Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3137332e3232342e302f32342d3234203d3e203434353932.roa
File:                     3138352e3137332e3232342e302f32342d3234203d3e203434353932.roa (raw, json)
Hash identifier:          lcJF7hIDuqJoSdnX77PcUt+LIN2Yv3CjMFjxaw1lhKo=
Subject key identifier:   6B:32:B8:70:77:EB:D8:34:B4:FC:44:F2:58:0C:90:BC:F3:A4:DF:89
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       709C7313598FA4B87B6ACE8317C335F1E4FF19D2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3137332e3232342e302f32342d3234203d3e203434353932.roa
Signing time:             Mon 26 Feb 2024 08:53:08 +0000
ROA not before:           Mon 26 Feb 2024 08:48:08 +0000
ROA not after:            Mon 24 Feb 2025 08:53:08 +0000
asID:                     44592
IP address blocks:        185.173.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:9c:73:13:59:8f:a4:b8:7b:6a:ce:83:17:c3:35:f1:e4:ff:19:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:08 2024 GMT
            Not After : Feb 24 08:53:08 2025 GMT
        Subject: CN=6B32B87077EBD834B4FC44F2580C90BCF3A4DF89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b7:1f:1f:78:cf:30:32:ed:83:fb:d1:3a:f9:
                    a2:d0:b8:c5:cd:f5:33:a8:83:22:f2:dd:2b:34:c1:
                    86:d4:0a:cb:e2:28:12:4d:14:61:34:52:42:15:d9:
                    78:e9:78:40:66:b6:bb:e9:c7:98:ef:e8:e9:e8:59:
                    e5:38:f2:cd:7f:68:8a:b1:bf:c7:d2:7e:31:79:16:
                    a2:69:ce:12:a2:1c:ad:f3:54:73:e9:47:f4:94:ed:
                    5b:46:e3:2d:0e:ac:3b:76:fe:c1:be:5b:50:94:d0:
                    90:3b:65:3c:4f:c4:f4:32:01:df:40:88:9b:e3:f1:
                    fc:c8:6d:21:9e:ae:fe:83:69:f8:9b:67:19:6a:54:
                    06:0f:b3:de:1d:b4:ad:d6:93:93:46:ef:bf:1c:c4:
                    8a:b2:ae:83:96:30:e0:75:65:6c:2b:91:52:32:9e:
                    f4:e6:f9:9e:b6:d0:c3:dd:a0:c2:b5:d9:07:38:a9:
                    d0:6b:b2:44:ee:c6:6f:c6:a4:56:48:71:98:e9:05:
                    86:68:de:4b:96:4d:1e:4d:49:41:b8:3a:fd:4b:a4:
                    4f:a7:52:e6:63:4b:26:80:a4:73:d5:86:b4:db:e8:
                    16:1b:bb:4d:e1:8b:a5:db:d8:ee:85:1b:49:7a:d4:
                    28:76:16:2f:5f:1d:4f:34:20:33:b8:82:17:c6:ab:
                    6e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:32:B8:70:77:EB:D8:34:B4:FC:44:F2:58:0C:90:BC:F3:A4:DF:89
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3137332e3232342e302f32342d3234203d3e203434353932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:99:79:03:87:27:39:84:57:97:4e:d0:d7:51:15:f9:4c:67:
         48:27:a8:80:21:ce:aa:7e:db:9c:c6:32:8a:4a:8c:65:6e:bc:
         45:1e:51:0c:f6:3d:b2:83:5e:87:4e:89:19:84:7f:36:27:71:
         b4:3f:c8:f5:da:ea:ad:d4:ac:5e:2b:5d:ea:87:b9:fc:21:b8:
         46:c2:40:63:c5:6d:f6:7e:90:c0:3c:32:98:8a:34:9f:fe:1f:
         07:5c:57:a5:59:71:c9:56:46:ce:99:a2:01:d5:97:fb:65:0f:
         f6:cc:92:2d:c0:67:b8:88:87:e8:b0:b4:94:0d:be:05:2c:63:
         ab:bc:79:8a:89:79:6a:88:9c:39:fd:95:61:d8:14:d5:d6:b0:
         96:f0:46:03:7e:66:e2:83:9d:90:ad:75:e4:9b:8b:c3:00:67:
         70:39:c7:20:f3:e5:f5:10:a8:34:84:f1:25:ab:f8:93:ad:5e:
         8b:90:d1:0e:aa:35:d6:f9:12:05:03:51:b8:f0:1a:39:35:1e:
         29:c2:4f:77:b5:b7:bd:bc:fd:92:47:2f:26:3e:8a:64:52:f3:
         aa:a8:93:a8:3a:2b:b3:64:1f:e8:24:ef:66:49:d4:4e:e9:a9:
         e3:52:10:35:83:30:51:b4:9b:bc:1f:d9:39:95:dd:1b:4b:0f:
         24:87:da:ba
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUcJxzE1mPpLh7as6DF8M18eT/GdIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDhaFw0yNTAyMjQwODUzMDhaMDMxMTAvBgNV
BAMTKDZCMzJCODcwNzdFQkQ4MzRCNEZDNDRGMjU4MEM5MEJDRjNBNERGODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCetx8feM8wMu2D+9E6+aLQuMXN
9TOogyLy3Ss0wYbUCsviKBJNFGE0UkIV2XjpeEBmtrvpx5jv6OnoWeU48s1/aIqx
v8fSfjF5FqJpzhKiHK3zVHPpR/SU7VtG4y0OrDt2/sG+W1CU0JA7ZTxPxPQyAd9A
iJvj8fzIbSGerv6DafibZxlqVAYPs94dtK3Wk5NG778cxIqyroOWMOB1ZWwrkVIy
nvTm+Z620MPdoMK12Qc4qdBrskTuxm/GpFZIcZjpBYZo3kuWTR5NSUG4Ov1LpE+n
UuZjSyaApHPVhrTb6BYbu03hi6Xb2O6FG0l61Ch2Fi9fHU80IDO4ghfGq24LAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUazK4cHfr2DS0/ETyWAyQvPOk34kwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM3MzMyZTMy
MzIzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzQzNTM5MzIucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5reAwDQYJKoZIhvcNAQELBQADggEBACSZeQOHJzmEV5dO0NdRFflMZ0gnqIAh
zqp+25zGMopKjGVuvEUeUQz2PbKDXodOiRmEfzYncbQ/yPXa6q3UrF4rXeqHufwh
uEbCQGPFbfZ+kMA8MpiKNJ/+HwdcV6VZcclWRs6ZogHVl/tlD/bMki3AZ7iIh+iw
tJQNvgUsY6u8eYqJeWqInDn9lWHYFNXWsJbwRgN+ZuKDnZCtdeSbi8MAZ3A5xyDz
5fUQqDSE8SWr+JOtXouQ0Q6qNdb5EgUDUbjwGjk1HinCT3e1t728/ZJHLyY+imRS
86qok6g6K7NkH+gk72ZJ1E7pqeNSEDWDMFG0m7wf2TmV3RtLDySH2ro=
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:55 2024 by rpki-client on console-fra.rpki-client.org