Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38332e3137312e3235302e302f32332d3234203d3e20313336373837.roa
File:                     38332e3137312e3235302e302f32332d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          B08s3GkPy9lewGcxaDMHQ1ovyQAdzrNjDUV3SXwYaig=
Subject key identifier:   0B:F0:74:3B:48:A5:3F:57:20:67:55:BB:63:A4:88:D2:44:6C:12:41
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       20E62170875C149DC2E154A8C262FABD91CD5A18
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38332e3137312e3235302e302f32332d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:49 +0000
ROA not before:           Mon 26 Feb 2024 08:48:49 +0000
ROA not after:            Mon 24 Feb 2025 08:53:49 +0000
asID:                     136787
IP address blocks:        83.171.250.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:e6:21:70:87:5c:14:9d:c2:e1:54:a8:c2:62:fa:bd:91:cd:5a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:49 2024 GMT
            Not After : Feb 24 08:53:49 2025 GMT
        Subject: CN=0BF0743B48A53F57206755BB63A488D2446C1241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5d:8c:f1:65:8a:84:44:3b:fb:43:95:6e:91:
                    c7:0c:1b:99:55:8e:cc:fd:d9:0e:6a:df:0c:95:ba:
                    c0:92:d1:7d:e2:3a:26:c3:e9:2a:2f:d6:fe:81:1c:
                    95:6e:a1:76:3e:d5:30:4e:97:54:fe:7f:4d:73:33:
                    7c:51:8f:63:d8:d3:6a:bd:3f:69:63:86:0f:e3:25:
                    2b:72:d5:ad:fd:01:2e:a2:a6:5a:d2:a1:27:52:0c:
                    df:dc:12:c6:bd:e8:68:58:15:b4:32:e9:ca:de:c3:
                    ed:aa:dc:12:1b:9f:ac:e2:26:fb:54:d8:7a:5d:c5:
                    d6:3f:3d:8c:d1:88:2c:d9:f3:f5:5a:47:aa:05:16:
                    b8:aa:72:11:de:9c:0d:cc:9f:9d:d7:88:a4:8a:07:
                    77:1e:ad:6a:a8:f5:81:ae:7c:96:72:7b:2d:ee:ba:
                    92:d8:ac:fe:cf:2f:a8:41:05:be:ad:04:0a:29:68:
                    2c:58:3d:3c:8a:eb:ff:55:be:3e:ce:51:2e:5d:30:
                    11:bb:5a:7c:dc:9c:03:a1:57:09:f0:38:23:5d:8a:
                    34:0e:27:c5:91:79:68:be:9e:2d:44:4b:81:56:69:
                    ad:a9:1b:51:26:aa:a8:4a:73:d6:0b:9e:1d:ee:81:
                    fd:39:a9:60:19:20:9f:83:82:83:ab:51:60:e7:2a:
                    f3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:F0:74:3B:48:A5:3F:57:20:67:55:BB:63:A4:88:D2:44:6C:12:41
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38332e3137312e3235302e302f32332d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:76:a6:8c:1b:6c:ea:07:4e:2e:3e:c5:52:af:ab:b3:4e:de:
         34:9b:db:78:68:98:50:f3:ed:c1:31:f5:6b:95:c3:18:8a:7f:
         e2:9b:a0:fe:28:44:15:3c:61:e8:aa:1d:5e:31:40:39:66:58:
         de:df:a9:8d:bb:09:7c:05:23:02:bb:d7:3b:fe:f0:73:21:9e:
         68:62:74:a9:e6:62:8b:03:6b:8c:3a:b6:1a:ae:71:fd:3b:46:
         ca:dc:7a:49:4e:ca:3a:2b:6a:da:e3:86:89:d8:fb:37:33:7c:
         fa:7d:7f:22:a7:d8:90:90:42:28:d0:c9:f7:0b:d1:09:01:79:
         f0:35:ac:3c:b4:ca:1e:d3:7f:d6:f6:ca:8c:fb:16:17:52:3d:
         cd:0f:0e:c3:a5:b9:c2:95:e2:c6:d5:6e:60:cd:cb:47:94:7a:
         96:79:8e:f1:c7:ad:4a:11:6f:1e:26:01:63:26:24:64:26:84:
         84:82:e7:d5:68:ef:2c:19:22:c6:8f:0c:68:c1:87:c4:11:8c:
         b8:25:21:c3:ee:05:05:28:45:8b:04:08:ed:8c:f7:bd:b5:30:
         0b:5f:42:89:d5:5e:46:d7:72:24:83:66:52:f3:7f:b5:7b:af:
         95:d9:d8:08:6f:46:6e:61:61:5c:2d:08:f0:04:ff:af:48:19:
         07:b5:36:3a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUIOYhcIdcFJ3C4VSowmL6vZHNWhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDlaFw0yNTAyMjQwODUzNDlaMDMxMTAvBgNV
BAMTKDBCRjA3NDNCNDhBNTNGNTcyMDY3NTVCQjYzQTQ4OEQyNDQ2QzEyNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdXYzxZYqERDv7Q5VukccMG5lV
jsz92Q5q3wyVusCS0X3iOibD6Sov1v6BHJVuoXY+1TBOl1T+f01zM3xRj2PY02q9
P2ljhg/jJSty1a39AS6iplrSoSdSDN/cEsa96GhYFbQy6crew+2q3BIbn6ziJvtU
2HpdxdY/PYzRiCzZ8/VaR6oFFriqchHenA3Mn53XiKSKB3cerWqo9YGufJZyey3u
upLYrP7PL6hBBb6tBAopaCxYPTyK6/9Vvj7OUS5dMBG7WnzcnAOhVwnwOCNdijQO
J8WReWi+ni1ES4FWaa2pG1EmqqhKc9YLnh3ugf05qWAZIJ+DgoOrUWDnKvNrAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUC/B0O0ilP1cgZ1W7Y6SI0kRsEkEwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzMzJlMzEzNzMxMmUzMjM1
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAFTq/owDQYJKoZIhvcNAQELBQADggEBAFJ2powbbOoHTi4+xVKvq7NO3jSb23ho
mFDz7cEx9WuVwxiKf+KboP4oRBU8YeiqHV4xQDlmWN7fqY27CXwFIwK71zv+8HMh
nmhidKnmYosDa4w6thqucf07RsrceklOyjoratrjhonY+zczfPp9fyKn2JCQQijQ
yfcL0QkBefA1rDy0yh7Tf9b2yoz7FhdSPc0PDsOlucKV4sbVbmDNy0eUepZ5jvHH
rUoRbx4mAWMmJGQmhISC59Vo7ywZIsaPDGjBh8QRjLglIcPuBQUoRYsECO2M9721
MAtfQonVXkbXciSDZlLzf7V7r5XZ2AhvRm5hYVwtCPAE/69IGQe1Njo=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:39:35 2024 by rpki-client on console-fra.rpki-client.org