Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230332e3231362e302f32332d3332203d3e203531313637.roa
File:                     3138352e3230332e3231362e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          Moh+LLZN23txPrV2JYzCrXoInaU4CcGwwfMUi+KNmFo=
Subject key identifier:   8E:96:E1:F2:76:DF:FC:B9:09:B8:14:EE:78:B7:E4:EE:C5:B1:26:BC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       49DE34BE14647B19FEEC1E3F3C5E5FEAA5FFD5C6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230332e3231362e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:54:04 +0000
ROA not before:           Wed 22 May 2024 12:49:04 +0000
ROA not after:            Wed 21 May 2025 12:54:04 +0000
asID:                     51167
IP address blocks:        185.203.216.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:de:34:be:14:64:7b:19:fe:ec:1e:3f:3c:5e:5f:ea:a5:ff:d5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 22 12:49:04 2024 GMT
            Not After : May 21 12:54:04 2025 GMT
        Subject: CN=8E96E1F276DFFCB909B814EE78B7E4EEC5B126BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1a:d1:d0:41:bf:e3:2a:56:5d:97:9a:8e:3c:
                    ae:1c:66:3a:78:ac:06:72:b2:62:75:b0:67:89:96:
                    01:b5:d3:10:bb:24:f0:b3:89:d7:db:fe:c4:39:7a:
                    ba:7d:8a:63:e1:0a:92:bd:43:67:60:38:d9:e3:32:
                    28:8b:38:64:a4:3a:fd:a5:ab:ec:cc:7c:46:30:2b:
                    f6:83:d8:10:33:ef:19:99:dc:34:64:f9:48:09:d0:
                    50:87:22:bf:8f:c0:8a:1d:b2:1d:4e:f8:13:50:16:
                    7d:3d:0a:00:a4:91:58:9d:1c:cc:e9:be:e6:70:ab:
                    38:71:86:49:40:21:91:4c:68:e7:ed:41:55:42:c2:
                    fd:29:4d:af:f6:9e:0b:b6:b9:2f:f4:da:69:17:6e:
                    26:42:75:93:b7:09:bd:e9:0c:9e:b4:19:0c:69:50:
                    e1:8e:d2:51:44:29:3d:7c:f1:55:0a:57:ce:29:c4:
                    e7:e8:1a:9b:d7:f7:62:44:ea:76:0b:a3:b2:30:a6:
                    bb:b9:f3:7c:47:25:4d:48:1f:61:5d:40:7f:78:6f:
                    ad:45:96:5d:86:79:31:b9:4e:61:d0:de:6c:b5:8f:
                    e6:3a:2f:74:91:77:6f:c9:60:73:c5:0c:8f:b6:08:
                    32:bc:83:1d:51:99:5f:fe:24:16:1c:2a:a2:a4:64:
                    fa:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:96:E1:F2:76:DF:FC:B9:09:B8:14:EE:78:B7:E4:EE:C5:B1:26:BC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230332e3231362e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:6c:5c:c1:ab:3d:ac:07:a0:94:b6:bd:50:18:61:6a:99:fe:
         b0:10:04:f9:01:41:6d:44:9d:31:89:c6:1d:45:3c:f0:f1:43:
         0c:05:19:7b:88:18:1b:fb:d6:0a:7d:c9:dc:cf:47:79:b5:90:
         02:14:75:33:34:7b:f9:1b:83:c5:02:6c:d0:9a:69:33:0a:f9:
         f5:9d:31:98:c0:53:68:ea:69:80:ba:b2:ed:21:d6:2b:93:7a:
         65:6a:d5:e0:6e:64:27:67:92:81:0b:03:8e:2b:5c:02:41:9b:
         60:85:2f:f8:f7:1f:bd:40:72:2a:63:09:15:09:86:a1:d4:40:
         b0:c7:0c:40:dd:c7:27:c1:28:0c:7c:27:5c:78:4b:4e:c2:42:
         5b:49:30:3f:79:40:59:0b:33:37:68:7e:b8:ff:17:87:4f:0b:
         2e:4d:38:c7:46:ec:2d:0d:e3:5d:ba:e7:6b:b6:99:77:6b:ac:
         d6:66:2f:0a:86:e5:7e:3c:4a:d8:12:e3:76:16:19:b9:cb:45:
         aa:c7:ff:71:41:a2:d7:bf:5a:e7:d2:e6:78:32:40:fb:c3:23:
         b2:b6:49:c5:35:b6:87:f1:bd:67:b1:fe:02:4a:bb:c7:ed:b1:
         9e:bd:7e:88:e4:dc:30:33:e1:4c:4b:e2:13:23:ca:8a:f1:36:
         4a:6e:4c:32
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUSd40vhRkexn+7B4/PF5f6qX/1cYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MjIxMjQ5MDRaFw0yNTA1MjExMjU0MDRaMDMxMTAvBgNV
BAMTKDhFOTZFMUYyNzZERkZDQjkwOUI4MTRFRTc4QjdFNEVFQzVCMTI2QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAGtHQQb/jKlZdl5qOPK4cZjp4
rAZysmJ1sGeJlgG10xC7JPCzidfb/sQ5erp9imPhCpK9Q2dgONnjMiiLOGSkOv2l
q+zMfEYwK/aD2BAz7xmZ3DRk+UgJ0FCHIr+PwIodsh1O+BNQFn09CgCkkVidHMzp
vuZwqzhxhklAIZFMaOftQVVCwv0pTa/2ngu2uS/02mkXbiZCdZO3Cb3pDJ60GQxp
UOGO0lFEKT188VUKV84pxOfoGpvX92JE6nYLo7Iwpru583xHJU1IH2FdQH94b61F
ll2GeTG5TmHQ3my1j+Y6L3SRd2/JYHPFDI+2CDK8gx1RmV/+JBYcKqKkZPo7AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUjpbh8nbf/LkJuBTueLfk7sWxJrwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzMyZTMy
MzEzNjJlMzAyZjMyMzMyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAG5y9gwDQYJKoZIhvcNAQELBQADggEBAAVsXMGrPawHoJS2vVAYYWqZ/rAQBPkB
QW1EnTGJxh1FPPDxQwwFGXuIGBv71gp9ydzPR3m1kAIUdTM0e/kbg8UCbNCaaTMK
+fWdMZjAU2jqaYC6su0h1iuTemVq1eBuZCdnkoELA44rXAJBm2CFL/j3H71Acipj
CRUJhqHUQLDHDEDdxyfBKAx8J1x4S07CQltJMD95QFkLMzdofrj/F4dPCy5NOMdG
7C0N412652u2mXdrrNZmLwqG5X48StgS43YWGbnLRarH/3FBote/WufS5ngyQPvD
I7K2ScU1tofxvWex/gJKu8ftsZ69fojk3DAz4UxL4hMjyorxNkpuTDI=
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:05:57 2024 by rpki-client on console-fra.rpki-client.org