Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3136382e302f32342d3234203d3e20313336373837.roa
File:                     38342e32312e3136382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          sgytfh+pN/trWq9wVUKA+yNh7wfkxZoGQpNDh+h33HM=
Subject key identifier:   1D:C7:79:E9:FA:F2:BD:F4:D7:F3:AC:1A:18:8A:4B:F8:1E:8D:76:37
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       607E3212902078A9FBE6137DDCDBCA3416428138
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3136382e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:20 +0000
ROA not before:           Mon 01 Apr 2024 13:58:20 +0000
ROA not after:            Mon 31 Mar 2025 14:03:20 +0000
asID:                     136787
IP address blocks:        84.21.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:7e:32:12:90:20:78:a9:fb:e6:13:7d:dc:db:ca:34:16:42:81:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Apr  1 13:58:20 2024 GMT
            Not After : Mar 31 14:03:20 2025 GMT
        Subject: CN=1DC779E9FAF2BDF4D7F3AC1A188A4BF81E8D7637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1e:b1:a5:bd:d9:68:d6:08:6c:92:7f:64:ed:
                    9b:79:f6:a9:48:46:53:fb:c6:9b:8d:cd:8d:83:10:
                    17:c8:67:d4:2c:9d:29:26:c4:17:ee:99:38:14:ee:
                    94:1c:69:26:98:95:94:9f:1d:82:70:f8:d8:e7:56:
                    05:34:cc:04:82:04:6d:af:2b:fb:3b:9b:2e:44:0a:
                    73:2f:8e:6f:50:33:93:be:d3:fb:fb:5e:8d:0f:ba:
                    25:91:9d:32:ae:d8:30:12:00:2e:7c:8c:2c:f7:15:
                    ea:4d:6d:d4:43:0d:4c:53:e9:a5:28:17:42:87:8a:
                    30:a2:9b:32:96:f6:e6:90:9b:eb:ef:a2:38:25:72:
                    31:d1:7c:53:18:19:87:08:66:e3:fd:c3:e9:d1:dd:
                    2f:cb:f0:f6:a1:f5:c6:d1:ff:2b:5f:f1:9e:af:9c:
                    42:2e:0b:9e:2d:73:a1:ae:9a:c5:70:7a:ba:90:20:
                    fd:50:97:9c:a9:f8:4d:93:cc:5f:ba:03:95:6e:1b:
                    02:54:34:0c:04:2b:e8:f2:b0:2b:d7:cf:03:ef:cd:
                    76:7d:cf:bf:5f:ce:71:58:52:c7:b2:c3:39:ef:52:
                    e8:43:7b:ab:77:71:7e:5c:bd:34:8b:45:23:7e:46:
                    d1:47:25:6b:f0:fc:c6:72:c0:d5:81:65:e1:e7:db:
                    66:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:C7:79:E9:FA:F2:BD:F4:D7:F3:AC:1A:18:8A:4B:F8:1E:8D:76:37
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3136382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:c6:61:53:df:12:fd:15:f0:21:56:a2:28:3b:31:35:28:45:
         50:b8:fb:f1:e5:48:e1:98:40:41:00:80:a0:99:44:a0:41:05:
         7e:69:34:e7:fb:37:e3:23:10:81:ad:6c:70:27:7d:5d:24:25:
         9f:89:2d:46:c1:da:45:09:ca:65:70:3d:b0:56:31:92:7c:41:
         24:76:ff:8b:11:73:3e:b5:2b:fa:38:df:6a:53:6a:fa:ca:a0:
         be:14:28:ce:2c:f7:d2:85:92:fd:1a:93:2c:7a:fb:3b:4a:1b:
         73:5a:ce:37:5e:99:5d:3d:54:a2:30:47:22:9b:dc:e3:d6:26:
         79:24:fa:f0:9a:30:69:02:7b:c5:d2:52:9e:b6:20:8f:c5:41:
         41:d2:71:75:6d:67:8f:05:e7:d6:20:e3:6e:5d:49:c9:37:52:
         b6:13:6d:f7:bb:24:d4:8c:56:45:a7:0a:12:84:74:2c:ac:9b:
         c3:f0:34:74:d8:bb:01:29:a1:c2:1c:ec:f7:51:3e:25:b3:5e:
         bf:cb:9c:fe:3e:04:b8:04:b4:cb:ff:9f:33:b3:6c:1f:4b:78:
         34:af:1d:09:d5:14:e1:6a:2a:bd:4b:ea:0d:de:e7:9b:06:4c:
         34:80:3b:87:fd:2b:1d:c2:e9:6e:29:00:e7:e2:f4:f4:f2:65:
         94:05:a8:e6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUYH4yEpAgeKn75hN93NvKNBZCgTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA0MDExMzU4MjBaFw0yNTAzMzExNDAzMjBaMDMxMTAvBgNV
BAMTKDFEQzc3OUU5RkFGMkJERjREN0YzQUMxQTE4OEE0QkY4MUU4RDc2MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVHrGlvdlo1ghskn9k7Zt59qlI
RlP7xpuNzY2DEBfIZ9QsnSkmxBfumTgU7pQcaSaYlZSfHYJw+NjnVgU0zASCBG2v
K/s7my5ECnMvjm9QM5O+0/v7Xo0PuiWRnTKu2DASAC58jCz3FepNbdRDDUxT6aUo
F0KHijCimzKW9uaQm+vvojglcjHRfFMYGYcIZuP9w+nR3S/L8Pah9cbR/ytf8Z6v
nEIuC54tc6GumsVwerqQIP1Ql5yp+E2TzF+6A5VuGwJUNAwEK+jysCvXzwPvzXZ9
z79fznFYUseywznvUuhDe6t3cX5cvTSLRSN+RtFHJWvw/MZywNWBZeHn22a9AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUHcd56fryvfTX86waGIpL+B6NdjcwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzNDJlMzIzMTJlMzEzNjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VBWoMA0GCSqGSIb3DQEBCwUAA4IBAQCVxmFT3xL9FfAhVqIoOzE1KEVQuPvx5Ujh
mEBBAICgmUSgQQV+aTTn+zfjIxCBrWxwJ31dJCWfiS1GwdpFCcplcD2wVjGSfEEk
dv+LEXM+tSv6ON9qU2r6yqC+FCjOLPfShZL9GpMsevs7ShtzWs43XpldPVSiMEci
m9zj1iZ5JPrwmjBpAnvF0lKetiCPxUFB0nF1bWePBefWIONuXUnJN1K2E233uyTU
jFZFpwoShHQsrJvD8DR02LsBKaHCHOz3UT4ls16/y5z+PgS4BLTL/58zs2wfS3g0
rx0J1RThaiq9S+oN3uebBkw0gDuH/SsdwuluKQDn4vT08mWUBajm
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:59:03 2024 by rpki-client on console-ams.rpki-client.org