Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231342e39382e302f32342d3234203d3e20383334.roa
File:                     3138352e3231342e39382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          2otqqgkVZsxUctxl71ZOV/dcQ/M/kp01qr9cpvKhE9Y=
Subject key identifier:   12:16:56:B2:1D:D4:74:80:F4:0D:6D:E8:E0:F7:B1:44:1E:C4:31:4B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       31A9F0C5B1F3232E112FD94B422CA8C317A9FE2F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231342e39382e302f32342d3234203d3e20383334.roa
Signing time:             Mon 18 Mar 2024 07:49:15 +0000
ROA not before:           Mon 18 Mar 2024 07:44:15 +0000
ROA not after:            Mon 17 Mar 2025 07:49:15 +0000
asID:                     834
IP address blocks:        185.214.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:a9:f0:c5:b1:f3:23:2e:11:2f:d9:4b:42:2c:a8:c3:17:a9:fe:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 18 07:44:15 2024 GMT
            Not After : Mar 17 07:49:15 2025 GMT
        Subject: CN=121656B21DD47480F40D6DE8E0F7B1441EC4314B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:34:ee:be:2d:45:94:b9:1d:ee:45:d8:c3:5d:
                    14:fb:e2:71:4a:ae:59:68:ce:09:a8:de:8f:18:e9:
                    7c:89:09:2c:85:ca:72:e1:66:96:6e:97:90:60:17:
                    59:91:10:e6:c2:cf:d9:4f:2a:f6:01:66:e0:66:c3:
                    eb:0b:68:f8:2f:3a:69:ef:77:1f:1d:fa:ff:ce:74:
                    c1:cc:82:be:a4:9a:9c:d0:42:94:f4:27:ef:2d:f5:
                    1d:a4:ad:10:c8:6f:80:71:4f:1f:dc:3e:45:58:51:
                    28:5b:b0:57:8b:1e:d6:6e:1c:82:b1:59:db:e3:9e:
                    7e:e0:f6:99:f9:cd:f0:25:2a:95:ca:aa:91:4d:94:
                    19:f6:7f:ae:77:b5:86:15:bb:70:f0:95:67:60:fc:
                    8b:da:97:d9:1f:b1:93:69:59:95:21:02:72:d2:f7:
                    b5:f0:13:89:67:1d:92:1b:2c:77:0e:21:91:30:d7:
                    8b:2e:1a:29:a1:12:32:83:39:55:32:fe:71:4b:d6:
                    0c:72:6e:c5:6a:99:a5:e9:df:5d:e1:2e:5d:a5:5e:
                    35:3f:a3:33:7a:75:4b:5b:9c:45:96:4b:ce:70:fa:
                    cf:d6:4e:b2:3a:be:b2:c6:4d:ba:04:eb:af:9e:3f:
                    61:92:ec:01:5e:03:4a:32:86:8c:8c:56:35:77:44:
                    96:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:16:56:B2:1D:D4:74:80:F4:0D:6D:E8:E0:F7:B1:44:1E:C4:31:4B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231342e39382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:50:2b:b1:ee:91:1b:da:7e:76:ea:0c:40:d7:71:9d:d4:7e:
         6d:8c:0b:41:be:38:3d:7f:6b:ca:05:7c:49:ca:92:31:3b:e9:
         95:24:50:2d:c7:90:a7:35:e1:7b:d6:a3:ea:30:28:73:8d:06:
         b3:fa:ef:18:97:f7:51:6c:70:c5:2b:37:01:0d:7d:cb:d6:e2:
         47:9c:5e:29:5f:b5:41:71:3c:ba:4c:86:0b:57:c3:38:8e:4f:
         69:9a:7c:18:45:91:b7:1b:16:c9:a0:d5:47:b8:c0:a7:5c:70:
         d0:eb:2a:ee:c6:71:b8:04:de:b6:a7:e4:46:b9:8b:44:59:00:
         4a:c7:5b:6e:f9:df:12:04:fe:04:63:b9:68:c9:2b:a5:8a:7d:
         e2:27:08:c1:6c:b0:ca:ea:fe:aa:77:f3:d0:21:32:c5:14:03:
         0f:1f:4d:ef:d3:79:a9:6c:d5:6f:64:15:79:5c:38:50:ff:25:
         3d:4b:a3:79:6e:0b:48:68:f6:a5:ed:1c:f4:58:db:8d:98:9f:
         6d:32:d9:d2:37:47:c9:f3:06:ae:c9:ba:12:64:61:15:30:24:
         6a:af:82:ce:3a:e9:99:43:87:8f:ed:08:dd:f3:ba:8c:a9:7f:
         ca:ad:35:75:2c:be:cb:a2:d3:13:25:bc:a7:a3:da:a0:ef:58:
         a1:ca:21:81
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUManwxbHzIy4RL9lLQiyowxep/i8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMTgwNzQ0MTVaFw0yNTAzMTcwNzQ5MTVaMDMxMTAvBgNV
BAMTKDEyMTY1NkIyMURENDc0ODBGNDBENkRFOEUwRjdCMTQ0MUVDNDMxNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwNO6+LUWUuR3uRdjDXRT74nFK
rllozgmo3o8Y6XyJCSyFynLhZpZul5BgF1mREObCz9lPKvYBZuBmw+sLaPgvOmnv
dx8d+v/OdMHMgr6kmpzQQpT0J+8t9R2krRDIb4BxTx/cPkVYUShbsFeLHtZuHIKx
Wdvjnn7g9pn5zfAlKpXKqpFNlBn2f653tYYVu3DwlWdg/Ival9kfsZNpWZUhAnLS
97XwE4lnHZIbLHcOIZEw14suGimhEjKDOVUy/nFL1gxybsVqmaXp313hLl2lXjU/
ozN6dUtbnEWWS85w+s/WTrI6vrLGTboE66+eP2GS7AFeA0oyhoyMVjV3RJY3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEhZWsh3UdID0DW3o4PexRB7EMUswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzQyZTM5
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC51mIw
DQYJKoZIhvcNAQELBQADggEBADFQK7HukRvafnbqDEDXcZ3Ufm2MC0G+OD1/a8oF
fEnKkjE76ZUkUC3HkKc14XvWo+owKHONBrP67xiX91FscMUrNwENfcvW4kecXilf
tUFxPLpMhgtXwziOT2mafBhFkbcbFsmg1Ue4wKdccNDrKu7GcbgE3ran5Ea5i0RZ
AErHW2753xIE/gRjuWjJK6WKfeInCMFssMrq/qp389AhMsUUAw8fTe/Teals1W9k
FXlcOFD/JT1Lo3luC0ho9qXtHPRY242Yn20y2dI3R8nzBq7JuhJkYRUwJGqvgs46
6ZlDh4/tCN3zuoypf8qtNXUsvsui0xMlvKej2qDvWKHKIYE=
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:25 2024 by rpki-client on console-ams.rpki-client.org