Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa
File:                     3138352e3231372e3136392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          WDk3jri+c46i5x0rzQpb75SYegyiFPkIx3jwdxx6UhY=
Subject key identifier:   94:DC:51:90:9B:99:CC:CB:06:C1:4A:78:DE:55:AC:12:ED:E9:AA:47
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       410C5C58CEA7ACD365EFD67B186204B54087750C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 22 Jul 2024 08:04:20 +0000
ROA not before:           Mon 22 Jul 2024 07:59:20 +0000
ROA not after:            Mon 21 Jul 2025 08:04:20 +0000
asID:                     834
IP address blocks:        185.217.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:0c:5c:58:ce:a7:ac:d3:65:ef:d6:7b:18:62:04:b5:40:87:75:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 22 07:59:20 2024 GMT
            Not After : Jul 21 08:04:20 2025 GMT
        Subject: CN=94DC51909B99CCCB06C14A78DE55AC12EDE9AA47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:18:f8:1f:c3:45:f2:a7:40:9c:e2:48:67:41:
                    ff:8d:4a:93:0d:74:91:74:60:a3:bc:4c:14:6b:c9:
                    c2:71:ea:46:e8:b4:ca:13:7d:a2:cb:5a:fb:4a:35:
                    d6:85:82:1a:27:a3:a7:dc:0b:eb:df:0f:e7:bf:a6:
                    05:5a:cf:1a:fd:fd:c7:33:90:5e:4d:30:8c:8b:f0:
                    7b:9a:cc:df:27:69:7e:22:59:a0:49:df:91:cf:9f:
                    3e:57:12:3d:97:4f:7a:d5:84:e8:c8:9e:29:c6:7c:
                    90:8d:b9:7d:63:0e:fa:67:b6:08:b4:1b:12:01:f0:
                    58:8b:d7:df:73:25:2a:1a:1a:6b:95:29:ca:28:34:
                    9b:0c:9d:67:ee:85:4e:09:6e:1d:bc:34:16:df:9c:
                    64:ee:fa:f0:ac:db:f6:ac:b4:4b:0b:6f:93:72:fe:
                    66:58:47:b4:3c:3d:e1:78:4f:10:47:61:0a:a3:e9:
                    a0:06:86:22:38:5d:db:12:4f:35:5b:37:ed:d0:d5:
                    e4:d7:b5:33:34:5d:1e:4a:0f:47:14:e4:48:24:d3:
                    93:de:ff:14:14:8e:bf:94:4a:d6:e2:81:5e:2b:7b:
                    32:5f:9a:30:52:46:11:54:37:f2:55:03:3f:7a:f8:
                    f8:77:1e:16:ef:3f:0b:1c:4e:c1:dc:b3:fd:65:89:
                    ed:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:DC:51:90:9B:99:CC:CB:06:C1:4A:78:DE:55:AC:12:ED:E9:AA:47
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:61:20:49:6d:d0:e6:13:9b:57:dd:86:d5:b2:85:f9:0e:65:
         3d:53:48:71:03:b2:6b:10:69:91:b9:f3:bf:4a:1c:2b:af:7b:
         ee:3a:a0:78:fb:01:89:ba:b7:22:48:be:9a:b4:da:be:1e:75:
         f8:ef:90:3a:06:5b:49:9c:f0:e5:24:19:61:89:66:53:1b:62:
         ca:04:4c:85:4a:5d:3e:dc:ea:b9:ad:42:06:52:87:71:ae:4c:
         3a:78:08:a6:e3:2f:ae:3d:a8:75:74:a7:13:08:16:2b:91:ef:
         0e:3e:b8:41:c8:be:de:88:b2:ce:52:ae:67:c0:26:81:ff:f1:
         b6:3e:d8:4f:f2:e3:5b:db:46:5a:93:86:9c:68:9c:9c:da:08:
         95:8c:9a:bf:87:70:8c:78:33:cc:a5:3d:ef:ae:f2:47:e8:50:
         c1:99:a4:73:67:3d:e1:11:03:1d:f0:bd:46:3c:34:01:11:f4:
         1b:49:d9:78:b5:5a:83:5b:7d:b3:f0:7c:d0:e5:bf:90:4b:2d:
         1c:9d:f1:6b:cc:26:ae:33:f2:9b:23:58:81:6b:b3:e0:0b:c4:
         ec:bb:18:e4:e2:56:ac:99:c6:fd:5c:f9:79:1e:d3:03:aa:ea:
         bb:cb:8f:98:24:fb:05:89:56:a5:5e:1e:3f:dc:8e:cd:70:04:
         ac:bc:5a:34
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQQxcWM6nrNNl79Z7GGIEtUCHdQwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MjIwNzU5MjBaFw0yNTA3MjEwODA0MjBaMDMxMTAvBgNV
BAMTKDk0REM1MTkwOUI5OUNDQ0IwNkMxNEE3OERFNTVBQzEyRURFOUFBNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtGPgfw0Xyp0Cc4khnQf+NSpMN
dJF0YKO8TBRrycJx6kbotMoTfaLLWvtKNdaFghono6fcC+vfD+e/pgVazxr9/ccz
kF5NMIyL8HuazN8naX4iWaBJ35HPnz5XEj2XT3rVhOjIninGfJCNuX1jDvpntgi0
GxIB8FiL199zJSoaGmuVKcooNJsMnWfuhU4Jbh28NBbfnGTu+vCs2/astEsLb5Ny
/mZYR7Q8PeF4TxBHYQqj6aAGhiI4XdsSTzVbN+3Q1eTXtTM0XR5KD0cU5Egk05Pe
/xQUjr+UStbigV4rezJfmjBSRhFUN/JVAz96+Ph3HhbvPwscTsHcs/1lie3JAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUlNxRkJuZzMsGwUp43lWsEu3pqkcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzcyZTMx
MzYzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnZ
qTANBgkqhkiG9w0BAQsFAAOCAQEAoGEgSW3Q5hObV92G1bKF+Q5lPVNIcQOyaxBp
kbnzv0ocK6977jqgePsBibq3Iki+mrTavh51+O+QOgZbSZzw5SQZYYlmUxtiygRM
hUpdPtzqua1CBlKHca5MOngIpuMvrj2odXSnEwgWK5HvDj64Qci+3oiyzlKuZ8Am
gf/xtj7YT/LjW9tGWpOGnGicnNoIlYyav4dwjHgzzKU9767yR+hQwZmkc2c94RED
HfC9Rjw0ARH0G0nZeLVag1t9s/B80OW/kEstHJ3xa8wmrjPymyNYgWuz4AvE7LsY
5OJWrJnG/Vz5eR7TA6rqu8uPmCT7BYlWpV4eP9yOzXAErLxaNA==
-----END CERTIFICATE-----