Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230302e33342e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3230302e33342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          BPna6XPnA0clis6QTS+8bGEtYZQ8O9tXUVPPnsNLXNo=
Subject key identifier:   4E:57:9C:0D:6C:50:08:F1:2F:DA:C9:04:BB:8B:8B:20:EE:8B:56:B6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       26C55C634C6326AC3AFA8FB54C6405BF9BF72134
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230302e33342e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 12 May 2024 11:03:38 +0000
ROA not before:           Sun 12 May 2024 10:58:38 +0000
ROA not after:            Sun 11 May 2025 11:03:38 +0000
asID:                     136787
IP address blocks:        185.200.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:c5:5c:63:4c:63:26:ac:3a:fa:8f:b5:4c:64:05:bf:9b:f7:21:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 12 10:58:38 2024 GMT
            Not After : May 11 11:03:38 2025 GMT
        Subject: CN=4E579C0D6C5008F12FDAC904BB8B8B20EE8B56B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:45:0d:7d:e5:16:8e:c9:d0:03:2f:bf:00:73:
                    f8:42:b3:da:18:d9:42:e9:f1:38:19:f1:83:e1:4d:
                    e4:f3:87:6d:7f:03:d5:b5:b3:9a:8e:31:f1:93:19:
                    71:e1:0f:df:b3:f2:0e:15:98:9f:41:0e:a7:93:48:
                    a2:59:03:4a:b6:49:5f:3f:d7:1c:a9:ab:35:b9:e5:
                    ec:57:23:99:ed:c5:3b:72:16:85:58:a5:14:7d:d4:
                    22:4a:bf:5b:7a:9f:0c:91:7b:a1:1c:64:1d:d4:4e:
                    a1:f4:53:05:9e:6b:5c:08:65:9b:b1:fc:84:93:b4:
                    3b:69:16:26:04:a2:f4:7d:4a:aa:0b:18:23:8d:34:
                    a9:27:11:41:31:b7:9e:1b:13:46:6d:4c:1b:b5:e9:
                    49:e0:24:6b:d2:ff:c4:c8:a8:ba:d0:53:69:c9:7f:
                    fe:84:09:b2:bf:7c:02:7d:9a:46:68:46:fc:dc:aa:
                    2d:81:eb:18:8b:1e:31:5a:ea:7a:e9:d2:8d:c4:74:
                    76:a3:49:28:08:70:c7:06:2e:a3:de:f8:75:91:c0:
                    2f:36:46:75:f2:6c:63:f6:99:f2:49:24:43:0a:f8:
                    db:c9:76:97:2c:07:9a:9b:8d:6b:ae:cd:b9:6a:7d:
                    30:7a:49:da:67:6a:48:a1:72:24:fc:5d:01:7e:f5:
                    0e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:57:9C:0D:6C:50:08:F1:2F:DA:C9:04:BB:8B:8B:20:EE:8B:56:B6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230302e33342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:bb:6d:57:5e:94:d6:d3:13:ab:a5:f1:3d:fd:6d:03:a6:b4:
         5c:a0:fc:17:c5:d3:0a:8a:1a:18:61:6f:0b:00:03:e9:03:bc:
         23:fe:90:cb:fc:93:9d:12:ad:4c:84:ca:b2:cd:4b:80:5b:af:
         7b:86:b2:e5:22:26:56:67:60:ac:ae:14:99:85:dc:e9:a0:a0:
         fc:2f:ba:0f:02:2e:7f:11:30:c2:89:ba:c2:9f:83:1f:18:07:
         83:5c:c1:43:cf:8f:84:98:ca:68:b3:e4:d8:42:84:2f:b4:9d:
         09:0f:0c:93:f5:93:65:6f:33:50:e4:1c:ff:22:6e:fc:3a:ed:
         e2:a8:a7:57:c5:1f:01:6c:5d:d0:9b:67:09:f3:06:ee:f8:16:
         32:2d:09:f2:ee:3d:f8:dd:92:67:e2:45:9e:52:f7:5f:a1:dd:
         9c:f2:b2:19:e3:4d:b3:c4:d8:cb:1e:a3:7d:66:0c:8d:88:a1:
         58:29:0b:57:74:43:f3:7e:22:fd:47:18:5b:d8:cd:65:6c:ef:
         42:d1:b6:11:e3:13:9a:2b:dc:57:33:15:97:c7:59:bf:d6:09:
         f4:13:48:cf:0e:13:72:dc:ff:f4:b6:98:d3:50:82:30:66:1c:
         d4:6f:ed:4c:6f:27:37:41:47:cf:32:fe:22:85:54:d2:7d:ff:
         96:03:11:93
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUJsVcY0xjJqw6+o+1TGQFv5v3ITQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MTIxMDU4MzhaFw0yNTA1MTExMTAzMzhaMDMxMTAvBgNV
BAMTKDRFNTc5QzBENkM1MDA4RjEyRkRBQzkwNEJCOEI4QjIwRUU4QjU2QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcRQ195RaOydADL78Ac/hCs9oY
2ULp8TgZ8YPhTeTzh21/A9W1s5qOMfGTGXHhD9+z8g4VmJ9BDqeTSKJZA0q2SV8/
1xypqzW55exXI5ntxTtyFoVYpRR91CJKv1t6nwyRe6EcZB3UTqH0UwWea1wIZZux
/ISTtDtpFiYEovR9SqoLGCONNKknEUExt54bE0ZtTBu16UngJGvS/8TIqLrQU2nJ
f/6ECbK/fAJ9mkZoRvzcqi2B6xiLHjFa6nrp0o3EdHajSSgIcMcGLqPe+HWRwC82
RnXybGP2mfJJJEMK+NvJdpcsB5qbjWuuzblqfTB6SdpnakihciT8XQF+9Q65AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUTlecDWxQCPEv2skEu4uLIO6LVrYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzAyZTMz
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5yCIwDQYJKoZIhvcNAQELBQADggEBAC67bVdelNbTE6ul8T39bQOmtFyg/BfF
0wqKGhhhbwsAA+kDvCP+kMv8k50SrUyEyrLNS4Bbr3uGsuUiJlZnYKyuFJmF3Omg
oPwvug8CLn8RMMKJusKfgx8YB4NcwUPPj4SYymiz5NhChC+0nQkPDJP1k2VvM1Dk
HP8ibvw67eKop1fFHwFsXdCbZwnzBu74FjItCfLuPfjdkmfiRZ5S91+h3Zzyshnj
TbPE2Mseo31mDI2IoVgpC1d0Q/N+Iv1HGFvYzWVs70LRthHjE5or3FczFZfHWb/W
CfQTSM8OE3Lc//S2mNNQgjBmHNRv7UxvJzdBR88y/iKFVNJ9/5YDEZM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:03 2024 by rpki-client on console-fra.rpki-client.org