Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/39352e3231342e3231362e302f32342d3234203d3e20313336373837.roa
File:                     39352e3231342e3231362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          BceUm5MM4eoTa/JEIke8Hq0kPPdm4wv7LuZfr3Jl87w=
Subject key identifier:   B6:4F:0F:77:36:95:A1:1E:63:65:E2:EB:46:23:E6:D5:14:E4:40:27
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       5606C58FFF258D532E7149CB2EBD300BB956595C
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/39352e3231342e3231362e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:21 +0000
ROA not before:           Mon 01 Apr 2024 13:58:21 +0000
ROA not after:            Mon 31 Mar 2025 14:03:21 +0000
asID:                     136787
IP address blocks:        95.214.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:06:c5:8f:ff:25:8d:53:2e:71:49:cb:2e:bd:30:0b:b9:56:59:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Apr  1 13:58:21 2024 GMT
            Not After : Mar 31 14:03:21 2025 GMT
        Subject: CN=B64F0F773695A11E6365E2EB4623E6D514E44027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:87:03:c5:72:b0:83:d2:2a:c3:b6:b9:bc:bc:
                    82:c7:31:a8:00:3b:37:35:87:bb:88:bf:44:ae:a4:
                    22:96:9f:b7:74:15:8c:82:82:fc:6b:e3:58:77:0d:
                    e5:36:27:f3:7d:64:dd:da:79:0d:35:c0:31:13:b4:
                    e7:72:90:a2:bd:16:29:60:8e:8a:00:47:cd:e6:86:
                    3d:80:81:d8:85:f4:80:37:1e:9c:fc:85:1c:74:08:
                    b0:0e:49:da:0c:69:59:be:fb:e9:42:9a:68:37:18:
                    cd:d9:7b:99:20:d4:3a:79:b2:c2:e7:8c:bb:32:36:
                    18:90:81:97:45:34:dd:15:ed:c8:dd:d7:0e:58:59:
                    6e:3c:ac:0b:89:4d:ae:4f:01:a7:d1:ba:95:c0:34:
                    4e:3b:5b:c8:24:a1:a7:50:be:60:28:6c:16:7a:04:
                    bd:76:1b:87:80:9d:70:df:4c:b8:83:fd:cd:b2:21:
                    29:a2:63:34:61:20:ec:cd:39:7f:1d:87:bc:4f:06:
                    03:03:d2:94:74:c0:1c:a4:f1:b4:9b:f5:51:51:d7:
                    89:b5:e7:2f:23:2d:98:67:bc:be:21:1c:c1:16:aa:
                    b5:3e:30:40:2c:c0:c2:83:9f:26:19:f8:30:b8:43:
                    6d:42:2a:4f:48:0c:ff:4c:e4:50:e6:36:86:af:9a:
                    c0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4F:0F:77:36:95:A1:1E:63:65:E2:EB:46:23:E6:D5:14:E4:40:27
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/39352e3231342e3231362e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:db:ce:e2:74:74:15:a0:bd:c8:83:0b:8e:5d:6d:1a:c9:00:
         64:0c:de:7b:51:2d:03:bf:16:20:33:d7:d1:96:2a:5d:af:e7:
         4a:5e:2a:cb:e6:4e:f4:b3:d4:de:ca:fa:bc:6e:cb:d3:5e:5d:
         a6:cb:61:53:92:33:36:08:ea:e9:f0:f8:f8:21:17:ce:f3:48:
         73:2a:10:a1:f8:62:cb:bb:44:d4:0f:e0:a4:77:79:67:13:f5:
         48:f3:09:4d:90:53:25:15:af:88:91:5f:ca:00:8a:ce:f8:39:
         7b:b6:0d:7d:27:2f:da:84:8a:44:ba:e0:86:d8:13:f8:86:06:
         7c:d1:12:90:4f:9d:b1:a6:63:15:fa:1c:98:60:9c:c7:67:00:
         69:14:72:7f:77:25:35:f9:20:da:2a:dc:5e:55:d6:33:a7:d0:
         84:28:30:94:f5:84:17:d2:e1:02:dd:ec:49:88:95:2c:5b:0f:
         e9:01:30:4a:66:68:ad:8a:cc:ba:65:d5:db:d9:07:29:76:df:
         41:03:68:42:5a:6e:e8:e7:8b:89:64:4f:66:ea:0d:6a:0e:fb:
         61:e5:00:8a:fe:b2:75:0a:56:34:c0:72:ff:a4:7d:13:c9:9b:
         59:c6:5b:ca:d6:cf:a3:c3:1c:ef:e6:20:12:a4:71:6f:1e:40:
         69:7d:61:03
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUVgbFj/8ljVMucUnLLr0wC7lWWVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA0MDExMzU4MjFaFw0yNTAzMzExNDAzMjFaMDMxMTAvBgNV
BAMTKEI2NEYwRjc3MzY5NUExMUU2MzY1RTJFQjQ2MjNFNkQ1MTRFNDQwMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkhwPFcrCD0irDtrm8vILHMagA
Ozc1h7uIv0SupCKWn7d0FYyCgvxr41h3DeU2J/N9ZN3aeQ01wDETtOdykKK9Filg
jooAR83mhj2AgdiF9IA3Hpz8hRx0CLAOSdoMaVm+++lCmmg3GM3Ze5kg1Dp5ssLn
jLsyNhiQgZdFNN0V7cjd1w5YWW48rAuJTa5PAafRupXANE47W8gkoadQvmAobBZ6
BL12G4eAnXDfTLiD/c2yISmiYzRhIOzNOX8dh7xPBgMD0pR0wByk8bSb9VFR14m1
5y8jLZhnvL4hHMEWqrU+MEAswMKDnyYZ+DC4Q21CKk9IDP9M5FDmNoavmsD7AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUtk8PdzaVoR5jZeLrRiPm1RTkQCcwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzkzNTJlMzIzMTM0MmUzMjMx
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABf1tgwDQYJKoZIhvcNAQELBQADggEBAD/bzuJ0dBWgvciDC45dbRrJAGQM3ntR
LQO/FiAz19GWKl2v50peKsvmTvSz1N7K+rxuy9NeXabLYVOSMzYI6unw+PghF87z
SHMqEKH4Ysu7RNQP4KR3eWcT9UjzCU2QUyUVr4iRX8oAis74OXu2DX0nL9qEikS6
4IbYE/iGBnzREpBPnbGmYxX6HJhgnMdnAGkUcn93JTX5INoq3F5V1jOn0IQoMJT1
hBfS4QLd7EmIlSxbD+kBMEpmaK2KzLpl1dvZByl230EDaEJabujni4lkT2bqDWoO
+2HlAIr+snUKVjTAcv+kfRPJm1nGW8rWz6PDHO/mIBKkcW8eQGl9YQM=
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:59:03 2024 by rpki-client on console-ams.rpki-client.org