Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3134392e38332e302f32342d3234203d3e20313336373837.roa
File:                     38322e3134392e38332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          rrqhjTmq6rYd4c4gE7BAwQS3DzsfpPnNcVlLlwNcZ7c=
Subject key identifier:   F2:38:5C:43:6B:E9:D7:10:0F:AD:60:7C:97:E3:D6:44:E0:B4:DF:70
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       704D000C53A846FFF612425A2A2F8FA64DB75BF6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3134392e38332e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 26 Jan 2024 19:02:41 +0000
ROA not before:           Fri 26 Jan 2024 18:57:41 +0000
ROA not after:            Fri 24 Jan 2025 19:02:41 +0000
asID:                     136787
IP address blocks:        82.149.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:4d:00:0c:53:a8:46:ff:f6:12:42:5a:2a:2f:8f:a6:4d:b7:5b:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 18:57:41 2024 GMT
            Not After : Jan 24 19:02:41 2025 GMT
        Subject: CN=F2385C436BE9D7100FAD607C97E3D644E0B4DF70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:24:c2:f9:0d:ca:bc:43:7e:8f:f5:99:75:02:
                    d2:e9:ef:f9:25:81:3d:b7:57:e0:8f:6a:c6:00:90:
                    2f:c6:0c:d4:dc:9b:09:04:2d:e1:45:9e:72:b1:0d:
                    6d:e0:05:d3:40:05:58:de:b1:b1:68:86:a5:ed:a6:
                    4c:5a:27:74:c0:31:ed:41:d7:35:6c:67:4f:8b:f5:
                    0c:6a:07:21:c8:e4:9e:5f:92:77:60:6e:18:a5:07:
                    3a:d0:59:22:fe:13:cc:3d:ef:5d:a1:f6:ba:d3:45:
                    81:55:ac:95:74:92:bf:1c:ef:f0:90:d1:0a:f7:c4:
                    38:23:fd:53:dd:e5:6e:d3:53:ef:ca:09:56:83:e4:
                    82:08:2a:f8:fb:42:03:54:56:dd:6f:d7:4c:db:d9:
                    d3:0b:2a:65:5f:c6:04:5b:60:23:7d:e4:f8:2d:c2:
                    5f:17:0f:2c:53:ad:74:b9:01:ed:6d:40:95:14:8c:
                    3f:5a:19:62:32:c3:95:e4:2e:a7:ef:c7:6d:b3:8d:
                    1c:16:d4:df:01:fe:74:61:8a:6f:ca:28:3d:a1:35:
                    95:84:95:d3:09:b5:73:8c:9a:32:2a:e1:8d:41:e5:
                    cd:03:b1:7d:c4:55:0a:02:02:19:c5:2d:b3:06:0c:
                    57:7a:1b:f4:9a:a8:a4:ed:23:9f:07:0c:53:97:d5:
                    7e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:38:5C:43:6B:E9:D7:10:0F:AD:60:7C:97:E3:D6:44:E0:B4:DF:70
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3134392e38332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.149.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:1a:0f:38:c9:02:7d:80:71:2f:1b:32:48:f5:2e:bc:97:1a:
         89:8f:14:86:02:7e:78:17:76:fb:8f:a0:1d:81:b8:c0:40:26:
         a1:e5:c3:eb:b8:38:da:d6:3d:0b:64:c6:20:60:f1:eb:89:78:
         51:af:ed:51:57:6b:5e:55:94:b5:62:52:94:67:94:76:16:42:
         df:f8:e8:0d:68:bd:60:d6:54:5b:41:b8:42:ea:b0:54:25:2d:
         36:c4:1e:15:8f:68:b1:ff:b2:62:d1:54:79:de:de:ac:9a:2e:
         a9:10:b3:7f:68:e3:16:7d:aa:76:dc:3b:ce:6c:53:22:f9:b3:
         61:1a:80:87:e8:1a:97:c3:18:ca:f9:ad:27:e7:b9:3f:a3:67:
         19:5f:8c:d9:30:7e:ab:ab:13:63:f0:9d:c9:a8:4b:03:94:b6:
         9d:17:a7:69:4e:3b:36:47:aa:60:a0:45:11:f4:4a:35:fe:44:
         a5:ee:9c:b8:4b:fe:0a:b6:e4:c4:be:a6:8a:98:6e:94:30:07:
         f2:00:27:1d:39:46:47:dc:c7:4d:b3:84:e6:a5:0c:32:01:85:
         69:59:dd:a6:5d:79:4b:7a:65:36:61:d0:28:a4:1b:cc:77:45:
         85:0c:37:16:e6:0e:d6:05:c9:33:79:de:05:69:07:28:29:50:
         e0:42:29:4c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUcE0ADFOoRv/2EkJaKi+Ppk23W/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjYxODU3NDFaFw0yNTAxMjQxOTAyNDFaMDMxMTAvBgNV
BAMTKEYyMzg1QzQzNkJFOUQ3MTAwRkFENjA3Qzk3RTNENjQ0RTBCNERGNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmJML5Dcq8Q36P9Zl1AtLp7/kl
gT23V+CPasYAkC/GDNTcmwkELeFFnnKxDW3gBdNABVjesbFohqXtpkxaJ3TAMe1B
1zVsZ0+L9QxqByHI5J5fkndgbhilBzrQWSL+E8w9712h9rrTRYFVrJV0kr8c7/CQ
0Qr3xDgj/VPd5W7TU+/KCVaD5IIIKvj7QgNUVt1v10zb2dMLKmVfxgRbYCN95Pgt
wl8XDyxTrXS5Ae1tQJUUjD9aGWIyw5XkLqfvx22zjRwW1N8B/nRhim/KKD2hNZWE
ldMJtXOMmjIq4Y1B5c0DsX3EVQoCAhnFLbMGDFd6G/SaqKTtI58HDFOX1X4tAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU8jhcQ2vp1xAPrWB8l+PWROC033AwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzNDM5MmUzODMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
UpVTMA0GCSqGSIb3DQEBCwUAA4IBAQBBGg84yQJ9gHEvGzJI9S68lxqJjxSGAn54
F3b7j6AdgbjAQCah5cPruDja1j0LZMYgYPHriXhRr+1RV2teVZS1YlKUZ5R2FkLf
+OgNaL1g1lRbQbhC6rBUJS02xB4Vj2ix/7Ji0VR53t6smi6pELN/aOMWfap23DvO
bFMi+bNhGoCH6BqXwxjK+a0n57k/o2cZX4zZMH6rqxNj8J3JqEsDlLadF6dpTjs2
R6pgoEUR9Eo1/kSl7py4S/4KtuTEvqaKmG6UMAfyACcdOUZH3MdNs4TmpQwyAYVp
Wd2mXXlLemU2YdAopBvMd0WFDDcW5g7WBckzed4FaQcoKVDgQilM
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:48 2024 by rpki-client on console-ams.rpki-client.org