Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231352e3138302e302f32342d3332203d3e203531313637.roa
File:                     3138352e3231352e3138302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          5TKhrttUxSdxIAGOd7SmSy8kaeOaohD6HtsvXXemLAw=
Subject key identifier:   0A:B8:DB:19:8D:5F:F2:DB:BA:C7:27:75:2A:70:BA:16:48:EC:23:DA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7B2CAA3ACC172F9EC2672553699E1914BEBF2F3D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231352e3138302e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:19 +0000
ROA not before:           Mon 26 Feb 2024 08:48:19 +0000
ROA not after:            Mon 24 Feb 2025 08:53:19 +0000
asID:                     51167
IP address blocks:        185.215.180.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:2c:aa:3a:cc:17:2f:9e:c2:67:25:53:69:9e:19:14:be:bf:2f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:19 2024 GMT
            Not After : Feb 24 08:53:19 2025 GMT
        Subject: CN=0AB8DB198D5FF2DBBAC727752A70BA1648EC23DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c3:cd:f0:f3:f7:29:f8:2a:6a:58:15:57:0f:
                    ef:d1:9a:70:ea:d1:18:ea:b9:cc:ad:f6:9b:29:32:
                    37:d5:dc:c0:15:28:66:fc:ec:40:91:63:30:d4:22:
                    e2:c7:b4:00:ba:0a:a4:35:fd:cc:1a:a7:c0:8a:01:
                    5e:69:76:2d:ec:50:4b:3a:4a:28:fd:24:d3:8a:df:
                    b8:7a:b9:21:32:cb:8f:22:48:b0:f4:04:30:fd:fd:
                    27:87:3d:3f:70:da:10:5a:a0:eb:85:ad:f2:44:e6:
                    05:74:3b:d0:30:99:98:5e:bf:f8:79:bb:55:58:14:
                    39:ee:25:fe:04:ad:e8:64:b4:80:3a:77:bc:97:6e:
                    1b:d0:5d:69:d9:87:b0:d1:a7:2c:5f:83:1d:46:c5:
                    78:98:00:34:62:fe:c2:2b:e6:d0:f0:c4:ed:9e:2b:
                    2d:a5:46:14:7f:75:89:23:f4:72:2c:5a:3a:02:0a:
                    64:bb:d1:64:52:0d:b6:cf:04:da:87:4f:f5:ec:83:
                    0e:32:e9:1a:be:d1:85:1e:fa:e6:24:a6:94:53:90:
                    95:85:85:93:77:01:0e:0e:d5:e4:57:e9:3d:85:35:
                    1f:60:e2:f9:b8:98:7a:e0:0d:fe:1a:02:35:70:b4:
                    32:17:c0:d8:12:22:23:3b:53:45:21:c6:2e:4f:f3:
                    55:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B8:DB:19:8D:5F:F2:DB:BA:C7:27:75:2A:70:BA:16:48:EC:23:DA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231352e3138302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ba:0d:cf:cb:23:b2:8b:5d:ee:b4:80:dd:62:16:4c:99:86:
         e0:91:6c:a2:8d:9f:09:79:0c:48:a5:26:35:19:d5:66:0b:6e:
         8d:45:ed:71:6e:8a:e4:95:b0:e7:7d:39:ff:20:94:f2:ba:14:
         7f:f3:f7:8c:53:01:25:57:b7:2b:67:3f:0d:11:f8:97:ac:82:
         b0:58:de:33:66:e8:64:be:e3:8e:88:49:45:41:35:9d:a5:5a:
         1a:11:f9:50:c7:11:9d:3d:08:98:0e:bd:61:e4:54:f2:2a:92:
         c9:79:9a:6b:70:a3:59:ec:27:17:9d:08:77:15:4e:81:87:ea:
         03:4a:09:f5:0d:99:3e:e5:83:11:49:c8:5f:db:01:d9:5a:33:
         9a:7e:ec:e2:39:4e:24:96:80:ee:57:96:d0:c2:39:6c:34:72:
         bd:5c:ae:07:94:e7:bd:8c:32:66:c9:1f:af:38:14:84:1f:f3:
         29:b2:53:87:c0:96:9d:14:15:28:ec:d2:81:17:d2:98:3d:02:
         7e:90:07:29:ba:55:f0:be:52:96:62:f7:fa:82:49:40:2a:4a:
         e6:29:d4:d6:86:eb:53:af:29:08:aa:dd:31:10:1f:4c:1b:e1:
         c9:12:c2:8f:88:69:f2:86:5c:dc:f8:da:16:1f:85:62:71:dc:
         fb:a1:db:2f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUeyyqOswXL57CZyVTaZ4ZFL6/Lz0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTlaFw0yNTAyMjQwODUzMTlaMDMxMTAvBgNV
BAMTKDBBQjhEQjE5OEQ1RkYyREJCQUM3Mjc3NTJBNzBCQTE2NDhFQzIzREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChw83w8/cp+CpqWBVXD+/RmnDq
0Rjqucyt9pspMjfV3MAVKGb87ECRYzDUIuLHtAC6CqQ1/cwap8CKAV5pdi3sUEs6
Sij9JNOK37h6uSEyy48iSLD0BDD9/SeHPT9w2hBaoOuFrfJE5gV0O9AwmZhev/h5
u1VYFDnuJf4ErehktIA6d7yXbhvQXWnZh7DRpyxfgx1GxXiYADRi/sIr5tDwxO2e
Ky2lRhR/dYkj9HIsWjoCCmS70WRSDbbPBNqHT/Xsgw4y6Rq+0YUe+uYkppRTkJWF
hZN3AQ4O1eRX6T2FNR9g4vm4mHrgDf4aAjVwtDIXwNgSIiM7U0Uhxi5P81UlAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUCrjbGY1f8tu6xyd1KnC6FkjsI9owHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzUyZTMx
MzgzMDJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC517QwDQYJKoZIhvcNAQELBQADggEBAJK6Dc/LI7KLXe60gN1iFkyZhuCRbKKN
nwl5DEilJjUZ1WYLbo1F7XFuiuSVsOd9Of8glPK6FH/z94xTASVXtytnPw0R+Jes
grBY3jNm6GS+446ISUVBNZ2lWhoR+VDHEZ09CJgOvWHkVPIqksl5mmtwo1nsJxed
CHcVToGH6gNKCfUNmT7lgxFJyF/bAdlaM5p+7OI5TiSWgO5XltDCOWw0cr1crgeU
572MMmbJH684FIQf8ymyU4fAlp0UFSjs0oEX0pg9An6QBym6VfC+UpZi9/qCSUAq
SuYp1NaG61OvKQiq3TEQH0wb4ckSwo+IafKGXNz42hYfhWJx3Puh2y8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:45 2024 by rpki-client on console-ams.rpki-client.org