Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3139362e312e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3139362e312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          X8keWqfqRq0rhckFSl3VItZfYmjA41/BkGZAsKLJANU=
Subject key identifier:   CE:00:6D:39:1D:36:B3:44:25:57:E2:22:7E:DA:E8:24:DD:98:6C:E0
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       321AD16613C3F09755D8E4459E4005BAF9FB3FE2
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3139362e312e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:53:59 +0000
ROA not before:           Sat 02 Mar 2024 21:48:59 +0000
ROA not after:            Sat 01 Mar 2025 21:53:59 +0000
asID:                     136787
IP address blocks:        185.196.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:1a:d1:66:13:c3:f0:97:55:d8:e4:45:9e:40:05:ba:f9:fb:3f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Mar  2 21:48:59 2024 GMT
            Not After : Mar  1 21:53:59 2025 GMT
        Subject: CN=CE006D391D36B3442557E2227EDAE824DD986CE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:aa:37:41:83:28:0e:2b:e2:68:d9:25:4d:12:
                    d1:58:ec:85:cd:94:7e:f7:64:16:84:18:00:75:1f:
                    01:59:97:6c:93:9e:60:02:48:5c:a1:3a:a3:3e:a8:
                    65:ab:f3:0d:74:c5:4a:3d:62:29:3b:15:be:db:57:
                    cb:1f:b7:42:61:8a:46:34:28:fa:36:97:c9:6f:ee:
                    5d:d2:73:e1:aa:96:17:6e:6f:29:f1:6b:78:09:e9:
                    0e:4e:97:76:f2:a5:a2:90:ec:15:61:03:11:44:ce:
                    0c:1c:8c:f5:94:0d:30:58:33:ae:c1:9c:0f:51:3a:
                    da:08:b0:c2:f8:21:16:a5:59:78:4e:80:b3:5a:5f:
                    d9:6d:ed:24:69:5e:e4:05:ce:42:e3:15:83:44:cc:
                    3d:6b:94:26:3c:d0:47:20:81:31:27:6a:f7:c4:ff:
                    e8:68:1c:91:52:ad:0e:54:e2:8a:88:00:06:c1:62:
                    d1:84:b2:53:12:0f:85:25:13:81:8b:05:2f:0d:dd:
                    9f:10:f5:af:31:d6:e0:2c:be:8c:e7:a0:15:23:76:
                    70:f2:ae:60:2f:a5:fe:7e:47:b9:f9:97:18:e6:33:
                    68:6e:fe:fa:76:03:81:9e:09:99:1d:60:7b:db:1d:
                    96:2f:3e:63:5f:bb:cd:1f:9b:98:40:0b:3e:86:85:
                    a3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:00:6D:39:1D:36:B3:44:25:57:E2:22:7E:DA:E8:24:DD:98:6C:E0
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3139362e312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:01:9c:66:8a:9c:c4:73:a4:88:45:f8:65:5c:5d:e7:0d:45:
         19:f5:37:44:a9:5d:e6:7c:97:1b:c4:aa:03:22:55:f6:9b:9c:
         09:16:fb:2b:35:14:d2:bf:df:01:e2:81:80:dd:f8:cd:09:6b:
         90:8b:85:ba:6a:95:be:45:09:3f:75:1b:1c:8a:87:b2:88:74:
         0c:2f:d6:00:59:10:03:29:f6:de:b2:df:d8:9d:de:a1:7c:e7:
         db:d0:a8:5d:5c:2a:cc:04:6d:17:55:ff:c3:3e:15:0a:22:9e:
         1e:28:9e:1c:58:88:b0:75:2b:6a:c9:3f:4e:26:79:ee:e4:b1:
         a9:f1:b6:b2:34:ac:7c:56:3b:f6:ee:32:25:e4:77:93:26:17:
         20:c0:fd:17:b6:73:60:f2:43:e0:f4:3d:69:e3:04:98:ca:33:
         b2:e2:19:91:ba:c1:21:3a:dc:ee:11:f6:5b:6a:4f:7a:a5:82:
         5c:fd:19:e4:99:87:15:69:43:db:52:09:59:b1:d8:6c:9f:a2:
         35:97:0f:56:2c:7d:5c:b7:66:ef:01:37:37:5b:d7:2a:bb:2d:
         75:d1:40:f6:83:8a:9c:b1:f6:6f:e2:27:5b:92:27:4d:f5:b7:
         a1:9e:aa:6c:47:13:35:33:53:82:c7:84:0e:8a:41:0f:3c:4b:
         79:0d:d7:40
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUMhrRZhPD8JdV2ORFnkAFuvn7P+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAzMDIyMTQ4NTlaFw0yNTAzMDEyMTUzNTlaMDMxMTAvBgNV
BAMTKENFMDA2RDM5MUQzNkIzNDQyNTU3RTIyMjdFREFFODI0REQ5ODZDRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZqjdBgygOK+Jo2SVNEtFY7IXN
lH73ZBaEGAB1HwFZl2yTnmACSFyhOqM+qGWr8w10xUo9Yik7Fb7bV8sft0JhikY0
KPo2l8lv7l3Sc+Gqlhdubynxa3gJ6Q5Ol3bypaKQ7BVhAxFEzgwcjPWUDTBYM67B
nA9ROtoIsML4IRalWXhOgLNaX9lt7SRpXuQFzkLjFYNEzD1rlCY80EcggTEnavfE
/+hoHJFSrQ5U4oqIAAbBYtGEslMSD4UlE4GLBS8N3Z8Q9a8x1uAsvoznoBUjdnDy
rmAvpf5+R7n5lxjmM2hu/vp2A4GeCZkdYHvbHZYvPmNfu80fm5hACz6GhaOjAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUzgBtOR02s0QlV+IiftroJN2YbOAwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzODM1MmUzMTM5MzYyZTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
ucQBMA0GCSqGSIb3DQEBCwUAA4IBAQBBAZxmipzEc6SIRfhlXF3nDUUZ9TdEqV3m
fJcbxKoDIlX2m5wJFvsrNRTSv98B4oGA3fjNCWuQi4W6apW+RQk/dRscioeyiHQM
L9YAWRADKfbest/Ynd6hfOfb0KhdXCrMBG0XVf/DPhUKIp4eKJ4cWIiwdStqyT9O
Jnnu5LGp8bayNKx8Vjv27jIl5HeTJhcgwP0XtnNg8kPg9D1p4wSYyjOy4hmRusEh
OtzuEfZbak96pYJc/RnkmYcVaUPbUglZsdhsn6I1lw9WLH1ct2bvATc3W9cquy11
0UD2g4qcsfZv4idbkidN9behnqpsRxM1M1OCx4QOikEPPEt5DddA
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:11 2024 by rpki-client on console-fra.rpki-client.org