Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e322e302f32342d3234203d3e20323132363639.roa
File:                     3138352e3138312e322e302f32342d3234203d3e20323132363639.roa (raw, json)
Hash identifier:          qfsSfO3u+aEvqfryOy+1rEoddfZZVNVWf2CgNggMkdo=
Subject key identifier:   3F:B6:B3:79:42:30:C0:64:48:6A:F8:B1:13:AB:74:8F:FD:F7:29:C0
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       0A0781172610DC8EF5FBEADA331DBDD0A0AED1DE
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e322e302f32342d3234203d3e20323132363639.roa
Signing time:             Tue 23 Apr 2024 13:05:57 +0000
ROA not before:           Tue 23 Apr 2024 13:00:57 +0000
ROA not after:            Tue 22 Apr 2025 13:05:57 +0000
asID:                     212669
IP address blocks:        185.181.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:07:81:17:26:10:dc:8e:f5:fb:ea:da:33:1d:bd:d0:a0:ae:d1:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Apr 23 13:00:57 2024 GMT
            Not After : Apr 22 13:05:57 2025 GMT
        Subject: CN=3FB6B3794230C064486AF8B113AB748FFDF729C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:3b:f4:b7:7d:b3:5d:4b:a4:d5:11:94:c7:94:
                    c4:7a:d5:04:e4:5e:6f:19:a4:b2:c8:1e:35:1f:77:
                    45:8c:43:3e:14:75:ea:fe:f7:ed:e7:15:f7:ce:e7:
                    67:10:41:c6:c4:a2:c4:dc:e0:d4:43:8f:a7:a5:da:
                    3f:a8:c2:9f:70:d3:d8:fa:71:99:42:e9:a4:77:45:
                    f7:40:f8:9a:0c:59:bf:3d:40:e5:cf:89:67:dc:69:
                    12:a9:66:39:d7:32:6d:fb:f5:c3:79:8f:e1:d6:f1:
                    ba:d1:34:b3:25:2c:cc:d8:49:96:37:6b:ec:1c:7c:
                    e8:e1:04:31:c3:5c:66:fd:a6:80:e3:10:fe:02:f3:
                    1d:99:d0:ef:80:dd:95:2d:d0:d7:2f:4d:22:29:b1:
                    87:29:4f:45:f2:29:6b:1e:3b:ca:39:99:1c:16:43:
                    12:e6:3f:e7:74:81:a9:19:25:8a:d2:67:11:7b:f0:
                    0a:63:b9:62:2f:f5:5a:a5:dd:5a:42:76:b4:43:7f:
                    ba:c8:a8:dd:32:f7:e5:be:d2:c7:d4:06:13:0d:f3:
                    9c:95:ac:42:91:bf:05:95:26:6f:5c:dd:f3:63:7b:
                    30:12:0b:2a:5c:79:80:f9:d0:ff:05:0f:e5:2e:42:
                    75:f2:c3:00:fb:d9:8b:51:4b:05:db:e1:9f:00:7d:
                    1f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B6:B3:79:42:30:C0:64:48:6A:F8:B1:13:AB:74:8F:FD:F7:29:C0
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e322e302f32342d3234203d3e20323132363639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:fd:df:5b:43:67:87:2d:06:f0:f4:18:80:0e:34:fd:df:ce:
         78:05:c5:5e:59:9e:ce:1f:98:37:e1:34:ff:b6:b8:87:b2:8a:
         6a:ca:a3:a1:b9:66:3e:fa:19:ed:de:d8:8c:dc:b5:b1:5e:68:
         75:58:b4:4a:2b:29:bd:58:65:b8:56:c6:09:29:f0:b2:49:19:
         00:f0:7e:00:65:57:17:ae:e6:9c:47:03:2e:be:fd:1a:29:1a:
         fa:a2:7b:b4:b9:c7:aa:93:36:36:3e:00:ae:2a:a2:90:23:09:
         b2:07:29:15:c5:11:52:b9:f4:7c:73:1c:56:e4:bf:ca:bf:d5:
         8e:28:fa:57:9a:38:be:9c:31:6d:c1:8b:56:a7:a1:f3:f5:2e:
         e1:4e:d7:54:ef:3d:b9:63:a6:2d:33:b6:6a:92:f4:d7:62:8f:
         43:cc:ae:92:5a:67:f9:60:95:55:ec:9f:c6:f8:4c:4f:d2:3c:
         7e:83:4f:fa:30:f6:f1:03:51:92:3d:b9:72:fa:95:9c:85:a0:
         f8:64:7b:5b:86:db:f4:70:6e:af:c8:a7:16:7e:ad:ee:8f:68:
         23:50:ce:57:27:30:a5:d9:46:21:55:5d:2d:96:03:88:6e:e3:
         39:3c:4b:80:ee:6d:fa:dc:5e:5f:c7:ac:67:1b:f5:4c:e3:13:
         b7:63:d5:ff
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUCgeBFyYQ3I71++raMx290KCu0d4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA0MjMxMzAwNTdaFw0yNTA0MjIxMzA1NTdaMDMxMTAvBgNV
BAMTKDNGQjZCMzc5NDIzMEMwNjQ0ODZBRjhCMTEzQUI3NDhGRkRGNzI5QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxO/S3fbNdS6TVEZTHlMR61QTk
Xm8ZpLLIHjUfd0WMQz4Uder+9+3nFffO52cQQcbEosTc4NRDj6el2j+owp9w09j6
cZlC6aR3RfdA+JoMWb89QOXPiWfcaRKpZjnXMm379cN5j+HW8brRNLMlLMzYSZY3
a+wcfOjhBDHDXGb9poDjEP4C8x2Z0O+A3ZUt0NcvTSIpsYcpT0XyKWseO8o5mRwW
QxLmP+d0gakZJYrSZxF78ApjuWIv9Vql3VpCdrRDf7rIqN0y9+W+0sfUBhMN85yV
rEKRvwWVJm9c3fNjezASCypceYD50P8FD+UuQnXywwD72YtRSwXb4Z8AfR+TAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUP7azeUIwwGRIavixE6t0j/33KcAwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzEzODM1MmUzMTM4MzEyZTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzYzNjM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
ubUCMA0GCSqGSIb3DQEBCwUAA4IBAQCg/d9bQ2eHLQbw9BiADjT93854BcVeWZ7O
H5g34TT/triHsopqyqOhuWY++hnt3tiM3LWxXmh1WLRKKym9WGW4VsYJKfCySRkA
8H4AZVcXruacRwMuvv0aKRr6onu0uceqkzY2PgCuKqKQIwmyBykVxRFSufR8cxxW
5L/Kv9WOKPpXmji+nDFtwYtWp6Hz9S7hTtdU7z25Y6YtM7ZqkvTXYo9DzK6SWmf5
YJVV7J/G+ExP0jx+g0/6MPbxA1GSPbly+pWchaD4ZHtbhtv0cG6vyKcWfq3uj2gj
UM5XJzCl2UYhVV0tlgOIbuM5PEuA7m363F5fx6xnG/VM4xO3Y9X/
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:39:34 2024 by rpki-client on console-fra.rpki-client.org