Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3136362e3138382e302f32342d3234203d3e203437353833.roa
File:                     3138352e3136362e3138382e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          e2p+Wp3mtsKFU6L3Ltkdm9U6Jr/cvQUeWOl23R8giIU=
Subject key identifier:   23:90:63:A9:B4:6F:70:A7:36:9B:43:B5:DC:3C:E7:1F:6B:26:B2:20
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       42D21033168242A68A875A2C597E31863C95C5DC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3136362e3138382e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:10 +0000
ROA not before:           Mon 26 Feb 2024 08:48:10 +0000
ROA not after:            Mon 24 Feb 2025 08:53:10 +0000
asID:                     47583
IP address blocks:        185.166.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:d2:10:33:16:82:42:a6:8a:87:5a:2c:59:7e:31:86:3c:95:c5:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:10 2024 GMT
            Not After : Feb 24 08:53:10 2025 GMT
        Subject: CN=239063A9B46F70A7369B43B5DC3CE71F6B26B220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ea:21:8c:62:ea:2a:33:49:9a:26:e2:43:85:
                    37:42:b1:2c:af:59:0d:43:00:48:c6:6d:c8:cb:bf:
                    78:e5:67:23:e0:ad:5c:0a:58:1f:05:52:e5:92:33:
                    54:19:2c:61:a4:40:92:f8:37:e7:7c:9c:3f:a8:f7:
                    65:57:41:ca:b1:53:93:35:92:17:66:67:12:a4:18:
                    10:1c:f5:92:4e:20:4a:e7:be:9f:b2:4f:3c:6c:f8:
                    aa:93:8e:c2:4b:af:bd:5c:ae:d6:50:cb:81:51:11:
                    32:5e:04:3d:0e:5e:26:3d:7b:7b:2c:39:a8:19:db:
                    82:30:5f:f9:8f:e9:de:9a:ca:99:33:94:eb:1a:95:
                    44:bd:d4:9a:8d:7f:ae:ff:21:48:49:8d:53:cf:d5:
                    25:00:d8:dd:f8:5c:a6:88:88:ab:b2:ab:1e:be:fb:
                    4d:f0:23:e5:f6:85:23:81:0d:e4:a6:fe:ef:bc:f5:
                    a9:b8:ea:db:a9:e5:f8:4b:71:43:cd:d8:ff:8b:ab:
                    56:c1:5c:c3:58:cb:6b:47:a6:b6:e0:1e:89:e4:08:
                    e6:c6:a6:0b:9b:51:0b:a4:4b:81:7f:04:04:e4:9f:
                    9e:5e:ec:a4:ae:0b:f0:a1:b2:3c:64:75:6b:b7:dc:
                    e1:9e:12:54:de:c2:68:5c:29:0c:28:f3:ae:03:4a:
                    8b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:90:63:A9:B4:6F:70:A7:36:9B:43:B5:DC:3C:E7:1F:6B:26:B2:20
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3136362e3138382e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:9a:92:91:c5:84:31:27:c7:12:8e:a3:0d:75:4e:ed:81:ef:
         f6:35:cf:1b:a4:15:09:1e:11:e3:3e:f7:c6:46:54:cf:3e:df:
         1f:dd:f0:7f:f2:36:77:65:95:9c:5c:b5:2a:b9:ce:da:48:76:
         ec:e1:9c:af:82:44:d8:9c:00:a6:4f:ea:af:ab:ca:bb:94:de:
         f0:e8:f8:41:87:22:72:37:90:9f:24:09:46:c7:49:f3:7c:e5:
         df:4b:c3:60:35:39:a5:ea:ac:dd:cb:c5:6d:b1:53:54:cc:4c:
         62:93:43:ad:d0:3d:a8:8a:ac:20:b6:5a:6e:c1:67:68:f6:a9:
         47:2d:7b:a7:c0:a3:0a:98:15:7d:13:8f:b4:9c:87:b8:da:73:
         70:b4:97:39:60:03:87:b6:50:63:4b:e2:71:e5:8f:d2:3b:74:
         2e:8b:2e:95:6a:a1:c1:10:f9:5a:0e:e2:52:26:64:73:5a:de:
         7b:03:e7:05:16:a4:b5:f1:60:d1:b9:42:e2:1a:1c:17:9b:70:
         54:22:a5:eb:32:86:ba:00:cb:eb:90:0a:70:07:bc:78:dc:bb:
         52:b0:47:1f:2e:0c:5b:30:11:c4:c2:40:3d:48:6c:e4:3e:75:
         55:00:1e:f6:cb:51:67:23:71:db:86:0d:48:87:64:38:bd:12:
         90:51:e4:6c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQtIQMxaCQqaKh1osWX4xhjyVxdwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTBaFw0yNTAyMjQwODUzMTBaMDMxMTAvBgNV
BAMTKDIzOTA2M0E5QjQ2RjcwQTczNjlCNDNCNURDM0NFNzFGNkIyNkIyMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE6iGMYuoqM0maJuJDhTdCsSyv
WQ1DAEjGbcjLv3jlZyPgrVwKWB8FUuWSM1QZLGGkQJL4N+d8nD+o92VXQcqxU5M1
khdmZxKkGBAc9ZJOIErnvp+yTzxs+KqTjsJLr71crtZQy4FRETJeBD0OXiY9e3ss
OagZ24IwX/mP6d6aypkzlOsalUS91JqNf67/IUhJjVPP1SUA2N34XKaIiKuyqx6+
+03wI+X2hSOBDeSm/u+89am46tup5fhLcUPN2P+Lq1bBXMNYy2tHprbgHonkCObG
pgubUQukS4F/BATkn55e7KSuC/ChsjxkdWu33OGeElTewmhcKQwo864DSoslAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUI5BjqbRvcKc2m0O13DznH2smsiAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM2MzYyZTMx
MzgzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5prwwDQYJKoZIhvcNAQELBQADggEBAB+akpHFhDEnxxKOow11Tu2B7/Y1zxuk
FQkeEeM+98ZGVM8+3x/d8H/yNndllZxctSq5ztpIduzhnK+CRNicAKZP6q+ryruU
3vDo+EGHInI3kJ8kCUbHSfN85d9Lw2A1OaXqrN3LxW2xU1TMTGKTQ63QPaiKrCC2
Wm7BZ2j2qUcte6fAowqYFX0Tj7Sch7jac3C0lzlgA4e2UGNL4nHlj9I7dC6LLpVq
ocEQ+VoO4lImZHNa3nsD5wUWpLXxYNG5QuIaHBebcFQipesyhroAy+uQCnAHvHjc
u1KwRx8uDFswEcTCQD1IbOQ+dVUAHvbLUWcjcduGDUiHZDi9EpBR5Gw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:45 2024 by rpki-client on console-ams.rpki-client.org