Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3138302e3135362e302f32322d3234203d3e203437353833.roa
File:                     38322e3138302e3135362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          vScVx9qQvHBfPGfV4tRjSGP9QNPaFY4tlt3bDyDlLWI=
Subject key identifier:   D8:4A:C0:A7:39:69:12:B9:CB:AF:20:E2:29:A1:4B:D9:9B:45:F6:62
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4213F65B6E1EBB9EB0528DCAB42AF85B78539061
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3138302e3135362e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:59 +0000
ROA not before:           Mon 26 Feb 2024 08:47:59 +0000
ROA not after:            Mon 24 Feb 2025 08:52:59 +0000
asID:                     47583
IP address blocks:        82.180.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:13:f6:5b:6e:1e:bb:9e:b0:52:8d:ca:b4:2a:f8:5b:78:53:90:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:47:59 2024 GMT
            Not After : Feb 24 08:52:59 2025 GMT
        Subject: CN=D84AC0A7396912B9CBAF20E229A14BD99B45F662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0d:59:c9:cb:ca:a2:6b:01:ae:45:bc:6f:b8:
                    2b:ad:63:7a:2c:9c:f9:a4:eb:67:30:52:79:40:4b:
                    06:a7:b6:a9:d9:66:2e:81:e0:4b:30:e8:d3:7e:4d:
                    94:c8:fc:ab:0d:8f:82:7e:9e:b5:6e:f4:f3:69:a2:
                    4f:c0:cd:14:90:de:1d:b5:f6:30:99:66:f7:b3:85:
                    4a:e7:90:a7:8f:10:e8:90:63:1e:84:bb:af:59:6a:
                    92:07:05:1e:a9:23:60:3a:de:01:3a:12:6e:5a:08:
                    30:03:cd:33:c0:54:a1:b9:5c:1d:67:4d:8e:9a:82:
                    f5:4c:45:27:9e:30:a6:2b:87:91:aa:58:ff:53:ee:
                    41:4a:98:46:b5:ee:79:67:bc:8d:b0:61:dd:00:7a:
                    01:b6:63:c8:9c:71:91:db:24:7b:d5:ab:23:a6:11:
                    cb:5e:9b:09:72:f9:dd:d4:40:dd:09:e7:79:9e:8c:
                    8d:d1:2e:df:aa:c8:9b:84:f1:82:20:80:d3:8c:f1:
                    cc:04:bd:2e:97:52:e4:06:94:ae:9a:d5:2d:90:fe:
                    96:12:9c:fb:99:86:37:e0:2b:c2:34:7c:04:82:6d:
                    d1:77:ea:f3:18:91:4b:53:ec:3d:0c:24:c8:c6:34:
                    48:59:51:10:14:2b:7d:e8:c4:bc:94:e4:cf:e3:a4:
                    a3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:4A:C0:A7:39:69:12:B9:CB:AF:20:E2:29:A1:4B:D9:9B:45:F6:62
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3138302e3135362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.180.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:b0:70:e3:0d:8c:a2:5b:35:8f:94:0d:92:23:02:29:1e:53:
         a7:09:7b:e5:97:dd:51:14:af:26:4e:ca:97:ea:c7:c9:81:42:
         1a:24:70:25:e7:c5:c8:06:ee:59:44:11:df:0a:ea:a1:25:51:
         61:35:6c:6d:96:c1:41:7b:b9:4a:74:a6:82:e8:55:7b:5e:a2:
         4a:bc:bc:bd:eb:95:3e:53:62:29:0d:aa:69:77:39:b0:b6:8e:
         06:47:fe:32:63:65:9e:95:05:2c:65:50:f5:fd:68:0d:9a:e8:
         c9:fe:2e:fd:5f:2a:58:23:34:04:a2:c8:d6:a5:b1:3e:e2:a1:
         a8:02:0d:d7:56:43:55:d7:8f:04:20:ef:13:19:6c:b2:16:77:
         91:47:c0:8d:c8:d6:bd:f1:7b:e4:37:1c:59:43:a0:91:00:66:
         4a:97:de:4c:98:70:e8:5a:b6:e4:c5:dc:00:2d:90:86:19:23:
         a5:bb:d6:b7:8e:1d:4b:a6:f1:df:0d:f8:ca:df:c1:bd:19:b5:
         64:88:67:06:1a:33:8d:9d:2b:af:30:4f:6f:b5:34:97:d3:25:
         51:05:f8:ee:c6:5a:80:9b:cb:96:c1:4a:4c:5e:1a:b1:63:43:
         39:f5:f3:0e:1c:0d:8b:1b:b3:8b:b6:90:ed:9f:d6:d7:c8:01:
         0f:c9:c2:7d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQhP2W24eu56wUo3KtCr4W3hTkGEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ3NTlaFw0yNTAyMjQwODUyNTlaMDMxMTAvBgNV
BAMTKEQ4NEFDMEE3Mzk2OTEyQjlDQkFGMjBFMjI5QTE0QkQ5OUI0NUY2NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DVnJy8qiawGuRbxvuCutY3os
nPmk62cwUnlASwantqnZZi6B4Esw6NN+TZTI/KsNj4J+nrVu9PNpok/AzRSQ3h21
9jCZZvezhUrnkKePEOiQYx6Eu69ZapIHBR6pI2A63gE6Em5aCDADzTPAVKG5XB1n
TY6agvVMRSeeMKYrh5GqWP9T7kFKmEa17nlnvI2wYd0AegG2Y8iccZHbJHvVqyOm
Ectemwly+d3UQN0J53mejI3RLt+qyJuE8YIggNOM8cwEvS6XUuQGlK6a1S2Q/pYS
nPuZhjfgK8I0fASCbdF36vMYkUtT7D0MJMjGNEhZURAUK33oxLyU5M/jpKPhAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU2ErApzlpErnLryDiKaFL2ZtF9mIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzODMwMmUzMTM1
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
UrScMA0GCSqGSIb3DQEBCwUAA4IBAQB/sHDjDYyiWzWPlA2SIwIpHlOnCXvll91R
FK8mTsqX6sfJgUIaJHAl58XIBu5ZRBHfCuqhJVFhNWxtlsFBe7lKdKaC6FV7XqJK
vLy965U+U2IpDappdzmwto4GR/4yY2WelQUsZVD1/WgNmujJ/i79XypYIzQEosjW
pbE+4qGoAg3XVkNV148EIO8TGWyyFneRR8CNyNa98XvkNxxZQ6CRAGZKl95MmHDo
WrbkxdwALZCGGSOlu9a3jh1LpvHfDfjK38G9GbVkiGcGGjONnSuvME9vtTSX0yVR
BfjuxlqAm8uWwUpMXhqxY0M59fMOHA2LG7OLtpDtn9bXyAEPycJ9
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:48 2024 by rpki-client on console-ams.rpki-client.org