Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3138352e3235312e32332e302f32342d3234203d3e20323030303137.roa
File:                     3138352e3235312e32332e302f32342d3234203d3e20323030303137.roa (raw, json)
Hash identifier:          wvxwg3g3XtQ4pMd/572fd2P39j1bNippUPP9CSVWVAU=
Subject key identifier:   D8:D1:D1:F2:41:32:CA:C3:64:22:D1:20:35:83:30:32:BA:E1:45:15
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       6A62C7EAD25A6DEB228854A0DEE353C522C6FEAE
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3138352e3235312e32332e302f32342d3234203d3e20323030303137.roa
Signing time:             Thu 10 Oct 2024 07:43:25 +0000
ROA not before:           Thu 10 Oct 2024 07:38:25 +0000
ROA not after:            Thu 09 Oct 2025 07:43:25 +0000
asID:                     200017
IP address blocks:        185.251.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:62:c7:ea:d2:5a:6d:eb:22:88:54:a0:de:e3:53:c5:22:c6:fe:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Oct 10 07:38:25 2024 GMT
            Not After : Oct  9 07:43:25 2025 GMT
        Subject: CN=D8D1D1F24132CAC36422D12035833032BAE14515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cd:7d:83:fa:60:93:a2:b1:af:f5:22:e1:09:
                    16:8a:06:d9:64:e5:26:d2:88:7e:49:ca:c8:bc:4c:
                    59:8f:d9:b8:07:08:dd:78:7b:e0:f6:6d:81:04:65:
                    27:44:3f:72:20:c4:e4:14:c2:a3:07:90:19:0d:da:
                    47:6b:3b:a0:46:70:d8:65:ee:37:e4:1c:a2:5c:70:
                    4e:8f:31:96:78:1a:a2:a9:fe:b7:3f:f4:85:06:1b:
                    24:16:6f:01:bb:37:81:36:46:b2:58:33:af:c6:95:
                    f2:5e:08:80:ce:5a:32:16:4f:6d:e3:fa:10:0e:89:
                    32:73:8c:e2:de:1a:5a:34:ee:50:aa:d6:a8:38:45:
                    0e:25:78:5b:05:be:30:be:8f:fe:ac:76:97:a5:4f:
                    ec:d3:9d:ae:27:31:e0:e2:93:9e:e1:f0:3d:7c:23:
                    17:50:f2:7d:b5:b8:c8:69:27:37:49:e5:4e:e9:7c:
                    73:04:d1:79:df:b6:1d:6f:96:7f:80:73:83:7f:46:
                    39:0f:88:b2:17:04:67:8d:8a:c2:02:01:d6:47:cb:
                    ec:4a:39:50:91:4f:a6:28:95:af:6e:a8:e4:c2:99:
                    11:ea:e2:2b:45:48:a9:4b:73:c0:27:4c:da:8d:2b:
                    3a:56:ca:42:09:0f:25:8c:09:c3:87:d5:8b:65:7a:
                    76:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:D1:D1:F2:41:32:CA:C3:64:22:D1:20:35:83:30:32:BA:E1:45:15
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3138352e3235312e32332e302f32342d3234203d3e20323030303137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:c6:3e:2f:e8:ec:60:d4:eb:75:5f:a0:04:19:c6:29:46:a2:
         e0:21:d2:9a:7c:14:9f:7f:d3:a6:78:a6:f5:84:46:72:b5:76:
         f8:f1:81:b3:31:33:60:dc:90:8d:cd:7d:95:67:a9:92:38:f0:
         19:c0:0a:f7:ec:34:c8:50:6a:bc:10:17:b8:49:0a:fb:87:8e:
         d6:4f:c1:6a:bf:b7:b9:b2:94:ad:b3:f8:6f:75:40:b3:a3:38:
         c0:46:76:b0:20:34:37:57:40:c6:f0:e3:00:52:2f:8d:c0:89:
         19:67:1a:41:b6:87:18:1a:ad:fd:af:e8:75:a3:e1:2d:b5:1c:
         55:e0:50:64:55:72:62:3b:36:06:80:c7:40:70:7a:b2:db:c9:
         56:14:82:52:cd:b1:f3:7e:6a:ed:74:09:49:64:cf:21:8c:3f:
         87:ea:78:a5:33:68:56:46:54:c1:4d:d4:11:ba:92:cd:81:96:
         dd:1d:21:62:52:77:f3:8c:82:74:6a:02:3a:4c:b3:88:65:d9:
         c3:b7:55:e7:da:6c:92:63:79:55:36:fc:0f:2b:b7:1d:fd:04:
         c7:03:30:25:af:ae:9b:df:14:8e:24:36:34:0a:85:9a:cd:b6:
         c6:25:2a:a4:1a:cb:32:be:8b:70:15:f2:71:39:9f:82:f7:0b:
         d0:58:26:bc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUamLH6tJabesiiFSg3uNTxSLG/q4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDEwMTAwNzM4MjVaFw0yNTEwMDkwNzQzMjVaMDMxMTAvBgNV
BAMTKEQ4RDFEMUYyNDEzMkNBQzM2NDIyRDEyMDM1ODMzMDMyQkFFMTQ1MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHzX2D+mCTorGv9SLhCRaKBtlk
5SbSiH5Jysi8TFmP2bgHCN14e+D2bYEEZSdEP3IgxOQUwqMHkBkN2kdrO6BGcNhl
7jfkHKJccE6PMZZ4GqKp/rc/9IUGGyQWbwG7N4E2RrJYM6/GlfJeCIDOWjIWT23j
+hAOiTJzjOLeGlo07lCq1qg4RQ4leFsFvjC+j/6sdpelT+zTna4nMeDik57h8D18
IxdQ8n21uMhpJzdJ5U7pfHME0Xnfth1vln+Ac4N/RjkPiLIXBGeNisICAdZHy+xK
OVCRT6Yola9uqOTCmRHq4itFSKlLc8AnTNqNKzpWykIJDyWMCcOH1YtlenaFAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU2NHR8kEyysNkItEgNYMwMrrhRRUwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzODM1MmUzMjM1MzEyZTMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzAzMDMxMzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5+xcwDQYJKoZIhvcNAQELBQADggEBALHGPi/o7GDU63VfoAQZxilGouAh0pp8
FJ9/06Z4pvWERnK1dvjxgbMxM2DckI3NfZVnqZI48BnACvfsNMhQarwQF7hJCvuH
jtZPwWq/t7mylK2z+G91QLOjOMBGdrAgNDdXQMbw4wBSL43AiRlnGkG2hxgarf2v
6HWj4S21HFXgUGRVcmI7NgaAx0BwerLbyVYUglLNsfN+au10CUlkzyGMP4fqeKUz
aFZGVMFN1BG6ks2Blt0dIWJSd/OMgnRqAjpMs4hl2cO3VefabJJjeVU2/A8rtx39
BMcDMCWvrpvfFI4kNjQKhZrNtsYlKqQayzK+i3AV8nE5n4L3C9BYJrw=
-----END CERTIFICATE-----
Generated at Mon Oct 14 17:29:35 2024 by rpki-client on console-ams.rpki-client.org