Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138332e38372e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3138332e38372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          ITyLNd+8T0PfDzME3LSsDbGboigfoDut2/NgVAyvs/g=
Subject key identifier:   5F:3F:F1:2E:FB:09:32:CD:57:69:C6:D9:DC:81:23:01:62:8C:81:C7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       55420B8EE33450818C691C9B7CC25AE23E6BDBDC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138332e38372e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 12 May 2024 11:03:39 +0000
ROA not before:           Sun 12 May 2024 10:58:39 +0000
ROA not after:            Sun 11 May 2025 11:03:39 +0000
asID:                     136787
IP address blocks:        185.183.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:42:0b:8e:e3:34:50:81:8c:69:1c:9b:7c:c2:5a:e2:3e:6b:db:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 12 10:58:39 2024 GMT
            Not After : May 11 11:03:39 2025 GMT
        Subject: CN=5F3FF12EFB0932CD5769C6D9DC812301628C81C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ce:f6:83:e7:85:ac:50:7a:a9:0d:5b:6a:cb:
                    64:0b:cb:fa:aa:32:97:22:44:3a:12:30:4d:b8:89:
                    77:e7:5e:36:89:46:1f:24:89:56:32:29:22:fb:c3:
                    ff:02:54:e1:c8:5a:d2:0f:c9:9e:fd:d8:e4:c7:25:
                    45:7c:46:84:6e:60:74:fe:a3:8a:f6:94:09:d1:76:
                    ea:bf:68:14:0a:b1:96:40:54:28:27:9a:0d:99:58:
                    28:37:c6:4b:dc:4a:ce:cd:71:91:60:6e:02:6e:0f:
                    34:d7:49:a7:41:d4:8c:b0:f7:0b:37:44:89:7f:e3:
                    fb:af:84:f9:bf:95:a6:51:2d:c9:19:7b:36:f4:4b:
                    68:ff:8e:a3:f5:e4:f8:57:a0:b3:db:bd:b1:86:47:
                    52:68:26:64:27:12:23:92:a1:9b:26:9e:b4:cd:e8:
                    34:e1:2a:28:6c:82:58:a0:62:98:ff:9c:10:2e:44:
                    e2:cb:ff:44:2d:c3:2f:f7:dc:c1:30:f9:df:ec:3d:
                    5b:2a:c8:cc:52:fd:e7:a6:a8:ba:34:20:8b:8b:43:
                    53:ab:10:31:49:11:a0:51:74:6f:22:1b:85:85:18:
                    c0:b3:72:ba:a5:35:26:f9:c2:b5:61:ba:05:4f:57:
                    f1:4b:b7:5e:25:e4:e4:03:88:33:d3:f1:fc:38:df:
                    88:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:3F:F1:2E:FB:09:32:CD:57:69:C6:D9:DC:81:23:01:62:8C:81:C7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138332e38372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:e3:6e:ea:8a:7f:dd:bd:2e:06:40:95:6d:63:e9:c3:9b:34:
         14:a5:6b:c9:45:18:0d:a8:e0:8b:ed:95:79:f9:18:e0:54:34:
         ff:a4:bd:f0:15:5f:fe:c7:2f:2b:5e:73:43:df:3e:08:47:7d:
         5d:ec:1e:30:05:76:1a:eb:c8:f0:0d:17:ba:a3:8f:93:51:da:
         68:be:8e:3d:37:6c:52:cb:38:c7:34:2e:c9:9c:4d:ca:19:b0:
         65:d3:9d:5a:76:b4:aa:a0:7c:ab:a1:81:b3:9c:06:1a:19:47:
         aa:e2:32:ac:1d:9c:97:2b:34:1e:8f:2f:8e:f4:83:da:1a:54:
         90:d0:52:77:23:2b:96:ac:7b:6d:da:0e:2c:bc:bf:3c:d5:9c:
         c8:e8:85:1f:34:b9:67:82:9f:e1:93:69:ed:b9:51:b2:19:d6:
         e6:25:fa:ee:12:e9:14:03:89:20:b3:f9:4a:41:32:18:3d:76:
         96:b7:f8:d2:ac:e4:83:99:68:76:d8:47:8a:f6:f5:b9:08:bd:
         b8:4d:67:e4:31:14:ea:7e:6e:b8:04:64:9b:cf:7b:b8:dc:50:
         3d:13:02:18:d1:50:49:18:b1:7f:46:64:68:6c:45:e5:9f:94:
         2e:a5:23:ff:9b:1d:6b:3f:e2:1b:87:71:9e:15:c0:e3:cc:93:
         87:f4:4b:18
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUVUILjuM0UIGMaRybfMJa4j5r29wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MTIxMDU4MzlaFw0yNTA1MTExMTAzMzlaMDMxMTAvBgNV
BAMTKDVGM0ZGMTJFRkIwOTMyQ0Q1NzY5QzZEOURDODEyMzAxNjI4QzgxQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTzvaD54WsUHqpDVtqy2QLy/qq
MpciRDoSME24iXfnXjaJRh8kiVYyKSL7w/8CVOHIWtIPyZ792OTHJUV8RoRuYHT+
o4r2lAnRduq/aBQKsZZAVCgnmg2ZWCg3xkvcSs7NcZFgbgJuDzTXSadB1Iyw9ws3
RIl/4/uvhPm/laZRLckZezb0S2j/jqP15PhXoLPbvbGGR1JoJmQnEiOSoZsmnrTN
6DThKihsgligYpj/nBAuROLL/0Qtwy/33MEw+d/sPVsqyMxS/eemqLo0IIuLQ1Or
EDFJEaBRdG8iG4WFGMCzcrqlNSb5wrVhugVPV/FLt14l5OQDiDPT8fw434gxAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUXz/xLvsJMs1XacbZ3IEjAWKMgccwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzMyZTM4
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5t1cwDQYJKoZIhvcNAQELBQADggEBAEDjbuqKf929LgZAlW1j6cObNBSla8lF
GA2o4IvtlXn5GOBUNP+kvfAVX/7HLytec0PfPghHfV3sHjAFdhrryPANF7qjj5NR
2mi+jj03bFLLOMc0LsmcTcoZsGXTnVp2tKqgfKuhgbOcBhoZR6riMqwdnJcrNB6P
L470g9oaVJDQUncjK5ase23aDiy8vzzVnMjohR80uWeCn+GTae25UbIZ1uYl+u4S
6RQDiSCz+UpBMhg9dpa3+NKs5IOZaHbYR4r29bkIvbhNZ+QxFOp+brgEZJvPe7jc
UD0TAhjRUEkYsX9GZGhsReWflC6lI/+bHWs/4huHcZ4VwOPMk4f0Sxg=
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:29:13 2024 by rpki-client on console-ams.rpki-client.org