Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3133392e32362e302f32332d3234203d3e203439323031.roa
File:                     3138352e3133392e32362e302f32332d3234203d3e203439323031.roa (raw, json)
Hash identifier:          RA7hYrzkMZhZJNR0OV0++iJKhEzS0uXCxhjqj5f1bN8=
Subject key identifier:   C2:1F:CA:22:CE:BD:EA:D2:3C:A6:75:C1:4F:04:98:A4:3B:01:E5:79
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       40F2E6F15A3C8E1F5DC23FE1110FB7691AD8AA16
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3133392e32362e302f32332d3234203d3e203439323031.roa
Signing time:             Mon 13 May 2024 14:27:53 +0000
ROA not before:           Mon 13 May 2024 14:22:53 +0000
ROA not after:            Mon 12 May 2025 14:27:53 +0000
asID:                     49201
IP address blocks:        185.139.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:f2:e6:f1:5a:3c:8e:1f:5d:c2:3f:e1:11:0f:b7:69:1a:d8:aa:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: May 13 14:22:53 2024 GMT
            Not After : May 12 14:27:53 2025 GMT
        Subject: CN=C21FCA22CEBDEAD23CA675C14F0498A43B01E579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1a:10:03:cb:6b:2f:2c:f5:f7:ba:85:fa:b9:
                    1e:9d:3c:72:03:90:bf:a5:3e:bd:7b:4b:34:86:83:
                    8b:bf:c9:e2:0b:e3:3c:bf:9a:ab:df:92:fb:c4:12:
                    a7:98:38:c4:3e:0f:dd:f5:09:46:d6:f8:c1:24:e5:
                    6f:80:3d:40:aa:ec:d4:a7:2b:6b:27:26:4d:d6:ed:
                    93:eb:b0:a7:29:67:55:0c:4b:54:e2:68:26:01:84:
                    fc:99:1e:dc:0b:ea:f6:46:12:c5:be:ac:a2:bd:be:
                    7f:fd:27:cd:0c:48:38:66:45:5f:96:27:9e:bb:90:
                    c1:ef:5f:e9:6e:bc:00:4e:ce:48:55:94:fb:b2:67:
                    38:66:f6:85:7d:87:a5:5a:ec:6b:46:56:18:c9:8a:
                    f4:84:f5:1a:d4:9d:7b:29:e9:c5:16:76:fe:ab:78:
                    f9:c1:43:91:d4:47:7d:eb:2e:b5:e1:76:a3:70:61:
                    f9:a2:80:82:48:d3:1f:f0:f0:cb:be:7d:a9:2d:18:
                    40:e8:03:f5:03:01:2e:f0:f8:6b:96:ca:a8:9e:0e:
                    d8:da:5a:42:88:90:09:d7:a7:31:85:69:b9:2f:98:
                    fe:07:4d:b6:43:e5:f8:cf:59:1c:e3:9a:1a:45:80:
                    52:e8:fc:93:a5:83:44:b1:dd:e0:c9:49:7a:48:cb:
                    dc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:1F:CA:22:CE:BD:EA:D2:3C:A6:75:C1:4F:04:98:A4:3B:01:E5:79
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3133392e32362e302f32332d3234203d3e203439323031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:0a:2a:ca:56:6f:fc:7c:4c:3e:a8:f3:18:42:ca:5a:da:c7:
         78:c5:20:ba:d0:0e:a8:e1:bb:c0:5c:06:f1:74:a5:c4:26:6c:
         65:0a:24:35:1e:85:8f:44:92:78:54:7d:80:39:89:b9:52:6b:
         f7:07:ef:9f:98:6e:2e:96:12:95:fb:2f:a4:6a:e8:58:bf:16:
         63:56:2a:b0:f8:e6:b5:e7:be:6a:82:59:32:70:1c:b1:8a:b0:
         72:88:28:0a:de:24:d2:8e:e9:ee:91:8b:cf:34:5c:32:be:c1:
         20:9f:5e:28:09:db:2e:fb:81:76:f7:bf:1e:d0:8d:c1:f7:71:
         72:1d:4c:ff:71:f4:88:c4:62:bd:d3:99:02:39:14:ac:78:c6:
         9e:3c:93:fb:98:fc:50:30:89:60:94:69:6e:e1:71:ff:cd:34:
         f4:cd:b0:6d:13:8b:b6:d1:84:2c:49:4d:f0:ad:d0:3d:61:12:
         91:2c:9f:49:2b:f1:d1:1c:ef:83:56:a7:0a:97:4c:4a:0e:7b:
         0f:fb:39:66:f0:e0:76:b9:98:60:66:da:77:e6:85:07:0d:03:
         16:88:8c:a1:c4:c5:08:86:39:97:f5:9f:2c:09:cd:be:60:bf:
         70:46:8c:08:50:ef:8c:d4:3e:11:2a:5c:23:0a:85:fb:c6:b8:
         c6:5e:ac:7c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQPLm8Vo8jh9dwj/hEQ+3aRrYqhYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDA1MTMxNDIyNTNaFw0yNTA1MTIxNDI3NTNaMDMxMTAvBgNV
BAMTKEMyMUZDQTIyQ0VCREVBRDIzQ0E2NzVDMTRGMDQ5OEE0M0IwMUU1NzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeGhADy2svLPX3uoX6uR6dPHID
kL+lPr17SzSGg4u/yeIL4zy/mqvfkvvEEqeYOMQ+D931CUbW+MEk5W+APUCq7NSn
K2snJk3W7ZPrsKcpZ1UMS1TiaCYBhPyZHtwL6vZGEsW+rKK9vn/9J80MSDhmRV+W
J567kMHvX+luvABOzkhVlPuyZzhm9oV9h6Va7GtGVhjJivSE9RrUnXsp6cUWdv6r
ePnBQ5HUR33rLrXhdqNwYfmigIJI0x/w8Mu+faktGEDoA/UDAS7w+GuWyqieDtja
WkKIkAnXpzGFabkvmP4HTbZD5fjPWRzjmhpFgFLo/JOlg0Sx3eDJSXpIy9yHAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUwh/KIs696tI8pnXBTwSYpDsB5XkwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMzMzkyZTMy
MzYyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzNDM5MzIzMDMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
uYsaMA0GCSqGSIb3DQEBCwUAA4IBAQB8CirKVm/8fEw+qPMYQspa2sd4xSC60A6o
4bvAXAbxdKXEJmxlCiQ1HoWPRJJ4VH2AOYm5Umv3B++fmG4ulhKV+y+kauhYvxZj
Viqw+Oa1575qglkycByxirByiCgK3iTSjunukYvPNFwyvsEgn14oCdsu+4F2978e
0I3B93FyHUz/cfSIxGK905kCORSseMaePJP7mPxQMIlglGlu4XH/zTT0zbBtE4u2
0YQsSU3wrdA9YRKRLJ9JK/HRHO+DVqcKl0xKDnsP+zlm8OB2uZhgZtp35oUHDQMW
iIyhxMUIhjmX9Z8sCc2+YL9wRowIUO+M1D4RKlwjCoX7xrjGXqx8
-----END CERTIFICATE-----
Generated at Fri Nov 22 07:03:44 2024 by rpki-client on console-fra.rpki-client.org