:42:24:94:
         eb:4a:e5:97:f4:79:45:7c:08:e7:ee:a0:ab:3f:b0:d2:a7:e0:
         c3:d4:94:e7:27:cc:53:cd:65:64:a6:d5:11:ad:8d:0c:c9:79:
         a1:12:16:24:36:57:c0:3d:1f:af:cb:d6:db:42:49:db:57:40:
         e2:dd:69:ef:e3:45:86:db:20:8d:8e:5a:eb:85:17:3d:70:8e:
         cb:c2:7b:df
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUXR/tqfFhqxFjOR4xr1TZaIHHK/4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yMzEyMjcxNDQwNTNaFw0yNDEyMjUxNDQ1NTNaMDMxMTAvBgNV
BAMTKEU5MkQ4Rjg0QUZDNjZDOUY4ODI3MTdBMkU1NTM2ODAyM0VGRkUyQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzYaGs13ktS60iL//Ctf2avi6Z
sCdeS7HXASMY0GOTJT6bU7Ar2J3j6/SPD+IFWDDiz5l1hVJ/lhQEF/QPg1MLLFmx
GuOpNUexRgIoo16Qzh/q5jPFnGK9HBOjTiAadcxayZdN/2znPxNGMO+rNiF2aznM
1T9Der9MbwuSvbvufQgPfYLrtMnoCaftqR2S2E8D+eUeEroUgVp4a7BUFoKHLGvo
gYKVKkTrX4rIjo9X5vofexOwdDkdN7jXu/C2umLTL2VL958gjXQO3AXdc/LHmzMR
EqHxpuib694ECbXAYPVrHJ8xonlvBOveOskO5jF8FyXBXvzw51Pi8dUCfKZxAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU6S2PhK/GbJ+IJxei5VNoAj7/4rYwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzNzM2MmUzOTM3MmUzMjMw
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACwYc4wDQYJKoZIhvcNAQELBQADggEBAFRRuiCYTJgUR35btUmN/vyDn+7WCC2+
BfdPfM5VfDJYDbb70a5g2PYp734fQ9FOwH/O3ONrwm4UWnGBx2eJSAki6jqYrq9x
jMvnskiCGYw1W9W8LunFq6y0busfKQjznmO2OdqfmddxHG2mYutITCjY3EaqhapO
r5NHx7ZNKLsMXa996ldC3fzTKcIYbhlvOOt7WFQQjUTSGwrC4DkJ0ngjNyQ1fbCI
uOdISjYmzY/+T0IklOtK5Zf0eUV8COfuoKs/sNKn4MPUlOcnzFPNZWSm1RGtjQzJ
eaESFiQ2V8A9H6/L1ttCSdtXQOLdae/jRYbbII2OWuuFFz1wjsvCe98=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org