Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230312e31302e302f32332d3234203d3e203437353833.roa
File:                     3138352e3230312e31302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          4N3Bfxq2np7mwZ0isDzQvc2MbiG9Q4bi+JuHl7qVABw=
Subject key identifier:   CE:F5:ED:4A:16:72:57:30:18:AD:0A:DD:19:90:A9:F7:63:97:0D:7C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       290BFA4071D4314A1BF9131BBB1DDA466F4EE9CD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230312e31302e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:24 +0000
ROA not before:           Mon 26 Feb 2024 08:48:24 +0000
ROA not after:            Mon 24 Feb 2025 08:53:24 +0000
asID:                     47583
IP address blocks:        185.201.10.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:0b:fa:40:71:d4:31:4a:1b:f9:13:1b:bb:1d:da:46:6f:4e:e9:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:24 2024 GMT
            Not After : Feb 24 08:53:24 2025 GMT
        Subject: CN=CEF5ED4A1672573018AD0ADD1990A9F763970D7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6a:94:78:4b:a9:41:1d:f9:06:31:65:0f:98:
                    61:d6:6c:b5:56:05:ee:b0:e7:cd:d7:2e:67:71:94:
                    75:28:2b:ac:75:9e:fc:32:88:00:a6:d3:32:c6:5a:
                    73:c2:d1:55:b1:6e:7b:c8:93:cf:09:1c:79:2d:18:
                    88:50:2a:04:30:a4:ea:a9:05:fb:c3:a6:ee:f2:01:
                    20:71:0a:e0:17:21:15:f2:86:4b:7b:06:e3:d0:b2:
                    bc:a0:0f:13:a6:be:0f:3a:1d:22:34:eb:96:c2:e5:
                    a0:17:7b:b0:e8:b2:9d:74:d7:61:ba:13:8b:3f:11:
                    36:d6:b1:a1:0a:68:99:f5:47:68:d4:dc:c3:5e:04:
                    f9:f8:e9:69:49:99:b7:c7:0b:d5:c5:d4:fa:93:dd:
                    1d:c6:eb:c7:e7:d3:17:eb:c7:ec:3a:80:6d:23:6d:
                    00:f9:95:42:fc:6d:0f:c6:0e:2c:52:2f:da:dc:11:
                    2e:61:e5:85:44:69:28:fc:56:26:33:5f:ed:2f:00:
                    a6:15:4c:da:d2:81:c3:70:ff:6f:15:6e:62:f7:50:
                    21:70:1e:f6:bb:44:c9:2a:46:13:a8:77:05:39:24:
                    07:98:2a:d3:c2:89:44:4e:e0:5b:da:f0:cb:3d:9a:
                    ce:e2:ff:d7:b9:8b:9a:87:fd:5e:d2:a9:7c:35:80:
                    0d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F5:ED:4A:16:72:57:30:18:AD:0A:DD:19:90:A9:F7:63:97:0D:7C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230312e31302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:4b:b6:27:fe:62:e9:42:ec:5f:63:e3:e2:09:05:62:4b:04:
         05:7e:76:79:11:94:f0:27:f7:1b:35:10:f4:4e:3e:64:9b:49:
         64:32:3b:09:30:f9:40:a2:86:5d:e6:08:86:df:d9:84:e5:47:
         f2:9a:dc:4c:7b:7c:ee:5d:30:71:72:a0:63:d3:61:03:20:b2:
         a6:85:7b:00:ab:c1:b6:5f:ee:f9:78:43:38:bd:04:3f:46:51:
         5c:c9:f3:41:a9:6d:b8:0d:f7:88:af:1c:da:48:81:7d:1a:74:
         7d:90:51:4a:54:66:c1:7a:4b:a9:84:24:c3:f1:f8:a1:69:1a:
         51:d1:33:ef:5f:61:5f:9d:3a:b2:c3:4c:d8:fd:24:e5:3a:0b:
         18:a2:a4:fb:03:c4:0b:a5:11:3d:e9:26:1e:76:4a:bc:10:d2:
         dd:24:f5:c2:a7:39:23:02:b8:92:a4:95:e8:e9:5e:5c:be:3a:
         44:2c:17:01:ae:8c:25:b1:f6:f6:39:19:d8:04:3f:61:b7:88:
         f6:35:41:95:52:ff:d2:cb:73:b1:5b:3a:88:4e:6e:d7:3e:d8:
         aa:2f:c3:55:8d:92:02:4a:4a:57:c0:03:b0:27:32:f5:83:13:
         ac:cd:6e:9b:c7:c5:d6:84:31:f7:7e:54:c1:a5:16:36:ab:da:
         3a:3e:92:1c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUKQv6QHHUMUob+RMbux3aRm9O6c0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjRaFw0yNTAyMjQwODUzMjRaMDMxMTAvBgNV
BAMTKENFRjVFRDRBMTY3MjU3MzAxOEFEMEFERDE5OTBBOUY3NjM5NzBEN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMapR4S6lBHfkGMWUPmGHWbLVW
Be6w583XLmdxlHUoK6x1nvwyiACm0zLGWnPC0VWxbnvIk88JHHktGIhQKgQwpOqp
BfvDpu7yASBxCuAXIRXyhkt7BuPQsrygDxOmvg86HSI065bC5aAXe7Dosp1012G6
E4s/ETbWsaEKaJn1R2jU3MNeBPn46WlJmbfHC9XF1PqT3R3G68fn0xfrx+w6gG0j
bQD5lUL8bQ/GDixSL9rcES5h5YVEaSj8ViYzX+0vAKYVTNrSgcNw/28VbmL3UCFw
Hva7RMkqRhOodwU5JAeYKtPCiURO4Fva8Ms9ms7i/9e5i5qH/V7SqXw1gA0vAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUzvXtShZyVzAYrQrdGZCp92OXDXwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzEyZTMx
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
uckKMA0GCSqGSIb3DQEBCwUAA4IBAQAhS7Yn/mLpQuxfY+PiCQViSwQFfnZ5EZTw
J/cbNRD0Tj5km0lkMjsJMPlAooZd5giG39mE5UfymtxMe3zuXTBxcqBj02EDILKm
hXsAq8G2X+75eEM4vQQ/RlFcyfNBqW24DfeIrxzaSIF9GnR9kFFKVGbBekuphCTD
8fihaRpR0TPvX2FfnTqyw0zY/STlOgsYoqT7A8QLpRE96SYedkq8ENLdJPXCpzkj
AriSpJXo6V5cvjpELBcBrowlsfb2ORnYBD9ht4j2NUGVUv/Sy3OxWzqITm7XPtiq
L8NVjZICSkpXwAOwJzL1gxOszW6bx8XWhDH3flTBpRY2q9o6PpIc
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:03 2024 by rpki-client on console-fra.rpki-client.org