Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/39352e3231342e3231372e302f32342d3234203d3e20313336373837.roa
File:                     39352e3231342e3231372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          sQVqYeQYe/wndLnj8NZiYAlu0dwUXXXQE5zbIyiIPSs=
Subject key identifier:   19:FC:12:F2:98:13:CB:24:81:96:C2:AE:6E:78:34:9A:2D:67:9D:62
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       3D3696213D507D9F6BD7E07C08C6CF41385820F1
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/39352e3231342e3231372e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:20 +0000
ROA not before:           Mon 01 Apr 2024 13:58:20 +0000
ROA not after:            Mon 31 Mar 2025 14:03:20 +0000
asID:                     136787
IP address blocks:        95.214.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:36:96:21:3d:50:7d:9f:6b:d7:e0:7c:08:c6:cf:41:38:58:20:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Apr  1 13:58:20 2024 GMT
            Not After : Mar 31 14:03:20 2025 GMT
        Subject: CN=19FC12F29813CB248196C2AE6E78349A2D679D62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:92:0e:7f:00:35:f1:3e:34:56:19:a0:47:4f:
                    a3:a4:5f:41:fb:f7:74:5f:8d:45:c7:6f:99:d3:3d:
                    ce:58:54:d0:64:c2:68:27:16:7a:37:b2:fe:d7:8b:
                    ca:4b:60:41:28:29:9a:08:50:38:aa:de:1e:1f:1d:
                    5a:95:9c:56:a5:1d:34:3d:7b:49:6d:77:d2:64:8e:
                    75:d8:fc:c2:4b:d9:d1:89:83:f6:46:14:ee:bb:83:
                    04:f9:a0:57:05:cc:e7:06:bf:c3:d4:70:a9:60:24:
                    ec:0e:89:e0:9b:5e:9c:89:f8:d2:41:56:e8:0c:20:
                    33:3a:e1:f3:f9:9f:56:60:cd:65:82:6f:45:f1:a9:
                    54:44:fb:e7:6b:b6:7e:25:dd:6d:52:da:ee:af:32:
                    9a:5a:45:ed:52:f8:6b:53:e6:cd:eb:3b:5f:b5:35:
                    2d:8e:8c:a9:04:08:02:9f:fe:8c:d9:18:cc:6f:e0:
                    4e:e2:a8:48:a8:4d:20:54:ac:63:70:53:74:12:2a:
                    1f:78:37:c4:93:57:79:3f:68:8d:d6:7d:0a:5e:94:
                    d2:75:23:7f:df:3b:26:16:82:91:cb:82:26:05:7e:
                    ee:8a:20:ab:d9:1a:b3:69:85:04:13:94:a0:bd:17:
                    f7:08:18:e2:3c:cb:b8:b1:0d:2d:93:93:22:fc:d5:
                    f7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:FC:12:F2:98:13:CB:24:81:96:C2:AE:6E:78:34:9A:2D:67:9D:62
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/39352e3231342e3231372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:11:90:73:23:94:a1:47:ac:7f:52:78:17:1b:17:fc:70:8f:
         eb:97:f2:37:a8:22:43:f2:78:0e:b9:d5:a2:ae:a2:80:a7:f2:
         32:68:37:43:c4:c9:6d:52:58:63:e8:ee:38:dc:63:7e:68:83:
         0a:4f:74:27:76:90:51:a7:dc:a2:c6:84:93:bb:a9:92:b8:f0:
         82:e2:a2:a2:6d:41:6a:6a:f9:ae:9b:9c:2e:7d:24:4f:1b:04:
         03:be:43:82:7e:b6:e2:71:a9:db:dc:a1:a2:74:b9:9a:6a:81:
         14:24:b0:be:91:8d:1a:6b:78:67:cd:88:5d:61:07:52:97:2b:
         3c:d4:94:05:91:b3:9c:f4:bc:70:2f:b6:ab:a4:50:fb:bf:5a:
         bc:09:f2:fb:b8:4a:ce:fa:4c:2f:49:60:87:99:9c:c0:e9:bc:
         58:59:35:ad:c8:73:b7:41:d3:92:22:b3:b4:36:99:8b:e8:eb:
         77:c4:a9:02:df:3b:e9:46:c5:4c:87:66:88:d7:0a:f7:99:b0:
         d5:53:32:73:e4:b7:c9:39:34:9e:a8:97:9d:2d:bb:d4:b0:35:
         41:a3:00:f7:d9:2e:45:cd:97:e9:45:7c:1b:4f:8a:4d:9e:5e:
         aa:d8:c3:59:9f:fe:bd:24:12:6e:c9:e2:3a:5b:53:ef:cc:43:
         26:e6:16:0f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUPTaWIT1QfZ9r1+B8CMbPQThYIPEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA0MDExMzU4MjBaFw0yNTAzMzExNDAzMjBaMDMxMTAvBgNV
BAMTKDE5RkMxMkYyOTgxM0NCMjQ4MTk2QzJBRTZFNzgzNDlBMkQ2NzlENjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnkg5/ADXxPjRWGaBHT6OkX0H7
93RfjUXHb5nTPc5YVNBkwmgnFno3sv7Xi8pLYEEoKZoIUDiq3h4fHVqVnFalHTQ9
e0ltd9JkjnXY/MJL2dGJg/ZGFO67gwT5oFcFzOcGv8PUcKlgJOwOieCbXpyJ+NJB
VugMIDM64fP5n1ZgzWWCb0XxqVRE++drtn4l3W1S2u6vMppaRe1S+GtT5s3rO1+1
NS2OjKkECAKf/ozZGMxv4E7iqEioTSBUrGNwU3QSKh94N8STV3k/aI3WfQpelNJ1
I3/fOyYWgpHLgiYFfu6KIKvZGrNphQQTlKC9F/cIGOI8y7ixDS2TkyL81fdtAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUGfwS8pgTyySBlsKubng0mi1nnWIwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzkzNTJlMzIzMTM0MmUzMjMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABf1tkwDQYJKoZIhvcNAQELBQADggEBADkRkHMjlKFHrH9SeBcbF/xwj+uX8jeo
IkPyeA651aKuooCn8jJoN0PEyW1SWGPo7jjcY35ogwpPdCd2kFGn3KLGhJO7qZK4
8ILioqJtQWpq+a6bnC59JE8bBAO+Q4J+tuJxqdvcoaJ0uZpqgRQksL6RjRpreGfN
iF1hB1KXKzzUlAWRs5z0vHAvtqukUPu/WrwJ8vu4Ss76TC9JYIeZnMDpvFhZNa3I
c7dB05Iis7Q2mYvo63fEqQLfO+lGxUyHZojXCveZsNVTMnPkt8k5NJ6ol50tu9Sw
NUGjAPfZLkXNl+lFfBtPik2eXqrYw1mf/r0kEm7J4jpbU+/MQybmFg8=
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:59:03 2024 by rpki-client on console-ams.rpki-client.org