Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230312e302f32342d3234203d3e20323030303137.roa
File:                     3138352e3232392e3230312e302f32342d3234203d3e20323030303137.roa (raw, json)
Hash identifier:          h1azTNafUjb7UdhKJgtNINL6z0yWbbbvs5e4uvD1ZDY=
Subject key identifier:   E1:14:CF:44:D2:E7:08:88:D6:0A:EB:9C:2E:9D:C0:59:C7:8F:ED:0E
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       62956140B3B20E752168F1562D50F407910CA0B0
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230312e302f32342d3234203d3e20323030303137.roa
Signing time:             Wed 03 Apr 2024 15:05:14 +0000
ROA not before:           Wed 03 Apr 2024 15:00:14 +0000
ROA not after:            Wed 02 Apr 2025 15:05:14 +0000
asID:                     200017
IP address blocks:        185.229.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:95:61:40:b3:b2:0e:75:21:68:f1:56:2d:50:f4:07:91:0c:a0:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Apr  3 15:00:14 2024 GMT
            Not After : Apr  2 15:05:14 2025 GMT
        Subject: CN=E114CF44D2E70888D60AEB9C2E9DC059C78FED0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bb:c0:ad:16:68:11:5a:d9:f6:b8:ac:96:75:
                    e3:0b:13:74:ac:06:59:80:36:76:f8:0e:6b:a9:39:
                    1f:1b:89:0a:2b:71:f1:58:e7:e2:02:d0:2b:80:28:
                    02:b5:23:7c:64:1b:14:50:39:68:89:29:ae:4b:bb:
                    b9:35:93:0c:9e:97:97:9d:df:c7:1f:fa:6d:f5:f2:
                    a4:5b:16:20:43:1c:6c:5f:95:91:3b:e9:89:07:fa:
                    21:f8:ee:90:54:d9:95:b6:e8:94:77:14:5c:cd:6a:
                    c1:b3:d3:d9:a6:a1:e6:b8:98:ec:8b:b0:16:9d:dd:
                    6e:c9:56:bf:72:5a:02:c9:53:2b:9f:0d:5c:04:ed:
                    b8:f8:1d:1e:04:de:03:a6:d9:ee:6a:00:72:cd:4a:
                    02:d6:2e:da:56:ce:dd:3a:04:b9:69:52:51:4a:2a:
                    7e:da:c1:fe:9c:b1:92:a8:ed:1e:90:0d:7c:66:5f:
                    a4:d7:c0:22:fc:0f:94:bf:2f:10:d7:ab:18:e4:b0:
                    48:56:58:91:a6:dd:59:0e:ef:1d:b8:40:56:9a:1f:
                    73:cc:7f:8a:be:76:1c:10:ab:67:3e:0a:cb:d7:62:
                    20:e1:80:f4:0f:3e:26:cd:bb:da:84:19:67:ad:e3:
                    5b:ec:6e:9e:2e:9c:1f:75:64:d1:13:f1:ee:30:30:
                    02:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:14:CF:44:D2:E7:08:88:D6:0A:EB:9C:2E:9D:C0:59:C7:8F:ED:0E
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230312e302f32342d3234203d3e20323030303137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:73:a5:16:74:35:5b:51:e2:ee:78:4d:b3:6b:3a:43:a5:c7:
         d6:7b:aa:c1:b3:05:a0:ef:51:96:e0:1a:e3:7e:a9:c6:d5:51:
         bf:52:02:c0:e5:45:12:58:12:86:71:96:7c:84:67:66:80:19:
         59:66:12:ea:7c:0b:1c:e9:ca:34:5f:1c:72:cb:41:71:c8:95:
         5e:36:41:4b:6f:27:52:b3:54:6f:8c:61:a9:a8:df:ad:5b:cc:
         c5:40:22:ac:a9:96:a3:c4:c2:c6:76:66:6e:fd:73:a9:58:22:
         c6:b9:9d:8d:fe:90:3c:20:ca:26:32:57:ee:0d:96:ff:58:f1:
         eb:8b:a8:d9:65:f1:f2:df:24:76:de:43:e7:90:b2:49:60:d4:
         45:c4:de:36:f7:5c:d8:7d:86:82:cb:6d:16:c5:28:9f:55:f6:
         8d:9e:e3:84:2d:99:6f:ab:89:04:cd:c3:9b:43:ca:f7:b6:11:
         73:2f:ba:59:1a:34:4c:a7:7d:92:a3:ca:94:e1:27:83:a0:c7:
         6f:35:71:af:b5:ff:22:36:cd:ea:b4:c4:86:f6:41:01:85:b0:
         db:c4:b0:f6:ea:ca:f0:7f:39:65:f9:30:b4:61:b1:96:b7:76:
         e8:6a:ed:74:1b:d2:a6:7b:c8:43:f0:01:00:36:f1:0f:cc:45:
         d6:e7:74:0e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUYpVhQLOyDnUhaPFWLVD0B5EMoLAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNDA0MDMxNTAwMTRaFw0yNTA0MDIxNTA1MTRaMDMxMTAvBgNV
BAMTKEUxMTRDRjQ0RDJFNzA4ODhENjBBRUI5QzJFOURDMDU5Qzc4RkVEMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCu8CtFmgRWtn2uKyWdeMLE3Ss
BlmANnb4DmupOR8biQorcfFY5+IC0CuAKAK1I3xkGxRQOWiJKa5Lu7k1kwyel5ed
38cf+m318qRbFiBDHGxflZE76YkH+iH47pBU2ZW26JR3FFzNasGz09mmoea4mOyL
sBad3W7JVr9yWgLJUyufDVwE7bj4HR4E3gOm2e5qAHLNSgLWLtpWzt06BLlpUlFK
Kn7awf6csZKo7R6QDXxmX6TXwCL8D5S/LxDXqxjksEhWWJGm3VkO7x24QFaaH3PM
f4q+dhwQq2c+CsvXYiDhgPQPPibNu9qEGWet41vsbp4unB91ZNET8e4wMAIPAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU4RTPRNLnCIjWCuucLp3AWceP7Q4wHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMjMyMzkyZTMy
MzAzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMDMwMzEzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnlyTANBgkqhkiG9w0BAQsFAAOCAQEANnOlFnQ1W1Hi7nhNs2s6Q6XH1nuq
wbMFoO9RluAa436pxtVRv1ICwOVFElgShnGWfIRnZoAZWWYS6nwLHOnKNF8ccstB
cciVXjZBS28nUrNUb4xhqajfrVvMxUAirKmWo8TCxnZmbv1zqVgixrmdjf6QPCDK
JjJX7g2W/1jx64uo2WXx8t8kdt5D55CySWDURcTeNvdc2H2GgsttFsUon1X2jZ7j
hC2Zb6uJBM3Dm0PK97YRcy+6WRo0TKd9kqPKlOEng6DHbzVxr7X/IjbN6rTEhvZB
AYWw28Sw9urK8H85ZfkwtGGxlrd26GrtdBvSpnvIQ/ABADbxD8xF1ud0Dg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 06:41:51 2024 by rpki-client on console-ams.rpki-client.org