Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38352e3230382e3135372e302f32342d3234203d3e20313336373837.roa
File:                     38352e3230382e3135372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          fETrt/1fK3sRQ1AsZ5K079RgK+H7GpmqB0R4YMufg7s=
Subject key identifier:   81:E6:D2:64:4A:8E:EC:A0:5B:18:B3:90:13:82:84:26:2F:53:B1:71
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       44739216141738C5D823F3554D35D5B371827BBF
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38352e3230382e3135372e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:27 +0000
ROA not before:           Tue 13 Feb 2024 12:49:27 +0000
ROA not after:            Tue 11 Feb 2025 12:54:27 +0000
asID:                     136787
IP address blocks:        85.208.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:73:92:16:14:17:38:c5:d8:23:f3:55:4d:35:d5:b3:71:82:7b:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:27 2024 GMT
            Not After : Feb 11 12:54:27 2025 GMT
        Subject: CN=81E6D2644A8EECA05B18B390138284262F53B171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7d:49:31:1c:04:6b:a8:00:75:75:f7:31:05:
                    25:31:60:af:c8:80:bc:43:9c:2a:98:3c:79:2e:25:
                    9f:c6:94:80:a6:85:6c:82:7d:7c:6d:a7:70:0a:f8:
                    b8:e2:87:45:56:d4:44:9d:c5:95:e0:55:29:98:d2:
                    6c:50:04:ef:1d:60:ae:2c:09:fe:4f:94:80:ce:c7:
                    32:6c:21:29:90:1e:26:bb:cb:13:0a:be:1f:b2:10:
                    2b:8d:a2:ff:8b:55:05:83:33:db:7c:9e:1f:5d:f5:
                    be:ae:e7:0e:c2:31:5e:40:dc:10:52:91:05:de:78:
                    fa:ec:1d:b8:fd:af:c6:c3:86:e8:e5:49:3e:3c:08:
                    8e:8f:e9:df:10:4c:c8:cf:b3:fa:72:8e:2c:fc:1b:
                    18:d3:4a:b6:d7:47:aa:a1:c5:a2:24:8c:61:a3:fb:
                    d0:ec:bb:cd:fe:55:5e:f5:f6:9c:34:4a:90:23:87:
                    bc:29:b4:dd:24:44:27:79:17:7d:c9:dd:fb:24:83:
                    ec:99:31:d7:e4:22:43:ad:d4:bf:4f:3d:eb:89:5a:
                    52:fc:c5:61:7f:43:38:89:65:9c:28:b4:99:e3:f8:
                    4d:69:43:91:5c:ea:e9:22:28:17:ef:b1:ba:4c:32:
                    a2:07:0c:c5:46:16:92:ad:7f:a3:94:47:82:09:88:
                    ef:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E6:D2:64:4A:8E:EC:A0:5B:18:B3:90:13:82:84:26:2F:53:B1:71
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38352e3230382e3135372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:3b:f4:ff:a0:b6:e4:ad:30:f6:7c:6b:6d:6f:f9:58:33:30:
         e6:ee:d4:8e:47:d2:68:ac:23:d3:d5:07:28:e1:ca:c9:45:d9:
         8d:69:78:d0:32:9f:10:ae:a5:74:af:fa:9d:65:d5:d5:55:38:
         c1:d6:e0:8e:72:a5:c8:c8:66:03:a6:17:3b:db:b2:ad:bc:8b:
         9b:39:94:f2:fb:6b:96:9c:a9:35:88:31:32:5c:7e:72:05:7f:
         6b:85:20:9c:e8:26:60:e2:eb:cf:a7:92:87:1d:8a:22:99:c1:
         f9:79:02:92:8b:44:c6:df:bd:d5:a6:8b:ad:cd:da:07:3b:70:
         4a:9c:c1:81:31:64:26:a4:6b:c3:e2:be:08:be:47:a2:76:bd:
         b1:5a:b9:b5:25:8b:9f:70:8d:bb:7b:0d:59:fe:94:8a:bb:1a:
         67:3a:00:0f:cf:32:a5:78:fa:7e:e6:0d:41:03:ef:62:d6:39:
         d7:f8:e6:1d:39:2b:99:92:76:07:a3:42:f6:58:0f:9f:20:ba:
         cb:38:91:1e:9c:e2:e6:fd:2d:fb:36:a3:58:04:39:37:73:fa:
         07:19:6b:a4:8f:25:a3:fe:1d:02:95:d6:ef:f6:e7:66:2c:04:
         e8:c3:c6:d2:a1:ec:9d:f6:e5:87:14:59:c3:c1:88:1d:b3:a9:
         73:cf:82:49
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIURHOSFhQXOMXYI/NVTTXVs3GCe78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MjdaFw0yNTAyMTExMjU0MjdaMDMxMTAvBgNV
BAMTKDgxRTZEMjY0NEE4RUVDQTA1QjE4QjM5MDEzODI4NDI2MkY1M0IxNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzfUkxHARrqAB1dfcxBSUxYK/I
gLxDnCqYPHkuJZ/GlICmhWyCfXxtp3AK+Ljih0VW1ESdxZXgVSmY0mxQBO8dYK4s
Cf5PlIDOxzJsISmQHia7yxMKvh+yECuNov+LVQWDM9t8nh9d9b6u5w7CMV5A3BBS
kQXeePrsHbj9r8bDhujlST48CI6P6d8QTMjPs/pyjiz8GxjTSrbXR6qhxaIkjGGj
+9Dsu83+VV719pw0SpAjh7wptN0kRCd5F33J3fskg+yZMdfkIkOt1L9PPeuJWlL8
xWF/QziJZZwotJnj+E1pQ5Fc6ukiKBfvsbpMMqIHDMVGFpKtf6OUR4IJiO8FAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUgebSZEqO7KBbGLOQE4KEJi9TsXEwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzNTJlMzIzMDM4MmUzMTM1
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV0J0wDQYJKoZIhvcNAQELBQADggEBADg79P+gtuStMPZ8a21v+VgzMObu1I5H
0misI9PVByjhyslF2Y1peNAynxCupXSv+p1l1dVVOMHW4I5ypcjIZgOmFzvbsq28
i5s5lPL7a5acqTWIMTJcfnIFf2uFIJzoJmDi68+nkocdiiKZwfl5ApKLRMbfvdWm
i63N2gc7cEqcwYExZCaka8Pivgi+R6J2vbFaubUli59wjbt7DVn+lIq7Gmc6AA/P
MqV4+n7mDUED72LWOdf45h05K5mSdgejQvZYD58guss4kR6c4ub9Lfs2o1gEOTdz
+gcZa6SPJaP+HQKV1u/252YsBOjDxtKh7J325YcUWcPBiB2zqXPPgkk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org