Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa
File:                     3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa (raw, json)
Hash identifier:          4hhpAO54idjCtIwmb6IsSLe4H2456SRnYGfAWFZ/0Vc=
Subject key identifier:   00:D3:93:1F:7A:91:4B:8F:27:07:18:AC:C1:0B:46:0C:95:38:8A:3E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3149B2EFACD70831AF5ED167C32176A1DFA4A18F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa
Signing time:             Fri 20 Sep 2024 14:05:00 +0000
ROA not before:           Fri 20 Sep 2024 14:00:00 +0000
ROA not after:            Fri 19 Sep 2025 14:05:00 +0000
asID:                     399641
IP address blocks:        185.187.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Dec 2024 14:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:49:b2:ef:ac:d7:08:31:af:5e:d1:67:c3:21:76:a1:df:a4:a1:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 14:00:00 2024 GMT
            Not After : Sep 19 14:05:00 2025 GMT
        Subject: CN=00D3931F7A914B8F270718ACC10B460C95388A3E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:df:91:fb:85:c5:2e:0d:a2:51:84:d4:e6:44:
                    43:ad:fe:e4:2d:44:52:fe:a0:fa:26:d2:cc:95:20:
                    82:9d:81:99:dc:5a:bc:21:8f:94:64:f6:91:3e:15:
                    96:61:1d:f0:4f:47:d0:8f:2f:c5:b4:ac:f0:45:45:
                    7b:f5:5f:77:72:88:09:a7:99:8c:b4:36:62:4f:ee:
                    47:e7:8a:98:7c:2f:6e:a1:4b:15:60:17:05:08:67:
                    cf:b6:38:45:e5:05:31:6c:24:82:fe:dc:ab:5c:0f:
                    84:c8:20:a2:3f:16:ba:3b:35:df:11:42:c8:ae:d3:
                    0a:f2:22:7b:92:7e:f0:67:90:26:a4:a0:3b:f1:88:
                    4b:7d:87:10:9f:3b:f7:aa:70:7e:c6:90:8e:71:e7:
                    af:eb:fa:ee:ac:1f:91:49:65:f2:fe:bd:d0:53:ec:
                    36:45:89:88:25:c8:fd:71:f7:d2:33:4e:bb:a9:79:
                    99:f7:f6:64:0b:c0:0d:11:a2:13:e3:c9:fd:cc:e5:
                    ed:4a:41:d9:62:82:e3:01:43:42:70:f2:bc:0a:3f:
                    97:76:f1:fe:25:ea:61:cb:eb:3b:1d:40:2a:7d:6c:
                    8d:74:e6:d9:fc:fc:1f:32:ce:c4:9f:20:5d:3e:82:
                    d4:6f:b2:bd:61:db:69:6b:d5:e9:8c:c2:ff:da:00:
                    dc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D3:93:1F:7A:91:4B:8F:27:07:18:AC:C1:0B:46:0C:95:38:8A:3E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:4c:20:e5:a2:23:d6:24:5f:f4:51:cf:e3:32:96:8b:75:c4:
         44:68:9b:c0:d0:fb:35:a6:4e:04:d4:28:f5:a9:bb:4f:0b:c6:
         e5:02:ae:e2:2e:2e:a0:21:68:a1:c4:37:a6:77:02:b4:57:15:
         ee:ed:75:85:5c:54:31:9a:b1:4d:5d:78:8d:e1:67:b4:e9:b5:
         fb:f3:5a:39:63:b6:9b:eb:f7:d5:2c:55:99:39:e6:4e:e5:47:
         2b:a8:00:5b:bd:85:17:2c:1a:e6:3c:a5:7a:1b:8e:e6:20:58:
         34:4e:8b:7a:3b:29:13:b4:85:ea:0d:cf:f1:fd:d2:2a:27:d0:
         a6:35:0c:e0:e5:fa:5a:ef:24:a6:07:ad:48:f6:be:7c:29:42:
         05:9a:84:58:b0:c4:4c:a1:f1:6f:40:5c:00:55:88:4e:d2:06:
         fa:54:8b:f4:ff:15:89:21:19:5d:f3:b3:f7:18:73:4a:b8:e2:
         02:e8:57:1f:62:d4:51:4b:96:8e:e8:ad:51:a1:d1:26:68:e3:
         90:56:b3:9b:5b:22:c1:0d:be:6d:1d:bf:df:14:97:5e:ea:a9:
         2d:3f:d8:4d:ee:92:25:b9:67:80:9a:1d:37:b4:31:7d:b3:12:
         cc:16:47:ae:46:92:62:8d:93:6c:b8:90:7c:94:a7:d7:78:8d:
         42:7d:86:85
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUMUmy76zXCDGvXtFnwyF2od+koY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxNDAwMDBaFw0yNTA5MTkxNDA1MDBaMDMxMTAvBgNV
BAMTKDAwRDM5MzFGN0E5MTRCOEYyNzA3MThBQ0MxMEI0NjBDOTUzODhBM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW35H7hcUuDaJRhNTmREOt/uQt
RFL+oPom0syVIIKdgZncWrwhj5Rk9pE+FZZhHfBPR9CPL8W0rPBFRXv1X3dyiAmn
mYy0NmJP7kfniph8L26hSxVgFwUIZ8+2OEXlBTFsJIL+3KtcD4TIIKI/Fro7Nd8R
Qsiu0wryInuSfvBnkCakoDvxiEt9hxCfO/eqcH7GkI5x56/r+u6sH5FJZfL+vdBT
7DZFiYglyP1x99IzTrupeZn39mQLwA0RohPjyf3M5e1KQdliguMBQ0Jw8rwKP5d2
8f4l6mHL6zsdQCp9bI105tn8/B8yzsSfIF0+gtRvsr1h22lr1emMwv/aANyZAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUANOTH3qRS48nBxiswQtGDJU4ij4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzcyZTMy
MzMzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzOTM2MzQzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALm76jANBgkqhkiG9w0BAQsFAAOCAQEAFUwg5aIj1iRf9FHP4zKWi3XERGib
wND7NaZOBNQo9am7TwvG5QKu4i4uoCFoocQ3pncCtFcV7u11hVxUMZqxTV14jeFn
tOm1+/NaOWO2m+v31SxVmTnmTuVHK6gAW72FFywa5jylehuO5iBYNE6LejspE7SF
6g3P8f3SKifQpjUM4OX6Wu8kpgetSPa+fClCBZqEWLDETKHxb0BcAFWITtIG+lSL
9P8ViSEZXfOz9xhzSrjiAuhXH2LUUUuWjuitUaHRJmjjkFazm1siwQ2+bR2/3xSX
XuqpLT/YTe6SJblngJodN7QxfbMSzBZHrkaSYo2TbLiQfJSn13iNQn2GhQ==
-----END CERTIFICATE-----
Generated at Wed Dec 11 20:40:03 2024 by rpki-client on console-fra.rpki-client.org