Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233322e302f32342d3234203d3e20323037313337.roa
File:                     38352e3139302e3233322e302f32342d3234203d3e20323037313337.roa (raw, json)
Hash identifier:          bEeGjjaOL+oTwe2UYxYSgkPv0AW5pdipVzdOPjJZG5Y=
Subject key identifier:   21:CA:94:E0:00:AD:65:6F:6F:F0:A2:6C:69:42:93:14:0C:2B:4C:88
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70B533ACCC87551669158010FE2868D78AB12880
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233322e302f32342d3234203d3e20323037313337.roa
Signing time:             Mon 26 Feb 2024 08:53:22 +0000
ROA not before:           Mon 26 Feb 2024 08:48:22 +0000
ROA not after:            Mon 24 Feb 2025 08:53:22 +0000
asID:                     207137
IP address blocks:        85.190.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:b5:33:ac:cc:87:55:16:69:15:80:10:fe:28:68:d7:8a:b1:28:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:22 2024 GMT
            Not After : Feb 24 08:53:22 2025 GMT
        Subject: CN=21CA94E000AD656F6FF0A26C694293140C2B4C88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c4:26:ba:2e:56:b7:b9:61:4e:ba:ea:e3:a7:
                    3d:87:66:05:07:d3:c8:ed:f3:af:83:0c:fe:9e:f2:
                    79:0b:d4:88:73:41:06:06:ce:c2:33:89:ee:eb:e8:
                    9a:10:27:32:6d:bf:f8:f5:3a:b9:7a:72:ba:b5:2e:
                    39:14:78:60:8f:5d:c1:4c:d7:5e:14:51:65:59:55:
                    ba:ac:1b:82:36:d3:16:d1:c5:17:ed:3c:41:15:f8:
                    ee:e8:7c:eb:d8:dd:4f:87:24:87:09:a7:fd:97:10:
                    0e:95:0c:ed:9c:49:23:07:bf:88:86:ce:06:9a:9e:
                    92:97:38:8d:d0:78:b0:d3:d9:fc:27:4c:86:49:b3:
                    44:85:cd:80:36:e2:06:b7:6b:04:2f:2b:ae:c0:1a:
                    71:2d:ad:ed:71:e3:c1:2d:e0:be:2b:3d:61:7e:9f:
                    77:99:8e:ab:19:3d:4d:75:0f:e0:9a:39:7c:97:30:
                    67:14:a8:19:8b:c7:ca:12:14:2a:b4:a3:e5:64:70:
                    39:92:6b:f4:31:f3:95:94:4a:e5:f8:58:b6:77:44:
                    15:f1:f0:a3:aa:e3:c2:af:59:84:26:33:c9:30:8a:
                    3d:57:9d:ad:7b:89:be:6d:dd:cd:b4:c9:85:59:da:
                    56:9c:2a:c4:ee:ca:e4:09:00:dd:cd:45:8d:66:dc:
                    dd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:CA:94:E0:00:AD:65:6F:6F:F0:A2:6C:69:42:93:14:0C:2B:4C:88
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233322e302f32342d3234203d3e20323037313337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.190.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:62:77:d7:66:88:06:8c:10:0f:b5:ea:fa:7d:f9:a4:39:2f:
         4d:72:00:e1:f2:1e:d3:b7:cb:e4:78:ef:38:b4:4c:97:2d:b8:
         dd:9e:1a:17:48:99:53:c4:d9:fe:fc:ba:5c:58:7c:80:c1:bc:
         60:f7:c6:fd:95:3e:a9:ca:53:23:80:80:c3:ad:01:7e:40:8a:
         f9:7f:58:b1:95:7c:d4:76:74:bd:10:08:58:03:a3:61:c6:30:
         62:4b:5a:f3:0f:78:1a:7e:f8:e0:50:a6:1e:3c:c6:8e:9c:24:
         9a:f3:52:4d:d0:02:b6:d1:cd:c9:89:41:1b:ac:4b:04:4d:d2:
         eb:83:7b:52:37:fd:21:4b:c0:19:76:26:29:cc:70:75:ca:d4:
         b1:b1:ac:1e:b4:df:eb:43:f6:09:05:18:ba:f2:3d:05:b0:16:
         ef:a5:a0:9a:05:87:92:7a:06:ff:0e:48:f1:83:8c:03:19:1b:
         b3:46:f4:bf:94:8c:ab:b1:9b:df:fd:2d:3b:22:f7:52:ec:ff:
         73:be:00:bf:f6:7d:87:e2:1f:90:6b:f5:fd:37:07:93:37:bf:
         0d:f0:0b:28:e0:17:31:fb:37:fe:e9:dc:09:fc:9f:7c:82:59:
         68:68:8a:05:03:aa:23:cd:8e:4e:a1:f4:fc:5b:4b:24:4d:d4:
         ec:80:32:0e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUcLUzrMyHVRZpFYAQ/iho14qxKIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjJaFw0yNTAyMjQwODUzMjJaMDMxMTAvBgNV
BAMTKDIxQ0E5NEUwMDBBRDY1NkY2RkYwQTI2QzY5NDI5MzE0MEMyQjRDODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHxCa6Lla3uWFOuurjpz2HZgUH
08jt86+DDP6e8nkL1IhzQQYGzsIzie7r6JoQJzJtv/j1Orl6crq1LjkUeGCPXcFM
114UUWVZVbqsG4I20xbRxRftPEEV+O7ofOvY3U+HJIcJp/2XEA6VDO2cSSMHv4iG
zgaanpKXOI3QeLDT2fwnTIZJs0SFzYA24ga3awQvK67AGnEtre1x48Et4L4rPWF+
n3eZjqsZPU11D+CaOXyXMGcUqBmLx8oSFCq0o+VkcDmSa/Qx85WUSuX4WLZ3RBXx
8KOq48KvWYQmM8kwij1Xna17ib5t3c20yYVZ2lacKsTuyuQJAN3NRY1m3N3vAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUIcqU4ACtZW9v8KJsaUKTFAwrTIgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzEzOTMwMmUzMjMz
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzczMTMzMzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABVvugwDQYJKoZIhvcNAQELBQADggEBAClid9dmiAaMEA+16vp9+aQ5L01yAOHy
HtO3y+R47zi0TJctuN2eGhdImVPE2f78ulxYfIDBvGD3xv2VPqnKUyOAgMOtAX5A
ivl/WLGVfNR2dL0QCFgDo2HGMGJLWvMPeBp++OBQph48xo6cJJrzUk3QArbRzcmJ
QRusSwRN0uuDe1I3/SFLwBl2JinMcHXK1LGxrB603+tD9gkFGLryPQWwFu+loJoF
h5J6Bv8OSPGDjAMZG7NG9L+UjKuxm9/9LTsi91Ls/3O+AL/2fYfiH5Br9f03B5M3
vw3wCyjgFzH7N/7p3An8n3yCWWhoigUDqiPNjk6h9PxbSyRN1OyAMg4=
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:59 2024 by rpki-client on console-fra.rpki-client.org