Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138352e38302e302f32342d3332203d3e203531313637.roa
File:                     3138352e3138352e38302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          vaIh1H4AvLADpgB824mxuKvzciIa1T37nYUTPnH+eic=
Subject key identifier:   DD:67:B3:C3:00:1C:44:42:F8:55:E2:10:2C:67:43:11:7A:74:CF:13
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       50C856B1662F74F757D998C79A8C11901C14872A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138352e38302e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:01 +0000
ROA not before:           Mon 26 Feb 2024 08:48:01 +0000
ROA not after:            Mon 24 Feb 2025 08:53:01 +0000
asID:                     51167
IP address blocks:        185.185.80.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:c8:56:b1:66:2f:74:f7:57:d9:98:c7:9a:8c:11:90:1c:14:87:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:01 2024 GMT
            Not After : Feb 24 08:53:01 2025 GMT
        Subject: CN=DD67B3C3001C4442F855E2102C6743117A74CF13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ed:c0:f2:99:fd:28:68:98:8d:05:7c:24:81:
                    9c:41:c1:a4:0f:5e:b6:4b:a0:7b:6a:25:33:b5:f8:
                    68:03:4a:d3:21:e1:3c:be:34:8f:c4:e6:03:0c:8e:
                    2b:75:91:46:93:06:2d:c0:09:8b:6b:e6:20:73:20:
                    11:04:38:72:3a:53:d7:7d:53:8a:22:09:cc:97:9c:
                    64:25:aa:d0:e7:f6:0a:5a:44:f3:be:7d:63:e6:30:
                    2b:8d:71:bf:87:7b:bb:f0:51:64:02:08:47:60:b2:
                    12:be:b7:0f:c5:13:61:14:e3:84:4e:9b:34:63:5c:
                    a8:92:cc:44:d1:83:ed:55:c2:3c:36:be:36:25:db:
                    cb:c2:c4:2c:c8:0e:42:e2:b8:3b:f1:01:23:60:d8:
                    b6:4b:17:8c:ee:6c:bc:2d:00:60:52:86:87:47:0d:
                    0c:dd:2f:4f:ad:e9:e5:2b:87:e2:bb:1f:4c:18:95:
                    34:5c:e1:b7:1d:47:94:c6:f1:61:32:2a:06:ec:e1:
                    3c:5e:63:5e:20:79:4f:9b:33:8e:9c:b2:b6:cb:0e:
                    59:fc:d2:20:f8:10:ef:90:38:5a:e1:7e:d0:c5:a7:
                    b4:8a:76:b6:da:45:1b:2e:ad:f4:bc:35:e2:82:8a:
                    e6:c8:60:99:bb:e9:14:04:b3:f4:7c:80:22:65:a0:
                    25:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:67:B3:C3:00:1C:44:42:F8:55:E2:10:2C:67:43:11:7A:74:CF:13
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138352e38302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:81:2f:32:07:8b:cc:90:7e:22:50:d4:b7:69:f8:b3:ec:26:
         b0:6d:e0:70:b8:aa:06:ef:33:9e:e6:2d:9f:88:8e:a1:f5:8d:
         1e:a7:d4:e0:94:7d:1f:e8:9b:2c:2b:86:1d:52:ae:57:30:45:
         c7:75:55:68:32:12:55:f6:0f:d0:e0:e1:55:54:5f:1d:cd:99:
         13:29:dc:45:fb:71:38:9b:66:16:a7:1e:c9:c4:8f:8f:ff:fb:
         98:c6:b4:1f:4f:33:61:46:f6:76:e9:5b:2a:2f:01:dd:d6:a0:
         c8:e8:18:25:7a:3d:04:05:be:da:5e:b9:c3:57:6f:c7:aa:4d:
         92:20:b6:be:23:38:e5:98:df:af:21:37:b0:ee:51:6d:d3:11:
         37:f3:b7:67:15:fa:42:0b:be:3d:38:b1:18:0b:d5:25:eb:da:
         f4:e2:d3:54:69:29:07:21:3c:47:25:65:9c:fa:68:7b:4c:36:
         dd:6c:c4:cd:7a:20:46:ec:ff:69:f4:35:52:9c:54:74:4f:b9:
         63:06:62:4c:9b:69:8a:4c:d8:bf:95:41:e7:9c:24:b1:c3:1e:
         3b:45:f5:1c:ea:4d:76:1e:c4:21:59:7b:9b:23:ee:8e:b3:34:
         c0:1d:93:fd:73:89:38:79:0c:ab:d9:26:d2:06:da:44:03:93:
         69:5e:4d:09
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUUMhWsWYvdPdX2ZjHmowRkBwUhyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDFaFw0yNTAyMjQwODUzMDFaMDMxMTAvBgNV
BAMTKERENjdCM0MzMDAxQzQ0NDJGODU1RTIxMDJDNjc0MzExN0E3NENGMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN7cDymf0oaJiNBXwkgZxBwaQP
XrZLoHtqJTO1+GgDStMh4Ty+NI/E5gMMjit1kUaTBi3ACYtr5iBzIBEEOHI6U9d9
U4oiCcyXnGQlqtDn9gpaRPO+fWPmMCuNcb+He7vwUWQCCEdgshK+tw/FE2EU44RO
mzRjXKiSzETRg+1Vwjw2vjYl28vCxCzIDkLiuDvxASNg2LZLF4zubLwtAGBShodH
DQzdL0+t6eUrh+K7H0wYlTRc4bcdR5TG8WEyKgbs4TxeY14geU+bM46csrbLDln8
0iD4EO+QOFrhftDFp7SKdrbaRRsurfS8NeKCiubIYJm76RQEs/R8gCJloCWLAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU3WezwwAcREL4VeIQLGdDEXp0zxMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzUyZTM4
MzAyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
ublQMA0GCSqGSIb3DQEBCwUAA4IBAQBKgS8yB4vMkH4iUNS3afiz7CawbeBwuKoG
7zOe5i2fiI6h9Y0ep9TglH0f6JssK4YdUq5XMEXHdVVoMhJV9g/Q4OFVVF8dzZkT
KdxF+3E4m2YWpx7JxI+P//uYxrQfTzNhRvZ26VsqLwHd1qDI6Bglej0EBb7aXrnD
V2/Hqk2SILa+IzjlmN+vITew7lFt0xE387dnFfpCC749OLEYC9Ul69r04tNUaSkH
ITxHJWWc+mh7TDbdbMTNeiBG7P9p9DVSnFR0T7ljBmJMm2mKTNi/lUHnnCSxwx47
RfUc6k12HsQhWXubI+6OszTAHZP9c4k4eQyr2SbSBtpEA5NpXk0J
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:03 2024 by rpki-client on console-fra.rpki-client.org