Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3234392e3232362e302f32342d3332203d3e203536383736.roa
File:                     3138352e3234392e3232362e302f32342d3332203d3e203536383736.roa (raw, json)
Hash identifier:          k0FS+yd+gbDsxbHXGYstw5yy6/h6D7Wan9Lm32aQvjQ=
Subject key identifier:   57:D4:0D:28:8D:14:A2:A4:AF:F0:22:26:6B:21:1F:45:08:F4:7D:CF
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       59782FBC964D85194CBECE1E7E58D81383F71260
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3234392e3232362e302f32342d3332203d3e203536383736.roa
Signing time:             Mon 26 Feb 2024 08:53:39 +0000
ROA not before:           Mon 26 Feb 2024 08:48:39 +0000
ROA not after:            Mon 24 Feb 2025 08:53:39 +0000
asID:                     56876
IP address blocks:        185.249.226.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:78:2f:bc:96:4d:85:19:4c:be:ce:1e:7e:58:d8:13:83:f7:12:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:39 2024 GMT
            Not After : Feb 24 08:53:39 2025 GMT
        Subject: CN=57D40D288D14A2A4AFF022266B211F4508F47DCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c3:19:51:42:e3:e3:85:4f:e7:7d:69:bb:bc:
                    f6:e1:0a:ec:1c:23:d1:df:ed:8e:62:dd:00:b2:37:
                    f7:9b:fe:a5:f4:dd:f0:8d:ac:48:bc:7f:8b:60:37:
                    03:af:ac:d3:22:bd:99:6c:3d:41:bb:9a:9c:10:5a:
                    e2:92:ab:de:3a:4d:1a:1e:4a:19:6f:78:6b:f4:2c:
                    d3:e7:a4:82:5d:02:80:3c:53:c4:26:fe:0b:65:96:
                    17:b2:15:65:17:c3:d9:fe:a0:7f:10:e5:58:67:54:
                    94:a7:5f:c5:5c:79:6b:4e:80:bf:87:88:07:dc:65:
                    99:a8:dd:e5:05:13:45:a1:16:ce:89:cb:69:a3:04:
                    51:c5:4e:50:ae:29:63:9d:c9:a6:ea:75:39:bc:ff:
                    c2:89:00:3b:c8:f4:9e:18:b9:c2:bb:4a:bc:57:b3:
                    12:60:c9:12:9b:bb:a4:a9:3d:99:bc:81:66:9f:a8:
                    bd:66:86:2c:d5:3d:ad:80:11:76:bf:68:d9:ac:c7:
                    f4:0d:52:c9:74:ea:ad:87:29:90:46:c8:46:90:f5:
                    8f:28:e7:a6:51:d3:f5:70:c4:48:b0:b9:f3:49:02:
                    d7:19:a5:df:9d:15:b9:92:25:2c:dd:63:2d:c1:32:
                    af:19:2a:a5:e2:e6:e8:75:e2:93:4d:f8:b3:21:d4:
                    08:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D4:0D:28:8D:14:A2:A4:AF:F0:22:26:6B:21:1F:45:08:F4:7D:CF
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3234392e3232362e302f32342d3332203d3e203536383736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:94:7f:50:49:79:8d:90:7a:a3:20:5a:96:3c:43:d6:05:60:
         64:5f:84:a3:b3:ff:4c:16:d7:2d:fd:b7:e6:ef:87:bf:d7:14:
         07:42:19:f0:1a:26:db:1f:8f:0b:e0:7d:f0:b8:aa:f6:70:52:
         95:d0:78:c3:68:2b:db:d8:01:e6:1a:c1:ae:1c:cf:a8:2b:90:
         f9:cd:09:95:93:5c:4f:34:6f:b2:f1:02:9a:21:38:45:5c:aa:
         1b:74:32:74:54:cc:e2:be:08:b0:28:2e:21:6d:97:24:58:e6:
         cc:d7:fe:70:6e:74:2d:34:31:3b:29:2e:d2:23:32:f0:75:2b:
         de:e1:62:de:d0:66:93:01:6c:02:07:e9:b7:f5:04:35:5b:dd:
         50:85:97:85:e0:80:99:6b:6c:e0:8a:9a:77:33:1a:07:25:57:
         72:90:6a:55:34:ab:3a:c2:c0:00:f9:80:fd:c1:bd:cd:bf:97:
         92:87:83:58:d9:63:4e:28:7c:7b:ec:42:ba:d1:0c:e6:37:da:
         d6:9d:92:de:35:01:ca:66:d3:76:ff:81:62:bf:e1:de:b4:af:
         3d:92:03:48:9a:d9:7c:9e:8c:4f:84:36:37:98:2a:75:12:4b:
         d2:59:12:dd:9f:6c:96:7a:e0:58:49:b2:d8:a7:d6:db:2a:de:
         e1:59:41:d2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUWXgvvJZNhRlMvs4efljYE4P3EmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzlaFw0yNTAyMjQwODUzMzlaMDMxMTAvBgNV
BAMTKDU3RDQwRDI4OEQxNEEyQTRBRkYwMjIyNjZCMjExRjQ1MDhGNDdEQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCywxlRQuPjhU/nfWm7vPbhCuwc
I9Hf7Y5i3QCyN/eb/qX03fCNrEi8f4tgNwOvrNMivZlsPUG7mpwQWuKSq946TRoe
ShlveGv0LNPnpIJdAoA8U8Qm/gtllheyFWUXw9n+oH8Q5VhnVJSnX8VceWtOgL+H
iAfcZZmo3eUFE0WhFs6Jy2mjBFHFTlCuKWOdyabqdTm8/8KJADvI9J4YucK7SrxX
sxJgyRKbu6SpPZm8gWafqL1mhizVPa2AEXa/aNmsx/QNUsl06q2HKZBGyEaQ9Y8o
56ZR0/VwxEiwufNJAtcZpd+dFbmSJSzdYy3BMq8ZKqXi5uh14pNN+LMh1Aj9AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUV9QNKI0UoqSv8CImayEfRQj0fc8wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzODM1MmUzMjM0MzkyZTMy
MzIzNjJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzYzODM3MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5+eIwDQYJKoZIhvcNAQELBQADggEBAEKUf1BJeY2QeqMgWpY8Q9YFYGRfhKOz
/0wW1y39t+bvh7/XFAdCGfAaJtsfjwvgffC4qvZwUpXQeMNoK9vYAeYawa4cz6gr
kPnNCZWTXE80b7LxApohOEVcqht0MnRUzOK+CLAoLiFtlyRY5szX/nBudC00MTsp
LtIjMvB1K97hYt7QZpMBbAIH6bf1BDVb3VCFl4XggJlrbOCKmnczGgclV3KQalU0
qzrCwAD5gP3Bvc2/l5KHg1jZY04ofHvsQrrRDOY32tadkt41Acpm03b/gWK/4d60
rz2SA0ia2XyejE+ENjeYKnUSS9JZEt2fbJZ64FhJstin1tsq3uFZQdI=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org