Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3138302e3135332e302f32342d3234203d3e203437353833.roa
File:                     38322e3138302e3135332e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          95AnHaCLhJWUUjrFRLzsHH89P/nJxm4GouHU6cQ0QPw=
Subject key identifier:   5D:8B:46:00:F5:A0:24:14:D8:52:1C:72:4D:95:74:1F:12:7A:62:6C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4113AD0136D164AA4AF4B4BE4AB16FDF4AB1BC92
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3138302e3135332e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:09 +0000
ROA not before:           Mon 26 Feb 2024 08:48:09 +0000
ROA not after:            Mon 24 Feb 2025 08:53:09 +0000
asID:                     47583
IP address blocks:        82.180.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:13:ad:01:36:d1:64:aa:4a:f4:b4:be:4a:b1:6f:df:4a:b1:bc:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:09 2024 GMT
            Not After : Feb 24 08:53:09 2025 GMT
        Subject: CN=5D8B4600F5A02414D8521C724D95741F127A626C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:04:33:40:e7:ca:0d:56:13:03:e1:c8:65:df:
                    3c:47:f6:8e:23:90:1a:23:61:4f:f4:78:07:19:27:
                    a9:dd:9e:97:73:f5:ee:ca:b4:5c:32:6d:2e:a4:2c:
                    c6:9a:e6:8a:27:bc:60:c7:96:85:16:ea:b9:04:5e:
                    5a:ad:04:72:09:05:c8:58:5f:c0:54:0f:50:41:01:
                    60:69:74:22:b0:03:39:97:07:43:34:b5:9d:0b:12:
                    28:a1:f4:78:e6:0a:85:36:73:73:85:f3:67:ee:8b:
                    33:fd:59:7b:39:26:b3:e2:74:16:3d:be:df:fa:d6:
                    64:98:fa:69:1f:dd:eb:33:2f:4d:1d:34:a4:00:78:
                    d5:e8:92:f6:ae:4a:9d:16:77:91:80:61:dc:d5:9e:
                    90:71:85:68:51:da:25:66:a9:44:91:bd:84:4a:d5:
                    5a:04:07:ea:3c:bd:1d:b0:20:4c:b5:d2:d5:ec:df:
                    8c:8f:cc:bf:39:38:44:26:0f:ce:c2:60:42:5e:fa:
                    0f:60:33:08:b6:1c:23:a4:dd:5e:52:c2:7a:e9:33:
                    4c:1b:c9:f9:ff:dd:11:09:e6:2a:91:47:3a:ed:3e:
                    bd:22:36:93:4d:b7:1b:ea:ea:a5:ba:1b:f5:c1:93:
                    15:91:5b:a7:6b:68:3f:89:aa:22:99:c3:b8:fd:89:
                    af:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:8B:46:00:F5:A0:24:14:D8:52:1C:72:4D:95:74:1F:12:7A:62:6C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3138302e3135332e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.180.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:ee:cc:9e:50:d5:47:a7:07:e0:7d:00:90:f8:c0:62:be:ac:
         71:ae:5c:5f:57:4c:49:22:ae:2c:00:18:db:65:05:ce:09:26:
         1b:d1:fe:04:1b:93:88:df:10:f0:ac:2e:0b:e8:f4:27:66:84:
         1f:ed:a7:23:ff:72:46:ee:0e:9d:2d:02:f3:08:20:24:e0:e9:
         15:5e:26:64:d8:6c:cd:02:d6:f3:07:23:99:c4:c9:80:1f:ad:
         e9:e9:e1:a7:67:92:d4:59:67:ef:55:82:18:a3:9d:52:b4:8d:
         0a:4c:16:70:58:21:a8:e8:23:81:ec:cd:72:a9:75:aa:b9:98:
         f3:fe:49:f8:0e:7e:c4:08:d4:c7:05:9e:49:d6:a8:3b:6d:03:
         f8:11:02:e9:e5:e6:0e:9d:fa:19:2b:1d:7f:3b:99:df:82:4b:
         16:0e:f0:fa:a5:65:8f:40:1b:35:5a:cd:23:7c:80:0a:a9:67:
         97:92:d1:24:21:1f:01:56:d9:96:ee:06:58:6a:26:1c:ab:6c:
         4e:ec:19:7c:20:5b:8e:ff:6d:b5:2b:95:ba:5a:60:7f:58:e3:
         6b:86:06:fa:bd:3a:8c:bf:09:c4:9b:99:f0:ff:3a:87:8c:fb:
         39:e7:d9:0f:3f:73:2b:ee:02:1d:fd:6e:03:4e:25:75:0d:86:
         12:26:24:22
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQROtATbRZKpK9LS+SrFv30qxvJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDlaFw0yNTAyMjQwODUzMDlaMDMxMTAvBgNV
BAMTKDVEOEI0NjAwRjVBMDI0MTREODUyMUM3MjREOTU3NDFGMTI3QTYyNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6BDNA58oNVhMD4chl3zxH9o4j
kBojYU/0eAcZJ6ndnpdz9e7KtFwybS6kLMaa5oonvGDHloUW6rkEXlqtBHIJBchY
X8BUD1BBAWBpdCKwAzmXB0M0tZ0LEiih9HjmCoU2c3OF82fuizP9WXs5JrPidBY9
vt/61mSY+mkf3eszL00dNKQAeNXokvauSp0Wd5GAYdzVnpBxhWhR2iVmqUSRvYRK
1VoEB+o8vR2wIEy10tXs34yPzL85OEQmD87CYEJe+g9gMwi2HCOk3V5SwnrpM0wb
yfn/3REJ5iqRRzrtPr0iNpNNtxvq6qW6G/XBkxWRW6draD+JqiKZw7j9ia/RAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUXYtGAPWgJBTYUhxyTZV0HxJ6YmwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzODMwMmUzMTM1
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
UrSZMA0GCSqGSIb3DQEBCwUAA4IBAQCT7syeUNVHpwfgfQCQ+MBivqxxrlxfV0xJ
Iq4sABjbZQXOCSYb0f4EG5OI3xDwrC4L6PQnZoQf7acj/3JG7g6dLQLzCCAk4OkV
XiZk2GzNAtbzByOZxMmAH63p6eGnZ5LUWWfvVYIYo51StI0KTBZwWCGo6COB7M1y
qXWquZjz/kn4Dn7ECNTHBZ5J1qg7bQP4EQLp5eYOnfoZKx1/O5nfgksWDvD6pWWP
QBs1Ws0jfIAKqWeXktEkIR8BVtmW7gZYaiYcq2xO7Bl8IFuO/221K5W6WmB/WONr
hgb6vTqMvwnEm5nw/zqHjPs559kPP3Mr7gId/W4DTiV1DYYSJiQi
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:26 2024 by rpki-client on console-ams.rpki-client.org