Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230322e302f32342d3234203d3e20323130303330.roa
File:                     3138352e3232392e3230322e302f32342d3234203d3e20323130303330.roa (raw, json)
Hash identifier:          UABDTXTWp8foWVTBYxxIWEuae7LAbLk9s44nxTvRACo=
Subject key identifier:   D4:54:79:3D:BA:57:8F:46:FE:F9:F3:24:88:F1:6B:91:9F:24:6E:8E
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       45ED477B7B01C4949B5B1D93E8AC7F84A25FB244
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230322e302f32342d3234203d3e20323130303330.roa
Signing time:             Fri 08 Mar 2024 18:57:16 +0000
ROA not before:           Fri 08 Mar 2024 18:52:16 +0000
ROA not after:            Fri 07 Mar 2025 18:57:16 +0000
asID:                     210030
IP address blocks:        185.229.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:ed:47:7b:7b:01:c4:94:9b:5b:1d:93:e8:ac:7f:84:a2:5f:b2:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Mar  8 18:52:16 2024 GMT
            Not After : Mar  7 18:57:16 2025 GMT
        Subject: CN=D454793DBA578F46FEF9F32488F16B919F246E8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8f:e5:13:4f:cd:1d:c7:6c:a0:32:5f:5a:d7:
                    2c:7f:1a:96:91:15:44:72:01:34:49:2d:23:17:62:
                    e5:ee:e6:b5:89:10:46:13:06:27:99:9d:a0:9a:3d:
                    fc:89:3c:64:ea:12:1e:63:54:c4:5a:46:37:d7:a4:
                    c0:5a:bf:6a:7e:49:45:c3:eb:76:1e:f1:7d:f8:9a:
                    3d:76:be:a8:12:f4:fa:ae:20:f4:ae:a9:19:13:4f:
                    7b:95:af:c4:55:78:17:95:2f:7c:d0:a6:db:95:00:
                    7d:fa:5b:a4:07:7b:a6:9b:46:4a:45:e5:fb:6b:b3:
                    2f:db:d5:e5:bd:a2:07:a5:51:27:49:90:27:7d:3f:
                    a6:72:4c:93:a2:d2:62:8a:60:95:30:a4:3c:b7:35:
                    9a:8c:7a:bf:9c:a2:1a:d3:19:b4:19:54:c2:df:1a:
                    e6:62:8e:b5:fe:20:cb:6c:9e:57:64:8a:2d:01:dd:
                    07:94:f2:3b:97:bb:4f:3b:5d:15:3c:42:9b:e7:24:
                    b1:04:bc:9b:e7:ec:39:3d:e5:dc:ee:fa:2b:4f:c2:
                    84:2b:34:b1:5c:9c:83:10:cb:00:b9:ae:a4:bb:f2:
                    26:b9:25:71:85:df:c7:29:e9:26:e1:dd:16:69:3a:
                    49:fe:82:69:cf:47:b7:57:f6:61:d2:b0:ef:85:46:
                    a0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:54:79:3D:BA:57:8F:46:FE:F9:F3:24:88:F1:6B:91:9F:24:6E:8E
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230322e302f32342d3234203d3e20323130303330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8f:f7:0b:96:3b:cf:6e:8a:3f:02:a8:8d:0c:a9:0c:6e:62:
         f4:98:5a:44:07:46:6c:e8:de:7b:de:3f:d7:1f:f3:8b:88:2e:
         a6:2b:ff:37:c7:9f:34:5f:85:d0:41:f2:e1:8f:19:32:61:e3:
         6e:f2:9a:8d:5a:49:c6:66:83:1c:cb:8d:b4:6e:e7:99:bf:e8:
         b8:fb:b1:15:62:67:5a:c4:bf:bb:52:69:82:25:a2:ab:92:39:
         37:34:1a:7d:5e:87:f1:6e:a3:c9:eb:0e:89:af:b7:61:11:09:
         17:d0:cb:a3:91:8d:5e:d6:47:4c:cb:d1:a9:1b:db:b2:b2:47:
         98:a5:76:b2:f7:3e:a2:9f:20:61:00:69:cb:2f:07:82:95:40:
         0b:4f:7d:8f:2f:0a:dd:33:77:aa:24:3b:bb:90:8b:4a:b4:1d:
         8e:b6:f0:12:6a:54:ca:f9:4a:3a:8d:22:a0:79:c2:f2:ae:70:
         a4:fc:40:3b:60:07:28:5b:be:0c:4f:4a:51:f4:34:ca:47:2a:
         57:90:19:6d:0b:ca:e4:84:46:54:a7:e1:d6:08:99:ba:7d:aa:
         cd:0b:bd:b0:a6:3f:96:8b:82:42:a8:b0:c8:8c:18:b6:a0:57:
         34:be:7f:87:04:d7:76:94:33:88:84:97:cc:a9:66:c6:52:48:
         82:cf:29:e9
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIURe1He3sBxJSbWx2T6Kx/hKJfskQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNDAzMDgxODUyMTZaFw0yNTAzMDcxODU3MTZaMDMxMTAvBgNV
BAMTKEQ0NTQ3OTNEQkE1NzhGNDZGRUY5RjMyNDg4RjE2QjkxOUYyNDZFOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPj+UTT80dx2ygMl9a1yx/GpaR
FURyATRJLSMXYuXu5rWJEEYTBieZnaCaPfyJPGTqEh5jVMRaRjfXpMBav2p+SUXD
63Ye8X34mj12vqgS9PquIPSuqRkTT3uVr8RVeBeVL3zQptuVAH36W6QHe6abRkpF
5ftrsy/b1eW9ogelUSdJkCd9P6ZyTJOi0mKKYJUwpDy3NZqMer+cohrTGbQZVMLf
GuZijrX+IMtsnldkii0B3QeU8juXu087XRU8QpvnJLEEvJvn7Dk95dzu+itPwoQr
NLFcnIMQywC5rqS78ia5JXGF38cp6Sbh3RZpOkn+gmnPR7dX9mHSsO+FRqA/AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU1FR5PbpXj0b++fMkiPFrkZ8kbo4wHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMjMyMzkyZTMy
MzAzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMDMwMzMzMC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnlyjANBgkqhkiG9w0BAQsFAAOCAQEAQY/3C5Y7z26KPwKojQypDG5i9Jha
RAdGbOjee94/1x/zi4gupiv/N8efNF+F0EHy4Y8ZMmHjbvKajVpJxmaDHMuNtG7n
mb/ouPuxFWJnWsS/u1JpgiWiq5I5NzQafV6H8W6jyesOia+3YREJF9DLo5GNXtZH
TMvRqRvbsrJHmKV2svc+op8gYQBpyy8HgpVAC099jy8K3TN3qiQ7u5CLSrQdjrbw
EmpUyvlKOo0ioHnC8q5wpPxAO2AHKFu+DE9KUfQ0ykcqV5AZbQvK5IRGVKfh1giZ
un2qzQu9sKY/louCQqiwyIwYtqBXNL5/hwTXdpQziISXzKlmxlJIgs8p6Q==
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:32:54 2024 by rpki-client on console-ams.rpki-client.org