Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20323135313031.roa
File:                     3138352e3130302e3231352e302f32342d3234203d3e20323135313031.roa (raw, json)
Hash identifier:          pZxlfLxDFhih2et4+HzUjgZXv4nkZy2++Gd8YLk+kXs=
Subject key identifier:   D2:6D:CF:6D:B1:D1:E0:E1:6D:7C:B6:67:52:D6:67:04:B7:5B:4B:61
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       2286BEF7743B064926FD133B80EDA0099F671A9B
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20323135313031.roa
Signing time:             Thu 18 Apr 2024 12:50:12 +0000
ROA not before:           Thu 18 Apr 2024 12:45:12 +0000
ROA not after:            Thu 17 Apr 2025 12:50:12 +0000
asID:                     215101
IP address blocks:        185.100.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:86:be:f7:74:3b:06:49:26:fd:13:3b:80:ed:a0:09:9f:67:1a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Apr 18 12:45:12 2024 GMT
            Not After : Apr 17 12:50:12 2025 GMT
        Subject: CN=D26DCF6DB1D1E0E16D7CB66752D66704B75B4B61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:03:b2:5e:2b:6d:85:0a:e5:b8:3a:6b:27:c2:
                    bd:85:d5:44:e2:29:a3:c2:03:17:8d:54:02:d7:63:
                    b9:18:fa:d4:a9:7c:2d:1a:02:0f:ae:81:cc:af:eb:
                    5d:b2:18:81:c2:ee:df:aa:04:01:d4:e4:4e:45:a3:
                    ef:86:48:49:fc:e6:5f:c0:43:53:e0:c4:8c:da:12:
                    a2:ee:28:c7:43:34:74:08:10:dd:13:a9:9f:67:cb:
                    71:93:83:5e:56:c6:68:a6:08:c3:d4:d1:1f:15:f0:
                    41:87:93:6b:ce:d5:7d:90:1e:41:d1:9c:3f:e9:03:
                    ef:2b:5d:a3:5a:b0:8b:3c:01:98:06:7e:b1:9c:4d:
                    56:73:53:f9:9a:a6:a4:36:65:5d:5a:99:77:a1:49:
                    9d:dd:7c:8d:a6:3c:17:71:85:ee:e2:19:fc:f4:8e:
                    0b:2b:3a:08:b6:b9:7a:a1:70:95:13:11:c6:91:c2:
                    36:17:b3:10:11:9e:34:28:3d:de:16:99:40:d2:9a:
                    18:4b:ab:d6:3f:c2:1e:79:ad:c2:88:f1:8a:99:c3:
                    92:88:a1:f6:71:a7:74:b7:df:eb:cc:1e:53:4c:b5:
                    51:e5:55:59:32:25:92:5f:6b:ae:64:10:1f:8e:11:
                    ec:74:c1:eb:6e:67:4e:28:21:b7:92:06:bb:80:8c:
                    f3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6D:CF:6D:B1:D1:E0:E1:6D:7C:B6:67:52:D6:67:04:B7:5B:4B:61
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20323135313031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:62:8b:88:ab:05:6e:c9:38:b2:9e:83:11:1f:e2:6a:b3:ae:
         fe:2b:69:b1:96:32:be:49:a5:8b:b4:75:9e:85:0a:c6:d1:cb:
         98:ac:39:9a:d5:31:23:a1:83:ee:fd:85:88:c8:53:4c:e0:2b:
         7b:37:25:a1:ce:3f:11:09:85:bc:7b:c9:cd:80:12:47:a9:e2:
         8a:84:1a:2b:74:2b:fc:79:70:7c:71:ab:eb:c0:de:3c:c2:4f:
         b9:6f:86:c7:c3:20:51:d3:b3:99:1a:a5:6b:68:8a:e8:e9:16:
         91:03:aa:74:9b:17:83:8c:0d:ff:eb:1a:69:ea:19:3b:42:25:
         b6:e3:cd:9a:9b:e4:20:7a:65:8d:38:bf:1d:9d:11:e9:34:73:
         21:9e:6d:52:88:4e:ef:1e:9b:fd:ce:c2:4c:7f:ca:06:7f:3d:
         15:71:70:71:0b:20:d2:05:c6:2e:5b:21:47:61:15:25:e4:ca:
         88:05:a9:dc:eb:78:d1:32:f8:cd:37:4e:2d:2d:10:f0:7b:86:
         73:33:52:8b:06:64:58:12:1f:f1:79:be:82:3b:70:52:63:7c:
         b2:6f:96:0c:b3:dc:55:3a:b5:6a:6c:3c:59:9c:08:8c:cb:76:
         3c:35:5f:e7:c5:73:56:76:44:cd:61:18:1f:22:6c:b6:90:82:
         12:44:a0:16
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUIoa+93Q7Bkkm/RM7gO2gCZ9nGpswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDA0MTgxMjQ1MTJaFw0yNTA0MTcxMjUwMTJaMDMxMTAvBgNV
BAMTKEQyNkRDRjZEQjFEMUUwRTE2RDdDQjY2NzUyRDY2NzA0Qjc1QjRCNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxA7JeK22FCuW4Omsnwr2F1UTi
KaPCAxeNVALXY7kY+tSpfC0aAg+ugcyv612yGIHC7t+qBAHU5E5Fo++GSEn85l/A
Q1PgxIzaEqLuKMdDNHQIEN0TqZ9ny3GTg15WxmimCMPU0R8V8EGHk2vO1X2QHkHR
nD/pA+8rXaNasIs8AZgGfrGcTVZzU/mapqQ2ZV1amXehSZ3dfI2mPBdxhe7iGfz0
jgsrOgi2uXqhcJUTEcaRwjYXsxARnjQoPd4WmUDSmhhLq9Y/wh55rcKI8YqZw5KI
ofZxp3S33+vMHlNMtVHlVVkyJZJfa65kEB+OEex0wetuZ04oIbeSBruAjPOnAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU0m3PbbHR4OFtfLZnUtZnBLdbS2EwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMwMzAyZTMy
MzEzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTMxMzAzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALlk1zANBgkqhkiG9w0BAQsFAAOCAQEARmKLiKsFbsk4sp6DER/iarOu/itp
sZYyvkmli7R1noUKxtHLmKw5mtUxI6GD7v2FiMhTTOArezcloc4/EQmFvHvJzYAS
R6niioQaK3Qr/HlwfHGr68DePMJPuW+Gx8MgUdOzmRqla2iK6OkWkQOqdJsXg4wN
/+saaeoZO0IltuPNmpvkIHpljTi/HZ0R6TRzIZ5tUohO7x6b/c7CTH/KBn89FXFw
cQsg0gXGLlshR2EVJeTKiAWp3Ot40TL4zTdOLS0Q8HuGczNSiwZkWBIf8Xm+gjtw
UmN8sm+WDLPcVTq1amw8WZwIjMt2PDVf58VzVnZEzWEYHyJstpCCEkSgFg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:14:19 2024 by rpki-client on console-ams.rpki-client.org