Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa
File:                     3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa (raw, json)
Hash identifier:          d8HJCkDQHD6zVmbheVOKEP8fMVfG0O7XUO7qF6FstoY=
Subject key identifier:   90:5D:74:34:10:D7:7E:02:35:DF:6D:D1:6D:43:2C:D3:23:A7:C7:DD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       051DD4AEE39B58228530EC63B9DFB9D459EF2BF5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa
Signing time:             Fri 20 Oct 2023 13:41:46 +0000
ROA not before:           Fri 20 Oct 2023 13:36:46 +0000
ROA not after:            Fri 18 Oct 2024 13:41:46 +0000
asID:                     399641
IP address blocks:        185.187.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 Mar 2024 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:1d:d4:ae:e3:9b:58:22:85:30:ec:63:b9:df:b9:d4:59:ef:2b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:46 2023 GMT
            Not After : Oct 18 13:41:46 2024 GMT
        Subject: CN=905D743410D77E0235DF6DD16D432CD323A7C7DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0f:a5:85:81:fc:46:34:cf:8a:ad:9a:38:44:
                    6a:f2:2a:aa:05:97:72:9d:e9:c5:45:b0:80:39:a9:
                    c9:2a:44:73:42:75:67:ad:57:95:09:2c:08:e6:75:
                    cf:56:d8:6f:15:82:ba:83:18:d6:0d:1f:7f:5d:5b:
                    6f:3a:c5:23:69:ff:21:76:b4:16:3c:9c:80:34:ff:
                    4e:ab:c6:92:2d:4f:fa:5f:e5:b0:c3:51:89:57:54:
                    16:4a:69:3d:3f:46:c6:2d:bc:25:0f:d6:58:87:b8:
                    18:f7:aa:9c:13:ca:16:8c:3d:17:55:ce:c7:7f:59:
                    d8:ad:f5:38:9d:a5:f5:3f:f7:52:da:f9:14:7a:d7:
                    09:e0:14:0b:f0:7f:69:c4:00:5a:39:c1:d2:51:33:
                    33:e0:2d:70:96:01:fd:7f:2c:b6:3a:16:3d:a8:c2:
                    b7:71:ae:73:0b:3a:bd:0a:af:b5:4c:ca:99:09:46:
                    f9:a0:16:e6:fa:16:10:a2:77:de:25:9d:a5:b6:50:
                    35:b0:f2:95:94:15:ab:2e:e8:f3:41:cd:b0:3f:24:
                    dc:27:c7:a1:ea:90:b3:bc:fa:cb:b3:7e:77:64:a8:
                    bf:e5:35:6a:52:01:16:38:80:d0:da:1a:b8:95:b9:
                    93:ce:db:84:31:04:a7:be:72:96:a0:d4:67:3e:f9:
                    9a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:5D:74:34:10:D7:7E:02:35:DF:6D:D1:6D:43:2C:D3:23:A7:C7:DD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233342e302f32342d3234203d3e20333939363431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:99:9c:5e:8d:30:21:f2:3b:ea:87:12:ad:bc:96:b0:bb:c8:
         21:29:41:11:89:53:c3:66:f2:39:04:05:50:51:13:50:a2:6a:
         81:61:59:01:c8:17:2b:d7:78:21:a5:90:a5:5f:2a:5e:ae:49:
         4d:7a:6d:94:13:4c:35:b9:75:74:4d:fd:25:3e:69:82:d2:f0:
         19:11:d5:ca:46:31:f3:d3:40:a0:be:be:cb:16:4a:06:c1:8b:
         ea:90:c0:4d:c4:02:dd:4c:0c:06:2d:59:75:eb:e3:fa:49:ab:
         06:ad:58:0a:94:79:73:95:8e:85:f9:92:f5:71:10:c0:b2:13:
         3d:96:f1:bb:25:6f:7a:ee:5b:d8:45:41:4f:28:c6:e7:75:50:
         28:ed:46:dd:e4:17:a7:e7:80:32:e3:4c:a9:b6:2e:70:6d:8e:
         50:25:c8:20:9e:17:7d:af:55:c4:4e:5c:7d:7c:82:04:4b:86:
         35:3b:18:c2:a2:e6:79:cc:f3:b4:ac:5f:28:14:52:3c:50:3b:
         e0:c3:81:34:dd:e7:b8:47:29:20:e5:af:29:be:75:8c:41:d3:
         d2:6e:fb:bc:61:0f:44:10:c9:7a:03:29:ed:85:a3:e6:20:37:
         3c:4f:37:f3:6f:a7:38:2c:5f:35:c2:71:29:1b:55:b8:0b:31:
         0f:02:1c:cc
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUBR3UruObWCKFMOxjud+51FnvK/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NDZaFw0yNDEwMTgxMzQxNDZaMDMxMTAvBgNV
BAMTKDkwNUQ3NDM0MTBENzdFMDIzNURGNkREMTZENDMyQ0QzMjNBN0M3REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzD6WFgfxGNM+KrZo4RGryKqoF
l3Kd6cVFsIA5qckqRHNCdWetV5UJLAjmdc9W2G8VgrqDGNYNH39dW286xSNp/yF2
tBY8nIA0/06rxpItT/pf5bDDUYlXVBZKaT0/RsYtvCUP1liHuBj3qpwTyhaMPRdV
zsd/Wdit9TidpfU/91La+RR61wngFAvwf2nEAFo5wdJRMzPgLXCWAf1/LLY6Fj2o
wrdxrnMLOr0Kr7VMypkJRvmgFub6FhCid94lnaW2UDWw8pWUFasu6PNBzbA/JNwn
x6HqkLO8+suzfndkqL/lNWpSARY4gNDaGriVuZPO24QxBKe+cpag1Gc++ZqtAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUkF10NBDXfgI1323RbUMs0yOnx90wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzcyZTMy
MzMzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzOTM2MzQzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALm76jANBgkqhkiG9w0BAQsFAAOCAQEAF5mcXo0wIfI76ocSrbyWsLvIISlB
EYlTw2byOQQFUFETUKJqgWFZAcgXK9d4IaWQpV8qXq5JTXptlBNMNbl1dE39JT5p
gtLwGRHVykYx89NAoL6+yxZKBsGL6pDATcQC3UwMBi1Zdevj+kmrBq1YCpR5c5WO
hfmS9XEQwLITPZbxuyVveu5b2EVBTyjG53VQKO1G3eQXp+eAMuNMqbYucG2OUCXI
IJ4Xfa9VxE5cfXyCBEuGNTsYwqLmeczztKxfKBRSPFA74MOBNN3nuEcpIOWvKb51
jEHT0m77vGEPRBDJegMp7YWj5iA3PE8382+nOCxfNcJxKRtVuAsxDwIczA==
-----END CERTIFICATE-----
Generated at Fri Mar 1 11:05:02 2024 by rpki-client on console-fra.rpki-client.org