Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233392e3135302e302f32342d3234203d3e20313336373837.roa
File:                     3138352e3233392e3135302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          dCMBfZEJNlByIP32+6imPsyRowrbnnpVXumyEu8cYVw=
Subject key identifier:   38:8A:A1:CC:D3:0A:AA:C9:69:07:D6:E9:9F:11:73:17:BB:80:37:49
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1707ABF552AB5CA8A59235831C2F65B908070DB0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233392e3135302e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 26 Jan 2024 19:02:50 +0000
ROA not before:           Fri 26 Jan 2024 18:57:50 +0000
ROA not after:            Fri 24 Jan 2025 19:02:50 +0000
asID:                     136787
IP address blocks:        185.239.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:07:ab:f5:52:ab:5c:a8:a5:92:35:83:1c:2f:65:b9:08:07:0d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 18:57:50 2024 GMT
            Not After : Jan 24 19:02:50 2025 GMT
        Subject: CN=388AA1CCD30AAAC96907D6E99F117317BB803749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a7:b7:fb:8f:83:6e:83:4b:06:4b:45:3f:a6:
                    95:42:fe:10:0d:32:8f:f7:61:06:0b:1e:55:89:c4:
                    11:1e:d8:1c:6f:0b:7c:36:08:b2:94:87:10:b5:a1:
                    e2:57:a4:9a:68:13:d9:f4:b9:f4:cb:2f:a0:7f:76:
                    5a:95:aa:c0:2b:e4:4a:3f:95:81:a9:74:eb:2d:34:
                    8a:74:36:73:be:30:d9:bc:34:a6:c2:d6:ed:6f:61:
                    87:ee:cd:c4:3a:3b:fc:00:c9:5d:c0:a1:1c:63:ad:
                    f2:ba:85:b0:35:f1:3e:49:39:cf:08:e8:5d:f1:be:
                    98:15:41:7a:4f:e4:1d:56:f2:6c:50:70:2b:02:34:
                    f5:28:e0:0a:90:f5:e7:7a:01:3a:0d:a7:63:e5:1f:
                    ef:9a:2f:b8:9a:b8:99:e3:67:47:bd:1f:1b:38:ce:
                    dd:91:86:57:39:df:ca:23:1f:9f:7d:1d:8c:36:b6:
                    d9:9e:42:25:cb:42:51:85:28:54:2b:55:e7:c6:c9:
                    d5:a5:b5:df:9d:37:6d:1e:3e:3b:38:48:96:82:b3:
                    f1:18:03:0d:f3:b1:d1:04:74:be:12:a9:d1:3d:65:
                    e0:8e:41:99:80:13:52:34:43:98:d1:ef:1a:cd:80:
                    43:a7:65:45:a7:12:93:16:0b:e6:4f:70:bf:2e:f4:
                    2a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8A:A1:CC:D3:0A:AA:C9:69:07:D6:E9:9F:11:73:17:BB:80:37:49
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3233392e3135302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:df:76:fb:aa:15:09:20:67:5a:14:8d:45:84:08:83:e5:3d:
         f0:a5:79:bb:fc:a6:f4:c8:69:72:65:cb:2c:90:e1:c1:d8:6f:
         39:00:78:b3:ad:68:e1:21:1f:18:e9:c1:c9:6c:30:28:c7:6a:
         91:66:13:9e:be:50:d6:2e:6b:b3:f0:36:da:72:21:51:ba:34:
         1a:a9:98:08:47:df:41:b1:eb:f8:d5:06:83:b0:e5:a5:bd:a1:
         0f:83:af:75:1c:0a:6b:f1:57:99:76:2b:f8:7b:4a:3f:08:c4:
         42:ee:11:c7:6c:96:c5:4a:c3:31:16:1f:00:15:b1:7f:95:17:
         87:e8:2d:8d:ca:47:9a:a0:c5:1e:aa:e8:0c:d2:f7:49:51:c8:
         d6:87:64:5a:66:25:73:2e:0c:78:f3:b4:5f:8a:67:74:94:d8:
         b2:8d:95:f1:97:70:67:0c:8c:c4:0b:86:0c:07:d9:4b:9e:45:
         6d:ac:c8:31:9a:bc:c7:51:7b:0f:03:b1:76:eb:af:8e:e7:70:
         b5:ff:de:3b:68:54:46:8f:61:e8:1e:22:8e:5e:1a:02:d1:e0:
         83:fc:21:0c:ae:62:89:ac:b5:45:7e:7d:84:41:b9:af:ff:49:
         21:af:05:d7:a8:87:f7:d3:1e:7c:8f:44:3f:7c:66:e5:23:c4:
         53:e2:3a:01
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUFwer9VKrXKilkjWDHC9luQgHDbAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjYxODU3NTBaFw0yNTAxMjQxOTAyNTBaMDMxMTAvBgNV
BAMTKDM4OEFBMUNDRDMwQUFBQzk2OTA3RDZFOTlGMTE3MzE3QkI4MDM3NDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRp7f7j4Nug0sGS0U/ppVC/hAN
Mo/3YQYLHlWJxBEe2BxvC3w2CLKUhxC1oeJXpJpoE9n0ufTLL6B/dlqVqsAr5Eo/
lYGpdOstNIp0NnO+MNm8NKbC1u1vYYfuzcQ6O/wAyV3AoRxjrfK6hbA18T5JOc8I
6F3xvpgVQXpP5B1W8mxQcCsCNPUo4AqQ9ed6AToNp2PlH++aL7iauJnjZ0e9Hxs4
zt2Rhlc538ojH599HYw2ttmeQiXLQlGFKFQrVefGydWltd+dN20ePjs4SJaCs/EY
Aw3zsdEEdL4SqdE9ZeCOQZmAE1I0Q5jR7xrNgEOnZUWnEpMWC+ZPcL8u9CrDAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUOIqhzNMKqslpB9bpnxFzF7uAN0kwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMzMzkyZTMx
MzUzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnvljANBgkqhkiG9w0BAQsFAAOCAQEABt92+6oVCSBnWhSNRYQIg+U98KV5
u/ym9MhpcmXLLJDhwdhvOQB4s61o4SEfGOnByWwwKMdqkWYTnr5Q1i5rs/A22nIh
Ubo0GqmYCEffQbHr+NUGg7Dlpb2hD4OvdRwKa/FXmXYr+HtKPwjEQu4Rx2yWxUrD
MRYfABWxf5UXh+gtjcpHmqDFHqroDNL3SVHI1odkWmYlcy4MePO0X4pndJTYso2V
8ZdwZwyMxAuGDAfZS55FbazIMZq8x1F7DwOxduuvjudwtf/eO2hURo9h6B4ijl4a
AtHgg/whDK5iiay1RX59hEG5r/9JIa8F16iH99MefI9EP3xm5SPEU+I6AQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:48 2024 by rpki-client on console-ams.rpki-client.org