Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3235322e3233322e302f32342d3332203d3e203531313637.roa
File:                     3138352e3235322e3233322e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          ZufOKr+AtemKPt9/JPskd0ndPwBgcJQuDiFF9+jvNCk=
Subject key identifier:   5D:AD:5A:66:BF:57:76:56:23:07:1B:20:ED:5C:C9:12:3C:DB:99:B1
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       3A1001974D0BC573E460E2BC2AF2A27EDA265358
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3235322e3233322e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:41 +0000
ROA not before:           Mon 26 Feb 2024 08:48:41 +0000
ROA not after:            Mon 24 Feb 2025 08:53:41 +0000
asID:                     51167
IP address blocks:        185.252.232.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:10:01:97:4d:0b:c5:73:e4:60:e2:bc:2a:f2:a2:7e:da:26:53:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:41 2024 GMT
            Not After : Feb 24 08:53:41 2025 GMT
        Subject: CN=5DAD5A66BF57765623071B20ED5CC9123CDB99B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:69:4a:b4:0f:a3:d1:54:ef:ee:45:f5:2e:73:
                    62:63:07:8f:ea:b4:b6:33:53:78:90:5f:cb:9e:02:
                    69:1b:a0:70:18:66:15:db:2a:1d:9b:84:fb:47:88:
                    9c:4e:2b:30:16:6e:fd:0b:4a:fa:a3:51:50:0e:8b:
                    17:5e:38:69:b3:9e:6b:b8:e7:40:94:14:cc:a6:01:
                    4b:91:6e:51:10:0e:22:bc:74:61:6f:0d:10:7b:55:
                    a1:3f:4c:67:b3:87:8c:2c:03:71:f6:a4:80:ff:bf:
                    1f:b9:d5:fa:a0:9b:2d:b7:14:d2:28:4e:fb:0d:d7:
                    2e:89:c5:d7:00:07:a9:8a:46:14:57:eb:fb:28:3b:
                    9b:3d:a5:43:c7:60:e1:33:f8:c8:ce:ae:21:ab:84:
                    88:16:33:83:88:1a:3a:04:72:9f:19:57:5e:2e:5d:
                    be:b0:d0:6c:59:a9:f7:8f:60:09:2e:55:40:ab:49:
                    11:b4:d1:4f:ae:a5:aa:72:3a:f3:97:46:05:30:75:
                    93:b5:71:93:63:7d:71:c3:16:30:df:e2:81:8f:06:
                    3d:38:3e:c3:56:8e:c0:68:1d:58:60:5d:60:f8:83:
                    aa:aa:db:04:a6:af:18:5c:5a:d1:b2:0e:a6:08:fd:
                    51:9e:97:2b:96:ad:f1:41:1e:8b:c3:13:45:7e:74:
                    09:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:AD:5A:66:BF:57:76:56:23:07:1B:20:ED:5C:C9:12:3C:DB:99:B1
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3138352e3235322e3233322e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:3f:fc:e7:57:d7:70:a3:9c:84:23:50:7a:49:32:40:08:72:
         24:78:47:ea:7d:a2:e9:49:e3:17:46:d5:62:f8:f9:31:3c:ae:
         16:66:e0:5f:36:93:32:06:66:73:7c:4f:18:63:07:38:b2:2b:
         f6:2a:69:ad:5b:03:7b:9e:26:10:1b:7e:06:4a:a3:a4:c9:80:
         cb:53:6f:c7:51:d2:21:c7:1a:50:6b:00:56:ce:da:22:9d:d8:
         f9:02:0c:10:c0:8b:20:40:69:e2:d2:e9:37:94:85:9e:eb:5b:
         9e:b0:93:e5:81:4e:2c:40:fc:ab:2a:ce:57:49:f4:49:fb:47:
         8a:4a:63:54:92:91:53:35:9f:3c:4a:83:ec:76:62:bb:eb:0c:
         66:bd:f5:76:3b:e6:39:3f:3a:76:b5:79:60:94:12:86:ff:3b:
         79:48:fe:6b:fd:e9:17:06:79:05:3e:b0:71:d4:95:1e:82:31:
         f1:43:47:bd:3f:e5:8f:33:50:f2:39:40:b9:f6:c2:60:1f:18:
         62:f2:0e:8c:c3:75:98:db:1c:cc:aa:74:8d:f7:6d:87:33:fd:
         10:01:c0:55:b6:64:7b:ec:13:ca:7d:b9:e9:ae:d9:50:be:da:
         df:ec:c5:be:ba:0a:54:8b:fd:d5:e1:a3:95:7b:6d:d7:51:a6:
         76:81:be:28
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUOhABl00LxXPkYOK8KvKiftomU1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDFaFw0yNTAyMjQwODUzNDFaMDMxMTAvBgNV
BAMTKDVEQUQ1QTY2QkY1Nzc2NTYyMzA3MUIyMEVENUNDOTEyM0NEQjk5QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdaUq0D6PRVO/uRfUuc2JjB4/q
tLYzU3iQX8ueAmkboHAYZhXbKh2bhPtHiJxOKzAWbv0LSvqjUVAOixdeOGmznmu4
50CUFMymAUuRblEQDiK8dGFvDRB7VaE/TGezh4wsA3H2pID/vx+51fqgmy23FNIo
TvsN1y6JxdcAB6mKRhRX6/soO5s9pUPHYOEz+MjOriGrhIgWM4OIGjoEcp8ZV14u
Xb6w0GxZqfePYAkuVUCrSRG00U+upapyOvOXRgUwdZO1cZNjfXHDFjDf4oGPBj04
PsNWjsBoHVhgXWD4g6qq2wSmrxhcWtGyDqYI/VGelyuWrfFBHovDE0V+dAmHAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUXa1aZr9XdlYjBxsg7VzJEjzbmbEwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzODM1MmUzMjM1MzIyZTMy
MzMzMjJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5/OgwDQYJKoZIhvcNAQELBQADggEBAI0//OdX13CjnIQjUHpJMkAIciR4R+p9
oulJ4xdG1WL4+TE8rhZm4F82kzIGZnN8TxhjBziyK/Yqaa1bA3ueJhAbfgZKo6TJ
gMtTb8dR0iHHGlBrAFbO2iKd2PkCDBDAiyBAaeLS6TeUhZ7rW56wk+WBTixA/Ksq
zldJ9En7R4pKY1SSkVM1nzxKg+x2YrvrDGa99XY75jk/Ona1eWCUEob/O3lI/mv9
6RcGeQU+sHHUlR6CMfFDR70/5Y8zUPI5QLn2wmAfGGLyDozDdZjbHMyqdI33bYcz
/RABwFW2ZHvsE8p9uemu2VC+2t/sxb66ClSL/dXho5V7bddRpnaBvig=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:11 2024 by rpki-client on console-fra.rpki-client.org