Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3137302e302f32342d3234203d3e20313336373837.roa
File:                     38342e32312e3137302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          XjYcK61U4KBjur0lOqc1UxziihDl7L+Ae+VtfPFKrPU=
Subject key identifier:   B7:7D:AC:99:74:0C:07:BD:31:2D:F9:D2:D6:83:B8:F2:B9:6E:B9:23
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       761E56F79BD92DAFD8073AA9D7A6DA54B0C6BCA1
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3137302e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 12 May 2024 11:03:40 +0000
ROA not before:           Sun 12 May 2024 10:58:40 +0000
ROA not after:            Sun 11 May 2025 11:03:40 +0000
asID:                     136787
IP address blocks:        84.21.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1e:56:f7:9b:d9:2d:af:d8:07:3a:a9:d7:a6:da:54:b0:c6:bc:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: May 12 10:58:40 2024 GMT
            Not After : May 11 11:03:40 2025 GMT
        Subject: CN=B77DAC99740C07BD312DF9D2D683B8F2B96EB923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bb:4c:b5:ec:0b:d6:b2:04:46:ce:9c:3b:e0:
                    f0:89:9e:b0:d0:04:e3:73:8b:25:b5:86:df:25:88:
                    b0:0e:80:e9:e1:25:a2:cb:07:35:e2:67:4c:84:f1:
                    6c:76:84:3a:e8:35:ef:29:1b:d7:a2:00:a4:ae:ed:
                    1e:65:f5:31:48:f7:ba:ec:6a:88:36:2a:22:a6:51:
                    70:f8:99:71:1c:a6:04:7e:11:50:a7:22:c8:cf:81:
                    aa:37:52:a9:1c:1f:fe:c4:7a:0f:27:62:ec:0c:8b:
                    41:dd:c6:26:87:ee:13:9b:83:0a:1a:7b:46:87:3e:
                    9e:b0:9e:41:9e:ab:3b:fd:c0:74:0e:dd:17:92:b2:
                    6d:7d:b4:8d:26:f1:d4:f6:51:22:8e:8f:47:e8:e0:
                    b1:65:a0:fe:ad:56:59:35:07:3e:fc:f0:36:67:82:
                    92:88:8b:9c:ce:11:7b:fc:53:03:76:74:2a:4f:94:
                    c8:aa:cc:22:9b:fe:d1:59:e8:89:01:c4:f5:2b:18:
                    43:0b:c1:55:9a:40:0f:a4:08:de:32:86:e6:c8:fc:
                    b3:1d:17:b0:39:6d:ea:36:53:ad:e1:35:ba:05:23:
                    ae:d8:31:a4:bf:e6:00:64:37:db:06:75:5b:66:3b:
                    44:b8:87:c8:d6:a4:10:dd:08:0b:d5:7b:db:c7:75:
                    5b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:7D:AC:99:74:0C:07:BD:31:2D:F9:D2:D6:83:B8:F2:B9:6E:B9:23
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3137302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:38:58:22:2b:92:2f:bf:a2:1e:27:a0:80:b6:59:d7:92:2d:
         50:13:ef:f0:17:3b:68:af:10:d8:39:2b:54:1a:5e:22:29:92:
         53:4a:fe:d5:d4:b3:97:59:b4:69:67:8f:06:7c:8e:df:65:2a:
         b8:42:52:6a:b7:d9:ab:da:45:5f:79:3b:b3:56:98:b8:8e:d3:
         bf:6c:11:d8:bd:eb:4d:6a:75:70:57:a0:12:9e:e8:d9:7a:52:
         4e:43:a4:44:75:19:4c:b2:22:6f:40:44:8e:22:e5:34:c3:e2:
         49:99:3b:37:ab:99:5f:df:55:9c:f9:ee:48:01:60:42:07:db:
         00:41:89:b1:93:83:ec:1c:6f:e6:3b:a5:78:3f:01:03:c9:51:
         da:3c:7d:40:6c:3c:48:c4:48:41:80:61:06:96:ea:70:98:23:
         c5:cf:22:a4:e3:a0:79:88:d6:5f:56:73:41:b6:e4:54:7e:1c:
         5a:54:b8:bc:da:f7:89:d0:c9:a8:2e:60:29:c6:a6:e9:44:f7:
         9e:91:b1:ef:a0:9a:c1:6f:51:30:5d:e4:62:dd:4e:76:7f:e8:
         62:ed:9f:c1:0a:e9:d3:f3:2a:6c:02:3a:fd:0a:a0:f8:46:27:
         34:24:99:cb:44:ec:15:c3:a1:5a:3c:a5:33:e0:ae:c0:ac:3b:
         d9:f4:0e:e8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUdh5W95vZLa/YBzqp16baVLDGvKEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA1MTIxMDU4NDBaFw0yNTA1MTExMTAzNDBaMDMxMTAvBgNV
BAMTKEI3N0RBQzk5NzQwQzA3QkQzMTJERjlEMkQ2ODNCOEYyQjk2RUI5MjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMu0y17AvWsgRGzpw74PCJnrDQ
BONziyW1ht8liLAOgOnhJaLLBzXiZ0yE8Wx2hDroNe8pG9eiAKSu7R5l9TFI97rs
aog2KiKmUXD4mXEcpgR+EVCnIsjPgao3UqkcH/7Eeg8nYuwMi0HdxiaH7hObgwoa
e0aHPp6wnkGeqzv9wHQO3ReSsm19tI0m8dT2USKOj0fo4LFloP6tVlk1Bz788DZn
gpKIi5zOEXv8UwN2dCpPlMiqzCKb/tFZ6IkBxPUrGEMLwVWaQA+kCN4yhubI/LMd
F7A5beo2U63hNboFI67YMaS/5gBkN9sGdVtmO0S4h8jWpBDdCAvVe9vHdVuhAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUt32smXQMB70xLfnS1oO48rluuSMwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzNDJlMzIzMTJlMzEzNzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VBWqMA0GCSqGSIb3DQEBCwUAA4IBAQBnOFgiK5Ivv6IeJ6CAtlnXki1QE+/wFzto
rxDYOStUGl4iKZJTSv7V1LOXWbRpZ48GfI7fZSq4QlJqt9mr2kVfeTuzVpi4jtO/
bBHYvetNanVwV6ASnujZelJOQ6REdRlMsiJvQESOIuU0w+JJmTs3q5lf31Wc+e5I
AWBCB9sAQYmxk4PsHG/mO6V4PwEDyVHaPH1AbDxIxEhBgGEGlupwmCPFzyKk46B5
iNZfVnNBtuRUfhxaVLi82veJ0MmoLmApxqbpRPeekbHvoJrBb1EwXeRi3U52f+hi
7Z/BCunT8ypsAjr9CqD4Ric0JJnLROwVw6FaPKUz4K7ArDvZ9A7o
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:39:35 2024 by rpki-client on console-fra.rpki-client.org