Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233302e3133392e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3233302e3133392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          /dRLHgpHkb7Mqp59pXb4R7M2myU1oaR9/rkBHrkLH5w=
Subject key identifier:   BD:3B:80:9C:22:58:3A:A4:41:4C:61:AB:AB:8D:E2:F9:31:EE:EF:E1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2544B1F40A3379362E8FE021CAAF99A82EA1D388
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233302e3133392e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:27 +0000
ROA not before:           Mon 26 Feb 2024 08:48:27 +0000
ROA not after:            Mon 24 Feb 2025 08:53:27 +0000
asID:                     136787
IP address blocks:        185.230.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:44:b1:f4:0a:33:79:36:2e:8f:e0:21:ca:af:99:a8:2e:a1:d3:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:27 2024 GMT
            Not After : Feb 24 08:53:27 2025 GMT
        Subject: CN=BD3B809C22583AA4414C61ABAB8DE2F931EEEFE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:bf:96:9a:61:a6:1d:a1:f1:b4:83:c9:d8:23:
                    6f:6b:db:f6:8d:24:7e:3d:6e:62:e0:e5:c4:de:44:
                    77:53:0b:89:dd:5b:77:74:e6:f0:04:51:d7:fd:7e:
                    0c:8b:5e:38:c5:06:fc:e8:6e:fc:3b:72:a1:3b:38:
                    f1:53:c7:66:28:50:eb:4b:83:b5:10:7f:79:3b:99:
                    3d:90:80:09:e6:ea:75:62:fd:81:47:ea:0f:e6:0a:
                    c1:24:64:e6:d7:95:07:1f:d2:cf:1d:e1:b3:6c:4f:
                    1f:34:86:68:72:8d:81:8a:61:4f:d8:48:89:da:63:
                    f2:9b:f0:e3:4b:ef:8b:9a:91:7d:0a:eb:25:ed:b9:
                    24:4b:40:22:c8:d8:aa:73:52:21:70:74:f4:23:73:
                    4a:32:b2:c5:d1:e0:cc:f6:78:c3:ac:a1:9d:5a:e2:
                    f0:f6:83:f9:6c:cd:f8:b2:b6:5d:0e:b0:cd:4c:33:
                    f6:8f:89:82:9c:da:d3:ec:03:8d:0d:59:b6:1e:dc:
                    16:63:57:27:b9:b0:ce:d9:38:c3:08:86:01:ee:c6:
                    38:3b:94:c9:e1:6a:6f:3d:a7:1d:34:14:d3:10:05:
                    d7:21:ca:b4:be:b6:f6:c3:5b:ff:f4:cd:56:b7:48:
                    95:5a:a8:75:79:19:68:ef:c0:bd:5a:a8:79:ac:54:
                    2e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:3B:80:9C:22:58:3A:A4:41:4C:61:AB:AB:8D:E2:F9:31:EE:EF:E1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233302e3133392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:2f:14:6f:19:10:82:01:67:08:a1:06:09:32:06:4d:0f:c8:
         02:9d:9f:33:0a:60:54:cb:97:c5:40:a1:61:1f:db:c4:9a:44:
         6d:2f:3b:2f:c5:13:96:32:ab:68:fb:27:e2:8b:9c:a0:08:7d:
         ba:86:fe:c1:04:a1:69:23:16:c2:6d:39:b6:b6:5c:50:c9:7b:
         d8:b8:a3:6a:89:d0:1c:09:a7:f5:d2:3e:53:cc:d3:e5:53:6d:
         3a:b6:aa:5f:0e:cc:6a:d2:e4:b9:1f:a7:36:47:9e:7e:36:27:
         e8:e3:e7:1d:86:30:1c:98:f9:71:7e:fa:0a:8c:a8:c4:2b:7c:
         56:48:29:60:b5:48:4e:fa:a9:1f:e7:2b:46:df:5a:8f:d1:fc:
         79:00:a1:66:5d:bf:ee:d7:f0:00:90:c0:ea:05:90:8b:88:9b:
         df:e2:f9:43:a2:cd:94:85:42:62:6b:68:af:ab:ac:82:01:86:
         d2:07:c2:de:35:50:c8:e3:2e:cf:75:37:d6:25:86:9e:7d:43:
         0a:07:66:67:0b:48:ab:68:4d:e3:4c:95:c6:1f:5d:58:96:b7:
         4b:ae:be:f8:32:df:59:10:92:bd:f2:b7:98:b8:00:b0:36:0f:
         34:19:9a:12:81:ef:f9:69:e2:eb:5d:bd:04:59:36:ac:83:19:
         f3:fc:54:f8
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUJUSx9AozeTYuj+Ahyq+ZqC6h04gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjdaFw0yNTAyMjQwODUzMjdaMDMxMTAvBgNV
BAMTKEJEM0I4MDlDMjI1ODNBQTQ0MTRDNjFBQkFCOERFMkY5MzFFRUVGRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlv5aaYaYdofG0g8nYI29r2/aN
JH49bmLg5cTeRHdTC4ndW3d05vAEUdf9fgyLXjjFBvzobvw7cqE7OPFTx2YoUOtL
g7UQf3k7mT2QgAnm6nVi/YFH6g/mCsEkZObXlQcf0s8d4bNsTx80hmhyjYGKYU/Y
SInaY/Kb8ONL74uakX0K6yXtuSRLQCLI2KpzUiFwdPQjc0oyssXR4Mz2eMOsoZ1a
4vD2g/lszfiytl0OsM1MM/aPiYKc2tPsA40NWbYe3BZjVye5sM7ZOMMIhgHuxjg7
lMnham89px00FNMQBdchyrS+tvbDW//0zVa3SJVaqHV5GWjvwL1aqHmsVC6xAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUvTuAnCJYOqRBTGGrq43i+THu7+EwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMzMzAyZTMx
MzMzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnmizANBgkqhkiG9w0BAQsFAAOCAQEAXS8UbxkQggFnCKEGCTIGTQ/IAp2f
MwpgVMuXxUChYR/bxJpEbS87L8UTljKraPsn4oucoAh9uob+wQShaSMWwm05trZc
UMl72LijaonQHAmn9dI+U8zT5VNtOraqXw7MatLkuR+nNkeefjYn6OPnHYYwHJj5
cX76CoyoxCt8VkgpYLVITvqpH+crRt9aj9H8eQChZl2/7tfwAJDA6gWQi4ib3+L5
Q6LNlIVCYmtor6usggGG0gfC3jVQyOMuz3U31iWGnn1DCgdmZwtIq2hN40yVxh9d
WJa3S66++DLfWRCSvfK3mLgAsDYPNBmaEoHv+Wni6129BFk2rIMZ8/xU+A==
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:56 2024 by rpki-client on console-fra.rpki-client.org