Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231342e39392e302f32342d3234203d3e20323033333830.roa
File:                     3138352e3231342e39392e302f32342d3234203d3e20323033333830.roa (raw, json)
Hash identifier:          k0ZghoZARVxdBLp0KRE+W8GccSkfTRB64msSW2czLfo=
Subject key identifier:   3B:E2:C9:B8:DB:6B:E3:B8:76:A1:0F:DC:F8:E9:23:2E:A1:BE:B7:DA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3407699926459BA6D58482CA1EF1E58F61FC6A8A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231342e39392e302f32342d3234203d3e20323033333830.roa
Signing time:             Wed 17 Apr 2024 13:07:17 +0000
ROA not before:           Wed 17 Apr 2024 13:02:17 +0000
ROA not after:            Wed 16 Apr 2025 13:07:17 +0000
asID:                     203380
IP address blocks:        185.214.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:07:69:99:26:45:9b:a6:d5:84:82:ca:1e:f1:e5:8f:61:fc:6a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 17 13:02:17 2024 GMT
            Not After : Apr 16 13:07:17 2025 GMT
        Subject: CN=3BE2C9B8DB6BE3B876A10FDCF8E9232EA1BEB7DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:86:b6:70:6f:9e:44:2c:29:a7:8b:f6:69:48:
                    e3:e4:b5:4b:cf:e0:89:9f:31:e9:36:67:db:46:e1:
                    bc:d0:33:e9:6c:36:3d:58:5c:f8:aa:a3:11:60:bd:
                    84:87:d6:db:02:80:97:f1:67:ba:6d:5b:54:6b:f6:
                    e8:5f:52:40:57:42:75:2e:7f:74:12:b4:46:02:7a:
                    ff:15:c9:59:94:79:83:3e:c2:a7:1d:9b:4f:07:92:
                    eb:83:85:b6:9f:12:26:f6:ce:69:4a:22:a1:1f:90:
                    ee:da:82:64:d6:45:5e:a8:99:5f:8f:8d:03:58:35:
                    fc:a7:88:9b:8d:86:d3:c8:16:0e:22:1a:31:26:09:
                    28:d2:b1:71:f9:b4:39:63:07:2e:bf:44:0b:e5:8e:
                    72:f4:17:9d:44:cc:d0:53:28:e3:9b:43:48:c5:9b:
                    6b:0b:5d:05:54:5a:d6:6b:68:83:d6:c7:7d:dc:69:
                    65:c9:ef:fc:d3:30:3e:63:4a:7f:7d:97:d1:66:ef:
                    f4:14:54:27:e8:81:64:b8:28:f7:f2:a9:0b:6b:34:
                    b4:64:2e:f6:3b:5b:5b:9c:f3:7c:5a:e5:06:c5:2e:
                    75:64:d7:e2:26:1c:0d:59:2f:3b:c9:74:e6:1e:65:
                    d0:54:5c:f9:33:5a:ee:5d:9e:7e:38:d7:74:84:64:
                    32:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E2:C9:B8:DB:6B:E3:B8:76:A1:0F:DC:F8:E9:23:2E:A1:BE:B7:DA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231342e39392e302f32342d3234203d3e20323033333830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:00:19:8c:7e:f6:ff:9e:9f:6c:f5:8b:b5:34:90:48:1b:7f:
         c8:ff:21:11:96:e4:e1:eb:7b:d2:9f:3c:04:ae:0f:f3:f1:bf:
         3f:f7:2b:8b:f9:b6:4e:29:be:75:91:9e:37:9a:29:a8:c9:5d:
         a1:aa:11:a5:83:03:f7:c1:eb:e9:8c:6b:d1:83:2c:e8:63:34:
         d5:04:70:3e:2b:0f:0e:78:fe:00:95:9f:0b:ef:97:c7:bd:c8:
         a1:09:13:6b:af:95:b7:d7:34:09:57:78:e8:52:c0:bc:59:24:
         b2:cc:be:cc:ac:b3:15:ec:8d:9d:f4:bd:86:7d:46:61:6f:e3:
         ce:de:95:91:fe:b7:53:bb:23:37:0c:9f:65:fb:3b:b6:45:73:
         26:ff:9f:5f:51:c1:e9:e4:d1:29:c9:cb:b2:79:d2:1a:9c:d8:
         65:89:e6:ef:93:e3:2f:8f:96:ef:63:ce:61:d2:2f:9b:23:99:
         24:b9:a1:f3:1f:85:37:22:1c:48:0e:36:37:9b:9f:33:6b:dd:
         aa:ca:64:d0:9a:6a:42:1f:53:e2:fc:be:8d:80:b1:78:ff:c1:
         da:70:6c:54:44:70:40:5e:32:69:71:92:b6:c2:56:7d:e6:8c:
         a2:16:23:c4:1a:5c:a4:b1:f7:58:6d:69:d3:bb:32:28:cb:ec:
         9d:b9:7e:32
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUNAdpmSZFm6bVhILKHvHlj2H8aoowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA0MTcxMzAyMTdaFw0yNTA0MTYxMzA3MTdaMDMxMTAvBgNV
BAMTKDNCRTJDOUI4REI2QkUzQjg3NkExMEZEQ0Y4RTkyMzJFQTFCRUI3REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDihrZwb55ELCmni/ZpSOPktUvP
4ImfMek2Z9tG4bzQM+lsNj1YXPiqoxFgvYSH1tsCgJfxZ7ptW1Rr9uhfUkBXQnUu
f3QStEYCev8VyVmUeYM+wqcdm08HkuuDhbafEib2zmlKIqEfkO7agmTWRV6omV+P
jQNYNfyniJuNhtPIFg4iGjEmCSjSsXH5tDljBy6/RAvljnL0F51EzNBTKOObQ0jF
m2sLXQVUWtZraIPWx33caWXJ7/zTMD5jSn99l9Fm7/QUVCfogWS4KPfyqQtrNLRk
LvY7W1uc83xa5QbFLnVk1+ImHA1ZLzvJdOYeZdBUXPkzWu5dnn4413SEZDLnAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUO+LJuNtr47h2oQ/c+OkjLqG+t9owHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzQyZTM5
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzMzMzM4MzAucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC51mMwDQYJKoZIhvcNAQELBQADggEBAHwAGYx+9v+en2z1i7U0kEgbf8j/IRGW
5OHre9KfPASuD/Pxvz/3K4v5tk4pvnWRnjeaKajJXaGqEaWDA/fB6+mMa9GDLOhj
NNUEcD4rDw54/gCVnwvvl8e9yKEJE2uvlbfXNAlXeOhSwLxZJLLMvsyssxXsjZ30
vYZ9RmFv487elZH+t1O7IzcMn2X7O7ZFcyb/n19Rwenk0SnJy7J50hqc2GWJ5u+T
4y+Plu9jzmHSL5sjmSS5ofMfhTciHEgONjebnzNr3arKZNCaakIfU+L8vo2AsXj/
wdpwbFREcEBeMmlxkrbCVn3mjKIWI8QaXKSx91htadO7MijL7J25fjI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:45 2024 by rpki-client on console-ams.rpki-client.org