Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3138352e3139332e31362e302f32342d3234203d3e203230343733.roa
File:                     3138352e3139332e31362e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          32NHx7THUN249THEck/0ilw9gPyJZ8/DRDrXelYw714=
Subject key identifier:   1B:FF:E3:20:36:10:D0:93:A0:05:78:A7:4F:53:CB:85:5A:C8:D3:70
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       4D3B3E2BAA621FFB060A919CD0A5A84787441039
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3138352e3139332e31362e302f32342d3234203d3e203230343733.roa
Signing time:             Mon 26 Feb 2024 08:53:49 +0000
ROA not before:           Mon 26 Feb 2024 08:48:49 +0000
ROA not after:            Mon 24 Feb 2025 08:53:49 +0000
asID:                     20473
IP address blocks:        185.193.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:3b:3e:2b:aa:62:1f:fb:06:0a:91:9c:d0:a5:a8:47:87:44:10:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:49 2024 GMT
            Not After : Feb 24 08:53:49 2025 GMT
        Subject: CN=1BFFE3203610D093A00578A74F53CB855AC8D370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2a:5c:45:89:8d:8b:4c:f8:52:84:bf:c1:38:
                    6e:75:cd:70:5b:c6:cc:c4:f4:15:27:86:9e:7e:f2:
                    60:e0:a8:66:61:83:d1:af:78:89:68:0c:f3:3f:e7:
                    62:85:bc:75:e6:ae:e2:5d:cd:15:ca:2e:a7:b4:ba:
                    22:9c:0f:46:02:dc:5e:24:0c:5a:de:55:92:99:ae:
                    ea:47:f5:7a:e0:06:a3:94:2c:5c:4e:19:ac:91:d8:
                    d0:16:04:38:d0:63:43:3c:9c:88:3f:95:ea:3f:99:
                    a8:73:0e:78:db:38:4d:ca:26:e6:57:ef:98:ac:c8:
                    30:f1:bd:53:3c:ee:79:a1:7f:3b:f0:81:59:c8:4f:
                    4c:82:1c:1d:29:21:92:a9:8e:14:e9:c8:a8:7d:47:
                    4d:8a:67:30:fc:63:3d:d1:11:4b:1e:e6:23:33:97:
                    0d:f7:1c:94:0a:cc:e4:85:ed:51:0f:18:8c:88:9a:
                    42:04:d0:78:43:c3:90:a3:31:1c:71:74:e5:c3:7d:
                    18:ac:2a:c5:37:f2:8c:de:4d:cb:22:d6:e2:5c:c0:
                    4d:94:8f:a8:9c:e3:8d:f1:5f:e0:2d:08:82:bd:0e:
                    25:37:e3:53:06:ce:12:5b:20:6d:4d:61:fb:88:9c:
                    51:78:6f:63:8d:12:8a:2b:10:3a:6a:5f:41:a2:6b:
                    78:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:FF:E3:20:36:10:D0:93:A0:05:78:A7:4F:53:CB:85:5A:C8:D3:70
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3138352e3139332e31362e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:5d:c4:87:71:f0:15:d0:01:18:6d:8e:1b:41:ed:a9:4b:30:
         ad:a8:e4:52:5c:15:e3:ea:dc:fd:ae:2c:a9:22:1a:6e:7a:8d:
         6f:c1:1f:95:87:3a:8d:df:b3:7a:5f:e4:b5:6a:2a:9b:1a:b5:
         cb:e9:b0:71:f4:50:df:b4:b6:05:93:c9:24:92:0e:21:10:c8:
         36:9c:5f:5a:8b:9b:44:6a:36:b5:e5:70:97:83:08:d6:cb:3d:
         5b:9b:8d:a9:17:82:1b:23:de:99:b4:8a:9f:33:1d:c5:70:6f:
         71:49:00:98:26:44:69:a6:ef:32:d7:d0:2a:af:89:4b:3c:84:
         70:2a:4a:0a:fc:cc:f4:d6:29:be:68:af:60:86:f0:6c:b2:3a:
         ac:b1:54:ff:4e:4a:13:da:e2:cc:34:92:43:59:0e:fa:32:2e:
         1e:bd:c3:d4:cb:cd:06:d5:b0:92:1b:0f:51:e3:79:bc:39:b5:
         9c:bb:4b:6a:e8:b0:97:98:a5:23:bf:d1:20:ab:b1:97:7a:54:
         3d:1d:ee:7f:1e:32:92:7f:d5:a6:3c:d2:4f:80:e7:65:58:ad:
         d5:95:65:90:65:8f:76:b7:9f:ec:66:4e:65:36:fe:96:d0:b7:
         0d:85:71:d7:1d:ff:c4:91:8b:0f:a3:ba:5a:88:4d:b9:a8:58:
         81:d0:75:0e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTTs+K6piH/sGCpGc0KWoR4dEEDkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDlaFw0yNTAyMjQwODUzNDlaMDMxMTAvBgNV
BAMTKDFCRkZFMzIwMzYxMEQwOTNBMDA1NzhBNzRGNTNDQjg1NUFDOEQzNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbKlxFiY2LTPhShL/BOG51zXBb
xszE9BUnhp5+8mDgqGZhg9GveIloDPM/52KFvHXmruJdzRXKLqe0uiKcD0YC3F4k
DFreVZKZrupH9XrgBqOULFxOGayR2NAWBDjQY0M8nIg/leo/mahzDnjbOE3KJuZX
75isyDDxvVM87nmhfzvwgVnIT0yCHB0pIZKpjhTpyKh9R02KZzD8Yz3REUse5iMz
lw33HJQKzOSF7VEPGIyImkIE0HhDw5CjMRxxdOXDfRisKsU38ozeTcsi1uJcwE2U
j6ic443xX+AtCIK9DiU341MGzhJbIG1NYfuInFF4b2ONEoorEDpqX0Gia3jlAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUG//jIDYQ0JOgBXinT1PLhVrI03AwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzODM1MmUzMTM5MzMyZTMx
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzQzNzMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
ucEQMA0GCSqGSIb3DQEBCwUAA4IBAQACXcSHcfAV0AEYbY4bQe2pSzCtqORSXBXj
6tz9riypIhpueo1vwR+VhzqN37N6X+S1aiqbGrXL6bBx9FDftLYFk8kkkg4hEMg2
nF9ai5tEaja15XCXgwjWyz1bm42pF4IbI96ZtIqfMx3FcG9xSQCYJkRppu8y19Aq
r4lLPIRwKkoK/Mz01im+aK9ghvBssjqssVT/TkoT2uLMNJJDWQ76Mi4evcPUy80G
1bCSGw9R43m8ObWcu0tq6LCXmKUjv9Egq7GXelQ9He5/HjKSf9WmPNJPgOdlWK3V
lWWQZY92t5/sZk5lNv6W0LcNhXHXHf/EkYsPo7paiE25qFiB0HUO
-----END CERTIFICATE-----
Generated at Thu Mar 28 03:30:43 2024 by rpki-client on console-ams.rpki-client.org