Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3234312e3135302e302f32342d3234203d3e20323132323338.roa
File:                     3138352e3234312e3135302e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          MqXTHtXuz7TCzzZU5ZufYkCLQueM6KsXnP8jvqK07VU=
Subject key identifier:   EA:84:9F:AC:4F:B8:6A:F6:F6:2F:80:23:64:5E:1E:8B:D1:F6:35:64
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       735E3B96D7DDB18AADC468DDA766CE4E656DEA2E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3234312e3135302e302f32342d3234203d3e20323132323338.roa
Signing time:             Fri 01 Mar 2024 16:35:29 +0000
ROA not before:           Fri 01 Mar 2024 16:30:29 +0000
ROA not after:            Fri 28 Feb 2025 16:35:29 +0000
asID:                     212238
IP address blocks:        185.241.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:5e:3b:96:d7:dd:b1:8a:ad:c4:68:dd:a7:66:ce:4e:65:6d:ea:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  1 16:30:29 2024 GMT
            Not After : Feb 28 16:35:29 2025 GMT
        Subject: CN=EA849FAC4FB86AF6F62F8023645E1E8BD1F63564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:11:ac:7f:97:89:97:4f:c4:8d:9e:92:21:e8:
                    24:65:fc:db:b0:7d:4d:1c:ef:38:77:bb:76:21:51:
                    b6:02:ed:f0:77:57:68:78:3d:91:84:65:fe:91:9d:
                    22:3b:e1:30:2e:58:88:f6:84:ae:e2:60:ea:65:ae:
                    a6:9d:63:27:cf:1a:41:8a:10:4d:00:d8:bc:52:d2:
                    67:b3:49:84:01:fa:b8:ff:ea:62:51:82:5d:a5:4f:
                    66:e7:80:1e:bc:b7:43:32:fd:3d:b6:6f:6f:df:80:
                    75:15:c5:8b:78:90:a0:2e:95:65:dc:76:48:eb:1f:
                    6c:05:3d:5f:bd:0d:97:e9:4f:f6:13:7b:d5:b1:4f:
                    52:b7:2b:a8:e2:5f:60:ac:90:78:cd:8c:16:d0:f8:
                    6a:9d:43:a7:39:92:2a:03:f4:23:64:a6:00:cf:0a:
                    fd:da:f9:dd:9f:93:37:ed:27:11:78:3a:d4:35:4f:
                    f2:4b:a1:41:da:3f:36:8a:76:6c:85:9d:e5:1b:62:
                    21:e3:e6:e3:2a:75:61:86:12:47:14:80:a1:a5:bb:
                    17:e1:c8:9d:b9:3e:8c:a6:47:96:f7:9e:e2:70:a4:
                    51:69:87:4b:fd:a9:ff:74:2e:f8:f1:ac:1b:b1:8d:
                    40:74:d1:b5:5b:c8:80:38:fc:b9:8c:13:08:75:57:
                    92:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:84:9F:AC:4F:B8:6A:F6:F6:2F:80:23:64:5E:1E:8B:D1:F6:35:64
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3234312e3135302e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:bb:19:18:b1:e1:a5:62:24:10:49:f0:04:4d:a0:55:40:50:
         4c:3c:f0:e5:9e:d8:a0:bf:27:19:4c:dc:c7:f4:32:b2:6a:e8:
         68:4e:12:37:b2:05:ae:8c:4d:58:9d:3c:b2:87:99:fb:a9:26:
         d2:c0:e3:b3:42:a9:e7:e4:5c:68:cc:94:7c:c0:b2:73:69:a6:
         68:b1:62:09:d5:28:d6:3d:9a:25:70:0b:16:be:99:6d:53:a9:
         14:5d:af:01:97:28:d8:b1:08:11:ce:f5:f4:b3:ea:28:6e:cf:
         06:b3:1a:6b:56:ef:4f:9a:85:2f:f8:16:34:4b:44:89:8a:d6:
         7a:0b:1f:00:bd:a1:1d:a5:7d:0d:46:b9:b9:28:4d:8a:32:ff:
         2d:ef:ed:89:7b:21:52:19:df:f5:1b:ce:98:6a:9c:3d:50:2a:
         3f:57:f4:5a:cc:e8:44:62:ab:89:7e:54:1c:a9:7a:64:c7:ee:
         6e:b5:04:9d:f6:95:52:a7:66:d7:f6:37:0e:2e:f5:ac:c9:e0:
         e8:ae:95:10:23:fc:ac:21:52:ff:39:af:6e:1e:b7:ab:cc:8e:
         d2:3d:68:1c:56:44:e0:17:93:1a:a4:87:bb:5d:a4:15:c1:80:
         69:df:8d:95:b7:51:ac:3f:65:bc:93:74:39:ca:01:33:68:81:
         90:4d:b9:2a
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUc147ltfdsYqtxGjdp2bOTmVt6i4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMDExNjMwMjlaFw0yNTAyMjgxNjM1MjlaMDMxMTAvBgNV
BAMTKEVBODQ5RkFDNEZCODZBRjZGNjJGODAyMzY0NUUxRThCRDFGNjM1NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfEax/l4mXT8SNnpIh6CRl/Nuw
fU0c7zh3u3YhUbYC7fB3V2h4PZGEZf6RnSI74TAuWIj2hK7iYOplrqadYyfPGkGK
EE0A2LxS0mezSYQB+rj/6mJRgl2lT2bngB68t0My/T22b2/fgHUVxYt4kKAulWXc
dkjrH2wFPV+9DZfpT/YTe9WxT1K3K6jiX2CskHjNjBbQ+GqdQ6c5kioD9CNkpgDP
Cv3a+d2fkzftJxF4OtQ1T/JLoUHaPzaKdmyFneUbYiHj5uMqdWGGEkcUgKGluxfh
yJ25PoymR5b3nuJwpFFph0v9qf90LvjxrBuxjUB00bVbyIA4/LmMEwh1V5KLAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU6oSfrE+4avb2L4AjZF4ei9H2NWQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjM0MzEyZTMx
MzUzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMyMzMzOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnxljANBgkqhkiG9w0BAQsFAAOCAQEAj7sZGLHhpWIkEEnwBE2gVUBQTDzw
5Z7YoL8nGUzcx/QysmroaE4SN7IFroxNWJ08soeZ+6km0sDjs0Kp5+RcaMyUfMCy
c2mmaLFiCdUo1j2aJXALFr6ZbVOpFF2vAZco2LEIEc719LPqKG7PBrMaa1bvT5qF
L/gWNEtEiYrWegsfAL2hHaV9DUa5uShNijL/Le/tiXshUhnf9RvOmGqcPVAqP1f0
WszoRGKriX5UHKl6ZMfubrUEnfaVUqdm1/Y3Di71rMng6K6VECP8rCFS/zmvbh63
q8yO0j1oHFZE4BeTGqSHu12kFcGAad+NlbdRrD9lvJN0OcoBM2iBkE25Kg==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:25 2024 by rpki-client on console-ams.rpki-client.org