Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233392e3134392e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3233392e3134392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          5yTQVCEBPkIT9nor1b4WjpfbGuSaCvnXZ/ntYMg/KzE=
Subject key identifier:   C8:A7:05:BE:0C:A4:77:FA:AF:BA:82:93:D9:BD:29:71:97:BF:F4:15
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       50B7B63A87A6B65643BE0BE676176FEFD7C5CC90
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233392e3134392e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 26 Jan 2024 19:02:49 +0000
ROA not before:           Fri 26 Jan 2024 18:57:49 +0000
ROA not after:            Fri 24 Jan 2025 19:02:49 +0000
asID:                     136787
IP address blocks:        185.239.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:b7:b6:3a:87:a6:b6:56:43:be:0b:e6:76:17:6f:ef:d7:c5:cc:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 18:57:49 2024 GMT
            Not After : Jan 24 19:02:49 2025 GMT
        Subject: CN=C8A705BE0CA477FAAFBA8293D9BD297197BFF415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c4:c5:af:a6:4e:21:f3:79:96:56:cb:88:0d:
                    6f:45:da:f2:39:62:e6:b7:e3:c3:d0:89:eb:f6:b1:
                    fc:7f:cb:5c:82:1e:29:47:97:8c:a8:14:76:0d:e6:
                    2b:47:8c:28:c1:68:41:d6:d5:9d:ec:19:41:3d:a4:
                    64:fb:6f:45:4c:1e:a0:48:71:73:a1:df:24:83:f5:
                    c7:56:73:a9:bb:aa:8a:c8:94:3f:b0:7a:ff:e1:7e:
                    c8:cb:ca:23:b9:03:06:d6:7c:9f:de:65:d8:ec:d3:
                    a1:57:d1:3a:fb:41:3c:d3:1a:7d:d2:e1:59:94:3e:
                    74:9b:da:14:0c:21:87:ff:b5:54:b4:bf:3a:30:28:
                    b1:9d:33:48:30:f2:13:96:b6:45:2b:f4:8c:e9:83:
                    88:b7:d4:bb:a2:8c:0f:20:4e:96:04:e3:ab:14:48:
                    14:67:95:f0:9d:7a:3e:c2:10:3a:63:4e:8e:47:81:
                    3f:9c:82:5d:d4:f6:3a:ce:c6:14:c8:a8:8e:86:6a:
                    b5:54:1e:5e:15:c2:4b:73:d1:4f:69:12:44:34:4c:
                    56:3a:bd:85:19:64:2a:a9:95:59:55:6d:bb:81:8e:
                    1b:68:4d:98:6f:57:9f:0e:af:04:dc:4b:34:72:41:
                    32:d8:b1:f9:62:a0:85:31:b2:9c:99:1f:ca:7e:66:
                    93:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A7:05:BE:0C:A4:77:FA:AF:BA:82:93:D9:BD:29:71:97:BF:F4:15
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233392e3134392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:7a:e3:a3:e9:d7:88:55:53:d8:ad:ee:73:14:e5:f7:f4:3a:
         7a:a0:c4:7c:7c:b8:cc:0c:dd:9a:ea:ae:c3:c1:ca:fe:ba:8d:
         84:fe:7e:df:3e:dd:47:d0:9b:ea:99:66:6d:5c:19:29:7c:96:
         2c:c6:0c:73:80:0c:ab:45:7b:61:45:1c:86:21:bd:48:2b:8b:
         24:9b:81:ac:04:09:31:dc:37:1b:c5:2e:fe:cf:91:02:51:0d:
         33:64:cb:61:9e:64:f5:eb:c8:f0:5d:da:2e:6b:3c:a3:30:54:
         70:f5:91:75:02:50:2b:8d:09:a8:a9:e4:24:94:dc:fb:f7:60:
         8e:bd:79:48:33:15:8d:68:82:a6:61:cf:62:c7:40:94:b7:7b:
         fa:d3:2c:12:53:1b:88:4d:d8:39:25:0d:1c:76:d6:b9:0b:71:
         4f:b0:e4:17:f6:34:d5:38:7b:76:03:e4:aa:8a:00:81:5e:c1:
         25:03:a7:c5:b5:8f:ac:2f:43:0a:11:c5:64:75:18:66:9a:b8:
         51:4e:b1:1f:b3:63:3d:0d:66:43:38:92:ef:1d:1c:9d:64:c1:
         bd:d4:e6:c0:b3:c4:0b:e7:bf:8a:85:7e:42:05:c1:a0:8f:ca:
         2e:0e:d3:08:67:85:a9:91:c7:a9:4a:0d:65:52:8b:71:c1:7a:
         a4:00:09:87
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUULe2OoemtlZDvgvmdhdv79fFzJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjYxODU3NDlaFw0yNTAxMjQxOTAyNDlaMDMxMTAvBgNV
BAMTKEM4QTcwNUJFMENBNDc3RkFBRkJBODI5M0Q5QkQyOTcxOTdCRkY0MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwxMWvpk4h83mWVsuIDW9F2vI5
Yua348PQiev2sfx/y1yCHilHl4yoFHYN5itHjCjBaEHW1Z3sGUE9pGT7b0VMHqBI
cXOh3ySD9cdWc6m7qorIlD+wev/hfsjLyiO5AwbWfJ/eZdjs06FX0Tr7QTzTGn3S
4VmUPnSb2hQMIYf/tVS0vzowKLGdM0gw8hOWtkUr9Izpg4i31LuijA8gTpYE46sU
SBRnlfCdej7CEDpjTo5HgT+cgl3U9jrOxhTIqI6GarVUHl4Vwktz0U9pEkQ0TFY6
vYUZZCqplVlVbbuBjhtoTZhvV58OrwTcSzRyQTLYsflioIUxspyZH8p+ZpOnAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUyKcFvgykd/qvuoKT2b0pcZe/9BUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMzMzkyZTMx
MzQzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnvlTANBgkqhkiG9w0BAQsFAAOCAQEAbHrjo+nXiFVT2K3ucxTl9/Q6eqDE
fHy4zAzdmuquw8HK/rqNhP5+3z7dR9Cb6plmbVwZKXyWLMYMc4AMq0V7YUUchiG9
SCuLJJuBrAQJMdw3G8Uu/s+RAlENM2TLYZ5k9evI8F3aLms8ozBUcPWRdQJQK40J
qKnkJJTc+/dgjr15SDMVjWiCpmHPYsdAlLd7+tMsElMbiE3YOSUNHHbWuQtxT7Dk
F/Y01Th7dgPkqooAgV7BJQOnxbWPrC9DChHFZHUYZpq4UU6xH7NjPQ1mQziS7x0c
nWTBvdTmwLPEC+e/ioV+QgXBoI/KLg7TCGeFqZHHqUoNZVKLccF6pAAJhw==
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:56 2024 by rpki-client on console-fra.rpki-client.org