Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3234302e302f32332d3234203d3e203437353833.roa
File:                     3138352e3138372e3234302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          L0lolcUooz61cRLXOsnTdEqR8TBgmL/tqhyG9WGsMuE=
Subject key identifier:   86:EA:C1:08:7D:EA:C2:E4:18:9C:FC:EC:C9:3C:E9:B5:95:09:42:9A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       513B5C6246EC849D2A576E7252C433F045D9E827
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3234302e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 20 Sep 2024 14:04:49 +0000
ROA not before:           Fri 20 Sep 2024 13:59:49 +0000
ROA not after:            Fri 19 Sep 2025 14:04:49 +0000
asID:                     47583
IP address blocks:        185.187.240.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:3b:5c:62:46:ec:84:9d:2a:57:6e:72:52:c4:33:f0:45:d9:e8:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 13:59:49 2024 GMT
            Not After : Sep 19 14:04:49 2025 GMT
        Subject: CN=86EAC1087DEAC2E4189CFCECC93CE9B59509429A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c6:b8:3d:6f:ae:f0:ac:c2:62:ed:0d:1f:e3:
                    38:43:11:da:61:b9:dc:d2:08:e8:35:64:72:07:3c:
                    ed:c8:30:bb:a2:ba:a0:b9:c5:b8:18:f8:c6:27:98:
                    cf:02:d9:fa:4e:2e:e9:6b:4a:7a:46:b5:88:6a:95:
                    ff:84:20:6e:a1:c6:7e:1a:e3:0e:a7:7b:3a:43:96:
                    7d:56:2d:dc:57:b8:11:df:c5:9e:05:12:94:5a:51:
                    ba:d5:dc:8b:ea:e9:c3:eb:3a:fe:2e:67:5a:e9:ba:
                    50:c2:ac:63:d2:0f:c8:a7:60:5e:fe:88:01:09:e2:
                    bd:55:96:b5:90:79:22:18:c8:cc:ae:12:b6:be:ad:
                    bc:64:43:ed:d9:d6:cd:51:1d:c4:7a:0b:b3:1c:0c:
                    ee:de:cc:36:e4:4c:3a:c6:28:50:63:b0:4b:ed:4f:
                    9c:45:0f:13:d5:99:b7:4a:d9:f4:fa:16:4d:3e:0b:
                    2c:bf:bb:4f:33:1a:c8:f2:90:e1:19:10:09:2c:16:
                    68:60:27:00:62:22:bb:64:67:18:24:15:7a:ad:cb:
                    b9:ef:6d:94:fb:5d:b7:a3:f1:1a:f4:04:69:16:dd:
                    0a:61:a7:ae:57:6b:db:44:cf:98:e7:91:68:83:17:
                    4d:b7:1c:f8:61:ed:98:13:e3:cb:d6:a2:6a:d0:b5:
                    5b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:EA:C1:08:7D:EA:C2:E4:18:9C:FC:EC:C9:3C:E9:B5:95:09:42:9A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3234302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:aa:e8:03:35:6f:d6:0a:3f:ed:da:b9:f4:43:5e:75:e9:7f:
         73:8a:cc:cf:c4:dc:0b:0f:76:2f:14:83:ef:af:92:39:99:65:
         24:c3:b4:99:27:a9:81:18:c4:2b:4a:9d:d6:ff:12:53:73:c0:
         27:cf:8c:29:f6:60:e1:fc:94:d5:16:83:77:c1:93:13:b4:31:
         ff:69:6a:4c:66:7c:10:a4:84:9c:3c:53:86:0e:c4:73:27:eb:
         04:21:7c:d4:29:11:38:fe:e3:6e:05:6a:5a:8e:0d:0e:c7:d6:
         b8:2f:84:62:55:5d:8b:99:bd:9b:f0:72:0f:ef:fd:33:d8:65:
         af:84:ac:4c:51:38:c7:68:1e:f4:39:34:cb:a6:40:38:62:b2:
         7a:c3:12:d9:8f:17:21:26:16:d4:8a:7e:ec:20:28:51:c1:61:
         28:3d:02:25:f1:6b:bf:c5:3a:14:60:30:e9:b5:35:c1:3e:f2:
         1b:c6:07:1a:f0:d6:11:11:2c:cb:70:3c:ed:27:5c:7b:8a:15:
         de:30:ad:1a:90:48:fe:cd:c5:1c:5a:75:2a:b7:7f:85:85:cb:
         9e:ac:79:a3:f6:2e:9c:e3:ec:30:43:03:25:3d:78:6f:2e:46:
         4a:5f:de:a8:ab:cf:4a:07:f5:9f:68:55:0a:b7:b1:89:f8:9d:
         c5:47:b3:cd
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUUTtcYkbshJ0qV25yUsQz8EXZ6CcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxMzU5NDlaFw0yNTA5MTkxNDA0NDlaMDMxMTAvBgNV
BAMTKDg2RUFDMTA4N0RFQUMyRTQxODlDRkNFQ0M5M0NFOUI1OTUwOTQyOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdxrg9b67wrMJi7Q0f4zhDEdph
udzSCOg1ZHIHPO3IMLuiuqC5xbgY+MYnmM8C2fpOLulrSnpGtYhqlf+EIG6hxn4a
4w6nezpDln1WLdxXuBHfxZ4FEpRaUbrV3Ivq6cPrOv4uZ1rpulDCrGPSD8inYF7+
iAEJ4r1VlrWQeSIYyMyuEra+rbxkQ+3Z1s1RHcR6C7McDO7ezDbkTDrGKFBjsEvt
T5xFDxPVmbdK2fT6Fk0+Cyy/u08zGsjykOEZEAksFmhgJwBiIrtkZxgkFXqty7nv
bZT7Xbej8Rr0BGkW3Qphp65Xa9tEz5jnkWiDF023HPhh7ZgT48vWomrQtVu/AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUhurBCH3qwuQYnPzsyTzptZUJQpowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzcyZTMy
MzQzMDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAG5u/AwDQYJKoZIhvcNAQELBQADggEBAIyq6AM1b9YKP+3aufRDXnXpf3OKzM/E
3AsPdi8Ug++vkjmZZSTDtJknqYEYxCtKndb/ElNzwCfPjCn2YOH8lNUWg3fBkxO0
Mf9pakxmfBCkhJw8U4YOxHMn6wQhfNQpETj+424FalqODQ7H1rgvhGJVXYuZvZvw
cg/v/TPYZa+ErExROMdoHvQ5NMumQDhisnrDEtmPFyEmFtSKfuwgKFHBYSg9AiXx
a7/FOhRgMOm1NcE+8hvGBxrw1hERLMtwPO0nXHuKFd4wrRqQSP7NxRxadSq3f4WF
y56seaP2Lpzj7DBDAyU9eG8uRkpf3qirz0oH9Z9oVQq3sYn4ncVHs80=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:15 2024 by rpki-client on console-fra.rpki-client.org