Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135362e302f32342d3332203d3e203430303231.roa
File:                     3138352e3131312e3135362e302f32342d3332203d3e203430303231.roa (raw, json)
Hash identifier:          ndm2gKb4AAkQ3ACnAUULDDUMV2FBjoZBmI87IzMXV14=
Subject key identifier:   12:73:8B:3C:A8:33:8B:42:3E:9E:3A:2B:67:77:CB:94:5E:21:C0:DC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1AD7486576DDDB2F976976B20C94AC479CF05FD6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135362e302f32342d3332203d3e203430303231.roa
Signing time:             Mon 26 Feb 2024 08:53:19 +0000
ROA not before:           Mon 26 Feb 2024 08:48:19 +0000
ROA not after:            Mon 24 Feb 2025 08:53:19 +0000
asID:                     40021
IP address blocks:        185.111.156.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:d7:48:65:76:dd:db:2f:97:69:76:b2:0c:94:ac:47:9c:f0:5f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:19 2024 GMT
            Not After : Feb 24 08:53:19 2025 GMT
        Subject: CN=12738B3CA8338B423E9E3A2B6777CB945E21C0DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:53:a4:3c:9e:0a:91:8b:56:00:90:66:13:c3:
                    c8:90:51:00:5c:5b:10:36:65:8f:81:ba:a8:3e:a9:
                    62:b0:5a:d7:62:7d:75:0f:6d:6c:63:2a:aa:a0:b1:
                    f5:9c:d3:46:3e:86:7d:25:c8:c3:3b:36:c5:46:09:
                    6a:4e:f8:93:bc:77:8d:41:5c:90:fa:a9:aa:a5:99:
                    17:71:fc:38:43:1e:70:dc:04:4e:0c:00:5b:a3:75:
                    ba:6b:5c:99:1e:2c:ed:04:1c:a4:7f:d5:3f:3a:9f:
                    63:cd:c1:72:95:5e:59:2b:3d:d4:f0:11:4b:be:a2:
                    72:2c:ec:a0:4d:53:81:2c:fb:95:c3:a1:5e:9c:0a:
                    05:3d:a3:16:52:1b:51:e5:35:4d:1a:49:93:07:51:
                    3a:73:b0:e4:f2:ee:4d:08:e9:65:55:b9:f2:77:e1:
                    32:17:6a:9c:c4:9a:2a:16:69:89:cb:63:e0:2f:08:
                    2d:f6:16:ce:75:7d:85:f9:ad:ca:2b:59:f4:97:49:
                    ed:f9:0f:b2:3e:92:e6:17:4f:92:a8:1d:07:46:a1:
                    78:eb:6b:e5:c1:32:84:5b:5a:9e:c9:7b:50:cf:d1:
                    6a:ce:09:84:1f:a8:6a:d6:4c:2f:27:fe:9a:b4:23:
                    27:d3:7c:37:c0:00:78:7e:63:68:f9:af:39:35:ad:
                    92:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:73:8B:3C:A8:33:8B:42:3E:9E:3A:2B:67:77:CB:94:5E:21:C0:DC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135362e302f32342d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ee:1c:5f:56:48:c6:e6:36:4a:94:32:a1:65:6e:35:3c:96:
         d6:a2:9c:09:b8:d0:87:7b:a9:8e:87:62:c5:31:55:f8:3b:f2:
         f2:ad:5b:24:fb:42:d7:34:af:b4:5c:43:9c:9c:6c:db:c0:f8:
         5f:6e:4e:d2:54:94:39:f3:97:7a:c0:e0:6e:e7:6b:99:c2:b9:
         b5:4e:22:ee:62:25:e0:11:0d:3c:87:3e:2d:86:ea:8f:95:10:
         0d:aa:aa:c8:cc:f3:2b:df:ee:4d:41:fb:33:ef:f7:21:6e:4b:
         b7:4d:6b:fe:b7:d2:f3:7c:0f:51:e8:58:66:79:cc:0c:3a:81:
         84:e4:b6:89:15:6a:ff:4a:81:76:b2:60:cc:bd:aa:45:8b:16:
         75:ac:47:8f:74:f3:e9:2f:fd:0c:48:4a:0f:09:f6:a6:8a:e7:
         ad:f1:25:49:84:1d:cf:fa:35:39:a9:42:94:cc:b1:27:01:a8:
         79:52:96:5e:7e:20:0e:55:37:4b:ad:a5:e6:f7:6a:aa:f9:42:
         89:61:db:16:cc:64:c6:b3:80:d9:ab:f7:1a:89:9f:b7:62:fb:
         f3:1f:fb:0e:92:20:dd:b5:bd:cf:12:65:eb:d8:70:95:ae:c4:
         ab:25:a3:14:bf:14:c0:e1:b7:79:db:49:d7:8a:e2:8b:54:63:
         1f:64:59:1e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUGtdIZXbd2y+XaXayDJSsR5zwX9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTlaFw0yNTAyMjQwODUzMTlaMDMxMTAvBgNV
BAMTKDEyNzM4QjNDQTgzMzhCNDIzRTlFM0EyQjY3NzdDQjk0NUUyMUMwREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtU6Q8ngqRi1YAkGYTw8iQUQBc
WxA2ZY+Buqg+qWKwWtdifXUPbWxjKqqgsfWc00Y+hn0lyMM7NsVGCWpO+JO8d41B
XJD6qaqlmRdx/DhDHnDcBE4MAFujdbprXJkeLO0EHKR/1T86n2PNwXKVXlkrPdTw
EUu+onIs7KBNU4Es+5XDoV6cCgU9oxZSG1HlNU0aSZMHUTpzsOTy7k0I6WVVufJ3
4TIXapzEmioWaYnLY+AvCC32Fs51fYX5rcorWfSXSe35D7I+kuYXT5KoHQdGoXjr
a+XBMoRbWp7Je1DP0WrOCYQfqGrWTC8n/pq0IyfTfDfAAHh+Y2j5rzk1rZKTAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUEnOLPKgzi0I+njorZ3fLlF4hwNwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTMxMzEyZTMx
MzUzNjJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM0MzAzMDMyMzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5b5wwDQYJKoZIhvcNAQELBQADggEBACruHF9WSMbmNkqUMqFlbjU8ltainAm4
0Id7qY6HYsUxVfg78vKtWyT7Qtc0r7RcQ5ycbNvA+F9uTtJUlDnzl3rA4G7na5nC
ubVOIu5iJeARDTyHPi2G6o+VEA2qqsjM8yvf7k1B+zPv9yFuS7dNa/630vN8D1Ho
WGZ5zAw6gYTktokVav9KgXayYMy9qkWLFnWsR4908+kv/QxISg8J9qaK563xJUmE
Hc/6NTmpQpTMsScBqHlSll5+IA5VN0utpeb3aqr5Qolh2xbMZMazgNmr9xqJn7di
+/Mf+w6SIN21vc8SZevYcJWuxKsloxS/FMDht3nbSdeK4otUYx9kWR4=
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:55 2024 by rpki-client on console-fra.rpki-client.org