Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa
File:                     3138352e3130302e3231342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3Be+K8j6EKOMYeVFrSr2TcaUOBLR5T9CSdGgdbLM2iI=
Subject key identifier:   9B:AC:A0:05:69:4D:A6:16:20:95:3B:E6:99:3B:4A:04:A7:10:BD:56
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       0BF5EADD514A9657CA52403B80AFBA283F4BB9C8
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa
Signing time:             Sun 02 Feb 2025 00:04:28 +0000
ROA not before:           Sat 01 Feb 2025 23:59:28 +0000
ROA not after:            Sun 01 Feb 2026 00:04:28 +0000
asID:                     834
IP address blocks:        185.100.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Feb 2025 05:53:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:f5:ea:dd:51:4a:96:57:ca:52:40:3b:80:af:ba:28:3f:4b:b9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Feb  1 23:59:28 2025 GMT
            Not After : Feb  1 00:04:28 2026 GMT
        Subject: CN=9BACA005694DA61620953BE6993B4A04A710BD56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:63:ab:da:f1:fe:fa:86:c7:f7:de:62:81:04:
                    5f:ac:d5:0d:10:db:9e:63:9d:db:bf:7d:4b:17:0e:
                    ad:4c:33:9f:ec:84:7b:e7:a5:f6:70:fa:4c:23:c7:
                    51:8e:ca:81:8f:ae:4a:f4:2a:89:5f:73:8e:3f:dc:
                    cd:b3:61:c9:51:e0:67:d6:5c:cb:d7:89:8d:37:21:
                    e9:3a:d6:f5:47:83:45:4d:c1:c8:ec:2e:8b:fc:40:
                    da:6a:30:db:6e:22:35:86:36:61:f3:66:88:89:c1:
                    0e:9f:29:e4:bf:d8:ba:59:6f:4a:30:e7:d1:b4:54:
                    a5:0b:f5:de:6e:56:02:a4:74:de:89:c2:09:b7:24:
                    9a:d9:30:19:51:8c:7d:c5:ce:eb:18:1a:2f:ef:2d:
                    f9:72:8a:1e:e8:e0:03:4e:bf:e1:67:f9:23:25:65:
                    5e:08:a3:bf:6b:c5:f3:31:d8:47:3b:dc:34:43:bd:
                    58:d9:cd:9f:cb:98:8f:bd:9d:c7:15:93:94:cd:21:
                    c9:96:d3:af:81:9b:e1:35:9d:55:33:7d:50:63:ae:
                    bb:6b:95:be:20:91:70:5f:a5:7d:35:66:e6:74:3b:
                    7a:9b:c0:52:6b:cd:82:d3:df:81:58:04:63:21:ba:
                    bc:e8:2e:78:32:e7:2d:97:7e:43:da:44:77:20:e5:
                    84:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:AC:A0:05:69:4D:A6:16:20:95:3B:E6:99:3B:4A:04:A7:10:BD:56
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:98:ac:da:23:d5:a2:e0:ca:e2:2c:50:9f:3b:d8:f4:c4:c0:
         f3:12:c9:6e:e1:ff:08:96:d7:fd:41:0c:d6:a1:36:49:7a:01:
         7f:0f:d2:91:85:b9:0f:d0:cf:b5:fa:ed:8a:f3:68:95:72:df:
         db:10:b5:7e:1b:5a:6e:4e:39:43:e8:33:5f:6b:97:dc:f7:0b:
         76:56:08:ff:e7:4f:61:b2:78:41:c8:c4:3e:8c:f7:7e:c4:31:
         49:af:5b:b3:4a:c6:0f:76:1f:12:16:a7:c5:36:5b:3d:e5:0d:
         fd:ad:24:eb:f9:4c:48:50:a5:a6:4a:5f:a9:b6:c4:45:49:6e:
         a0:7c:96:4d:c6:9e:8f:8a:58:8b:c9:6c:a7:79:07:7b:4b:76:
         88:49:d7:27:0a:df:60:58:50:1e:47:e2:ea:fd:e4:ba:2d:ba:
         71:af:61:0c:c2:af:fa:89:5f:26:6b:e9:6b:c5:f4:be:06:10:
         9c:9d:e1:68:cc:cd:96:41:53:55:27:bf:e5:b3:99:95:55:01:
         6d:23:a3:0b:e4:04:6d:e3:5f:ee:80:cc:1a:5d:b6:96:b1:3f:
         d7:cd:8e:40:b3:89:af:52:f8:f6:de:b0:e6:ae:91:8e:57:10:
         63:a6:59:9f:24:fc:84:77:e1:ba:1c:ad:2b:41:98:90:13:3c:
         4f:55:f6:8b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUC/Xq3VFKllfKUkA7gK+6KD9LucgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAyMDEyMzU5MjhaFw0yNjAyMDEwMDA0MjhaMDMxMTAvBgNV
BAMTKDlCQUNBMDA1Njk0REE2MTYyMDk1M0JFNjk5M0I0QTA0QTcxMEJENTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYY6va8f76hsf33mKBBF+s1Q0Q
255jndu/fUsXDq1MM5/shHvnpfZw+kwjx1GOyoGPrkr0Kolfc44/3M2zYclR4GfW
XMvXiY03Iek61vVHg0VNwcjsLov8QNpqMNtuIjWGNmHzZoiJwQ6fKeS/2LpZb0ow
59G0VKUL9d5uVgKkdN6Jwgm3JJrZMBlRjH3FzusYGi/vLflyih7o4ANOv+Fn+SMl
ZV4Io79rxfMx2Ec73DRDvVjZzZ/LmI+9nccVk5TNIcmW06+Bm+E1nVUzfVBjrrtr
lb4gkXBfpX01ZuZ0O3qbwFJrzYLT34FYBGMhurzoLngy5y2XfkPaRHcg5YQ/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUm6ygBWlNphYglTvmmTtKBKcQvVYwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMwMzAyZTMy
MzEzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlk
1jANBgkqhkiG9w0BAQsFAAOCAQEAmpis2iPVouDK4ixQnzvY9MTA8xLJbuH/CJbX
/UEM1qE2SXoBfw/SkYW5D9DPtfrtivNolXLf2xC1fhtabk45Q+gzX2uX3PcLdlYI
/+dPYbJ4QcjEPoz3fsQxSa9bs0rGD3YfEhanxTZbPeUN/a0k6/lMSFClpkpfqbbE
RUluoHyWTcaej4pYi8lsp3kHe0t2iEnXJwrfYFhQHkfi6v3kui26ca9hDMKv+olf
Jmvpa8X0vgYQnJ3haMzNlkFTVSe/5bOZlVUBbSOjC+QEbeNf7oDMGl22lrE/182O
QLOJr1L49t6w5q6RjlcQY6ZZnyT8hHfhuhytK0GYkBM8T1X2iw==
-----END CERTIFICATE-----
Generated at Fri Feb 14 15:04:17 2025 by rpki-client