Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138322e382e302f32332d3332203d3e203531313637.roa
File:                     3138352e3138322e382e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          Ydr1cNyhuI4sDaBZeDe69l/MqNmkju2aDi0dnXNLOyM=
Subject key identifier:   8F:8F:07:75:73:2D:BF:66:C2:1F:10:96:4B:63:68:74:74:5F:F6:55
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0764EA30A032AF6E5645B0CC347A8CA2A79F33E0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138322e382e302f32332d3332203d3e203531313637.roa
Signing time:             Fri 20 Sep 2024 14:05:01 +0000
ROA not before:           Fri 20 Sep 2024 14:00:01 +0000
ROA not after:            Fri 19 Sep 2025 14:05:01 +0000
asID:                     51167
IP address blocks:        185.182.8.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:64:ea:30:a0:32:af:6e:56:45:b0:cc:34:7a:8c:a2:a7:9f:33:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 14:00:01 2024 GMT
            Not After : Sep 19 14:05:01 2025 GMT
        Subject: CN=8F8F0775732DBF66C21F10964B636874745FF655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f2:30:45:2f:18:7d:0a:e6:71:70:0a:54:81:
                    85:39:bb:7f:b8:d3:7d:7f:dd:55:a8:97:6d:a7:12:
                    c6:6b:00:e7:0b:7f:aa:5f:02:44:b1:ce:a5:1f:2a:
                    55:47:94:32:5f:72:41:2f:8a:fd:3f:88:91:47:e1:
                    33:fb:94:26:21:7f:1b:6c:83:e7:1d:95:4e:93:4e:
                    29:1a:2c:3c:93:7c:61:31:06:a7:e3:bf:fb:86:bc:
                    c6:ee:d4:92:01:14:60:5e:9c:cd:46:0c:3b:32:fa:
                    2b:f8:36:e8:b1:5f:7e:2b:83:a0:b0:d3:35:0b:20:
                    31:6f:71:cc:62:6f:5c:e6:5d:a5:92:09:70:84:a5:
                    04:93:67:de:01:ae:32:ad:2e:d7:69:3e:e6:b6:bf:
                    be:92:de:b7:51:8b:7b:02:7b:2b:df:da:3d:e5:0d:
                    df:ee:3a:fc:41:08:02:70:14:35:11:5a:e9:7d:20:
                    e8:6c:14:50:64:a2:0a:f3:c2:04:09:47:a2:08:c6:
                    c1:5b:7c:93:b8:44:21:22:34:5a:2f:7d:e9:ae:88:
                    43:50:f7:ac:16:35:52:a5:95:a8:39:fe:2c:40:2e:
                    f1:61:f0:b1:61:07:1e:00:9b:6b:12:33:01:26:68:
                    08:1f:1b:aa:93:fc:da:b5:43:56:89:2a:af:17:ec:
                    d9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:8F:07:75:73:2D:BF:66:C2:1F:10:96:4B:63:68:74:74:5F:F6:55
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138322e382e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:ae:83:f7:a5:59:eb:bc:6a:4a:fe:4c:9b:28:e9:b2:a7:75:
         21:82:23:4c:67:5a:8f:e4:ac:e3:af:fb:5e:96:38:93:a9:38:
         52:6d:5b:d9:04:70:bb:c8:55:9a:5f:d4:f7:90:c0:e5:94:43:
         cf:49:8e:dd:49:a6:45:d7:0c:21:1a:f1:61:a8:0a:12:84:f5:
         62:ae:c2:e3:4b:a9:bf:37:f6:30:5b:0e:87:aa:2d:78:f3:b5:
         70:e4:27:b7:be:ab:e6:7e:0d:bd:b2:ba:af:36:02:d3:61:a5:
         78:b5:6f:19:88:63:12:d2:fd:90:1c:69:75:82:e0:fb:eb:f7:
         86:88:a8:26:21:56:aa:34:4c:0d:33:7d:2a:1f:74:3b:b3:d7:
         a0:e8:4f:84:92:b6:93:c3:f3:63:1c:ca:fc:9b:b9:d7:6f:bc:
         3a:3f:9c:cc:ee:90:e9:82:17:ba:17:8d:a5:72:20:2e:11:d9:
         c1:11:f5:12:da:f8:d1:44:a6:ac:4c:40:01:60:ab:f7:fd:cf:
         5e:65:61:66:dc:19:79:80:1a:8f:06:ad:5f:17:74:a2:55:df:
         5a:71:bc:ab:a5:3c:28:14:43:63:95:35:10:d2:36:05:cd:c1:
         1e:c6:32:ef:da:0a:cc:55:a7:0d:35:f1:6a:c5:63:b9:bd:6c:
         09:70:c7:1e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUB2TqMKAyr25WRbDMNHqMoqefM+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxNDAwMDFaFw0yNTA5MTkxNDA1MDFaMDMxMTAvBgNV
BAMTKDhGOEYwNzc1NzMyREJGNjZDMjFGMTA5NjRCNjM2ODc0NzQ1RkY2NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg8jBFLxh9CuZxcApUgYU5u3+4
031/3VWol22nEsZrAOcLf6pfAkSxzqUfKlVHlDJfckEviv0/iJFH4TP7lCYhfxts
g+cdlU6TTikaLDyTfGExBqfjv/uGvMbu1JIBFGBenM1GDDsy+iv4NuixX34rg6Cw
0zULIDFvccxib1zmXaWSCXCEpQSTZ94BrjKtLtdpPua2v76S3rdRi3sCeyvf2j3l
Dd/uOvxBCAJwFDURWul9IOhsFFBkogrzwgQJR6IIxsFbfJO4RCEiNFovfemuiENQ
96wWNVKllag5/ixALvFh8LFhBx4Am2sSMwEmaAgfG6qT/Nq1Q1aJKq8X7Nk5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUj48HdXMtv2bCHxCWS2NodHRf9lUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzIyZTM4
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbm2
CDANBgkqhkiG9w0BAQsFAAOCAQEANa6D96VZ67xqSv5Mmyjpsqd1IYIjTGdaj+Ss
46/7XpY4k6k4Um1b2QRwu8hVml/U95DA5ZRDz0mO3UmmRdcMIRrxYagKEoT1Yq7C
40upvzf2MFsOh6otePO1cOQnt76r5n4NvbK6rzYC02GleLVvGYhjEtL9kBxpdYLg
++v3hoioJiFWqjRMDTN9Kh90O7PXoOhPhJK2k8PzYxzK/Ju512+8Oj+czO6Q6YIX
uheNpXIgLhHZwRH1Etr40USmrExAAWCr9/3PXmVhZtwZeYAajwatXxd0olXfWnG8
q6U8KBRDY5U1ENI2Bc3BHsYy79oKzFWnDTXxasVjub1sCXDHHg==
-----END CERTIFICATE-----