Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38352e3230382e3135392e302f32342d3234203d3e20313336373837.roa
File:                     38352e3230382e3135392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          qiN4NIKDmsnvEfRdgEccZeQ5g/+5deoAQyyYhTx/aGw=
Subject key identifier:   66:99:A6:26:1C:19:25:EC:85:D7:6F:58:21:C7:59:3F:56:60:57:CE
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       5A0A977FF6423AE054585B252098284600D028B9
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38352e3230382e3135392e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:29 +0000
ROA not before:           Tue 13 Feb 2024 12:49:29 +0000
ROA not after:            Tue 11 Feb 2025 12:54:29 +0000
asID:                     136787
IP address blocks:        85.208.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:0a:97:7f:f6:42:3a:e0:54:58:5b:25:20:98:28:46:00:d0:28:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:29 2024 GMT
            Not After : Feb 11 12:54:29 2025 GMT
        Subject: CN=6699A6261C1925EC85D76F5821C7593F566057CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:36:04:84:cb:a4:2b:cf:8c:05:f7:3a:69:40:
                    70:09:09:b3:3f:05:d6:44:b4:91:83:87:6b:db:76:
                    8b:99:e0:05:ae:2a:c3:0b:2f:4e:43:79:fc:8f:21:
                    41:ea:a6:ff:48:b3:13:73:f6:4c:87:a9:a2:30:b5:
                    33:f8:69:fd:04:13:44:0b:bb:8d:cf:c8:c9:07:77:
                    52:d8:69:42:a5:bc:21:39:c1:c2:8e:08:8a:02:f0:
                    fb:d2:86:3a:14:7f:21:05:ce:69:16:7c:c4:3e:9f:
                    1a:e0:53:76:2d:d3:63:a6:06:ad:17:aa:4e:59:03:
                    26:23:22:d0:44:03:b7:be:f3:2d:0e:e9:d9:b7:ae:
                    dd:3f:4e:eb:bf:0c:10:bb:c3:f6:da:c4:5c:62:8f:
                    2e:98:9d:eb:14:58:50:94:18:de:27:70:9d:1b:53:
                    d9:7e:52:37:5f:6e:4b:84:88:02:ef:a6:ba:42:cc:
                    80:a6:6a:47:7c:64:85:19:b7:cc:c1:84:b4:5d:af:
                    49:c8:b7:3a:f5:f5:e7:bb:2d:7b:bf:94:cd:22:0a:
                    64:57:bf:9c:e5:da:9c:c4:a2:e4:47:4e:fa:5e:c7:
                    02:d1:77:1d:04:f8:23:fe:0e:79:e3:2f:de:d8:1f:
                    95:b1:5e:3c:d5:30:ef:f4:9d:50:15:da:0d:e9:3a:
                    8c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:99:A6:26:1C:19:25:EC:85:D7:6F:58:21:C7:59:3F:56:60:57:CE
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38352e3230382e3135392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:9b:03:45:af:ca:c4:9b:8d:96:26:e1:3b:a2:88:3e:be:6b:
         25:d1:76:e0:40:f9:cb:1f:e7:ec:be:96:ff:e6:d5:dd:a0:c9:
         dd:08:e4:ec:ae:74:6d:6a:ad:a8:4d:cb:75:e9:94:97:0f:17:
         27:b0:30:24:5b:3e:8f:b2:7c:65:fb:76:50:67:a1:41:f4:93:
         e8:3b:a5:ec:8f:7e:d7:63:27:16:24:f0:ff:36:ba:7f:38:7d:
         b7:a7:ef:5e:3f:94:16:21:fb:33:27:b2:a2:d2:2b:26:f0:9d:
         3d:87:0b:79:c2:87:f5:49:e0:1c:d7:91:57:75:97:34:18:69:
         f1:fe:2c:87:a8:04:69:aa:63:d5:f8:af:a4:fc:8d:c5:ad:5b:
         c6:33:e9:ff:c5:49:fd:e8:17:ea:64:9b:06:43:fb:3f:e3:35:
         1c:41:f6:95:3b:7d:eb:f8:c2:26:90:f0:ba:98:fa:49:29:f2:
         8a:0e:7e:48:22:04:1a:52:22:54:3a:d2:5e:7e:51:d8:44:e6:
         13:e7:c7:cb:35:eb:c6:11:32:43:6d:f6:48:21:f0:b4:aa:3c:
         36:21:30:e9:d3:75:f2:b4:52:4c:15:41:ac:4e:a5:1f:c4:53:
         56:98:e3:e3:76:1c:8f:4d:53:75:fc:78:75:33:d8:c2:c3:f9:
         50:3b:78:dc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUWgqXf/ZCOuBUWFslIJgoRgDQKLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MjlaFw0yNTAyMTExMjU0MjlaMDMxMTAvBgNV
BAMTKDY2OTlBNjI2MUMxOTI1RUM4NUQ3NkY1ODIxQzc1OTNGNTY2MDU3Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFNgSEy6Qrz4wF9zppQHAJCbM/
BdZEtJGDh2vbdouZ4AWuKsMLL05DefyPIUHqpv9IsxNz9kyHqaIwtTP4af0EE0QL
u43PyMkHd1LYaUKlvCE5wcKOCIoC8PvShjoUfyEFzmkWfMQ+nxrgU3Yt02OmBq0X
qk5ZAyYjItBEA7e+8y0O6dm3rt0/Tuu/DBC7w/baxFxijy6YnesUWFCUGN4ncJ0b
U9l+UjdfbkuEiALvprpCzICmakd8ZIUZt8zBhLRdr0nItzr19ee7LXu/lM0iCmRX
v5zl2pzEouRHTvpexwLRdx0E+CP+DnnjL97YH5WxXjzVMO/0nVAV2g3pOowBAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUZpmmJhwZJeyF129YIcdZP1ZgV84wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzNTJlMzIzMDM4MmUzMTM1
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV0J8wDQYJKoZIhvcNAQELBQADggEBABSbA0WvysSbjZYm4TuiiD6+ayXRduBA
+csf5+y+lv/m1d2gyd0I5OyudG1qrahNy3XplJcPFyewMCRbPo+yfGX7dlBnoUH0
k+g7peyPftdjJxYk8P82un84fben714/lBYh+zMnsqLSKybwnT2HC3nCh/VJ4BzX
kVd1lzQYafH+LIeoBGmqY9X4r6T8jcWtW8Yz6f/FSf3oF+pkmwZD+z/jNRxB9pU7
fev4wiaQ8LqY+kkp8ooOfkgiBBpSIlQ60l5+UdhE5hPnx8s168YRMkNt9kgh8LSq
PDYhMOnTdfK0UkwVQaxOpR/EU1aY4+N2HI9NU3X8eHUz2MLD+VA7eNw=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:39:35 2024 by rpki-client on console-fra.rpki-client.org