Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3137362e3131332e37382e302f32342d3234203d3e20313336373837.roa
File:                     3137362e3131332e37382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          4ZpBXBmP0d/dg/G/5sj1uX6c6NV0zwpG2yB4jWpEe9Y=
Subject key identifier:   BC:0D:16:0E:1D:D0:DE:CF:E5:D4:A6:B5:E3:95:3D:60:51:6A:F6:37
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       38B4573247EC4DD38B78063D9BFA0CD3FE439F84
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3137362e3131332e37382e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:12 +0000
ROA not before:           Tue 13 Feb 2024 12:49:12 +0000
ROA not after:            Tue 11 Feb 2025 12:54:12 +0000
asID:                     136787
IP address blocks:        176.113.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b4:57:32:47:ec:4d:d3:8b:78:06:3d:9b:fa:0c:d3:fe:43:9f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:12 2024 GMT
            Not After : Feb 11 12:54:12 2025 GMT
        Subject: CN=BC0D160E1DD0DECFE5D4A6B5E3953D60516AF637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b5:54:8d:b5:7b:4f:4b:84:45:15:72:a3:83:
                    b3:ca:d7:7f:a6:93:ec:26:15:08:17:40:c2:78:a9:
                    7a:b5:d0:01:cd:74:9a:b7:01:3e:ea:6d:d2:61:4f:
                    a6:e3:9a:85:c4:ef:9b:46:a3:0b:89:98:9d:0b:6e:
                    9d:ca:06:09:06:58:e9:f1:1e:ce:74:08:f7:16:62:
                    40:2c:9f:7d:80:0c:17:98:66:f1:67:84:03:8f:fc:
                    4f:05:7c:cb:0f:99:13:00:64:3b:ae:6f:eb:de:13:
                    ed:7c:bc:c3:3e:62:40:21:d1:48:b8:7a:2d:8e:7f:
                    43:19:7e:11:5c:0d:de:fb:5a:52:b8:08:fe:52:de:
                    de:b1:0e:ca:22:a8:c7:58:59:63:01:8a:97:77:e3:
                    3c:a3:a8:bc:6b:e0:d1:e8:d1:42:89:82:4a:f6:1a:
                    78:73:3e:ad:3d:75:55:df:ac:be:92:f3:48:b4:2e:
                    36:60:c1:75:4b:54:8b:a6:97:4a:5b:69:4e:c6:50:
                    0b:82:fc:a1:f9:48:a7:9b:36:86:5c:8e:10:85:78:
                    b5:32:05:94:d1:91:67:59:de:a7:10:b0:c0:2c:51:
                    04:e6:21:4a:20:60:11:41:f7:90:eb:af:91:ce:11:
                    c5:00:82:31:08:25:70:d0:56:f7:3f:01:b5:cf:a3:
                    71:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0D:16:0E:1D:D0:DE:CF:E5:D4:A6:B5:E3:95:3D:60:51:6A:F6:37
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3137362e3131332e37382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:6e:9e:5c:c0:9b:df:40:c3:dc:bb:f8:8f:49:d3:c4:ac:79:
         05:6d:97:7a:8e:c5:2d:38:57:cb:c6:05:77:41:12:cc:53:6e:
         90:1b:45:f7:5d:84:d5:c8:12:35:31:5c:52:f4:bd:67:60:f4:
         c4:f0:ab:01:ba:0c:cf:d6:62:5d:e6:61:7c:d0:3f:73:73:c0:
         db:94:e2:ab:1f:88:9b:bc:9b:65:20:a5:21:49:52:7c:71:d1:
         b9:fa:cc:8b:27:33:8d:32:d3:8d:1c:58:d4:d5:5d:76:8a:42:
         49:91:03:55:db:dc:c4:a3:3d:4a:22:8f:5e:45:f0:42:63:a0:
         df:c4:df:e5:ee:58:0f:f3:e5:9d:c3:5c:4d:23:e0:a3:05:cb:
         04:22:ff:24:69:fa:99:bc:d3:2c:e1:3c:61:1f:9f:c2:c7:5a:
         94:1e:da:a7:47:5c:b4:28:fc:1d:51:48:c7:9b:51:e0:07:2b:
         90:87:2e:5b:f5:32:5f:c3:fb:04:da:3f:70:f8:9a:5e:d9:aa:
         47:3e:df:6d:f5:d2:e3:e0:ce:a0:9d:7d:f9:70:c0:10:61:24:
         a3:05:aa:f0:f5:07:8c:72:48:43:fe:1e:8e:f3:2e:a5:bf:c5:
         03:3a:95:3c:fb:00:e3:81:b3:49:53:86:3f:15:f9:59:f5:4a:
         39:f0:99:8f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUOLRXMkfsTdOLeAY9m/oM0/5Dn4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MTJaFw0yNTAyMTExMjU0MTJaMDMxMTAvBgNV
BAMTKEJDMEQxNjBFMUREMERFQ0ZFNUQ0QTZCNUUzOTUzRDYwNTE2QUY2MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCtVSNtXtPS4RFFXKjg7PK13+m
k+wmFQgXQMJ4qXq10AHNdJq3AT7qbdJhT6bjmoXE75tGowuJmJ0Lbp3KBgkGWOnx
Hs50CPcWYkAsn32ADBeYZvFnhAOP/E8FfMsPmRMAZDuub+veE+18vMM+YkAh0Ui4
ei2Of0MZfhFcDd77WlK4CP5S3t6xDsoiqMdYWWMBipd34zyjqLxr4NHo0UKJgkr2
GnhzPq09dVXfrL6S80i0LjZgwXVLVIuml0pbaU7GUAuC/KH5SKebNoZcjhCFeLUy
BZTRkWdZ3qcQsMAsUQTmIUogYBFB95Drr5HOEcUAgjEIJXDQVvc/AbXPo3FbAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUvA0WDh3Q3s/l1Ka145U9YFFq9jcwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzNzM2MmUzMTMxMzMyZTM3
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACwcU4wDQYJKoZIhvcNAQELBQADggEBAFVunlzAm99Aw9y7+I9J08SseQVtl3qO
xS04V8vGBXdBEsxTbpAbRfddhNXIEjUxXFL0vWdg9MTwqwG6DM/WYl3mYXzQP3Nz
wNuU4qsfiJu8m2UgpSFJUnxx0bn6zIsnM40y040cWNTVXXaKQkmRA1Xb3MSjPUoi
j15F8EJjoN/E3+XuWA/z5Z3DXE0j4KMFywQi/yRp+pm80yzhPGEfn8LHWpQe2qdH
XLQo/B1RSMebUeAHK5CHLlv1Ml/D+wTaP3D4ml7Zqkc+32310uPgzqCdfflwwBBh
JKMFqvD1B4xySEP+Ho7zLqW/xQM6lTz7AOOBs0lThj8V+Vn1SjnwmY8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org