Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa
File:                     38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          6K7kHVLkjkGTRf6FeiTzxtOWZwCYgNBrrDp88m0ZXLM=
Subject key identifier:   42:8C:05:EA:C7:93:53:FB:27:CD:3E:EE:58:49:BB:87:33:87:9A:BB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       024F36DAEA135FFFC97D824E447B26FE2702C630
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:28 +0000
ROA not before:           Mon 26 Feb 2024 08:48:28 +0000
ROA not after:            Mon 24 Feb 2025 08:53:28 +0000
asID:                     201341
IP address blocks:        85.190.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:4f:36:da:ea:13:5f:ff:c9:7d:82:4e:44:7b:26:fe:27:02:c6:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:28 2024 GMT
            Not After : Feb 24 08:53:28 2025 GMT
        Subject: CN=428C05EAC79353FB27CD3EEE5849BB8733879ABB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:dc:22:52:f2:35:10:3d:26:1a:28:31:94:1e:
                    94:30:a6:f8:3d:18:fa:96:08:b5:40:a2:d3:f0:ce:
                    f6:91:f6:4d:f0:96:4b:46:d0:38:48:2a:1c:e4:85:
                    d3:c0:93:8c:46:46:e2:b0:b6:b2:2b:8a:67:bf:1f:
                    bd:f0:97:7e:82:d5:fe:22:b2:75:7a:b1:05:a6:1a:
                    51:16:13:fc:dc:bf:a5:d2:a4:23:4a:c6:6c:9e:bb:
                    95:d8:a3:ad:a3:df:f9:c7:71:31:41:c2:df:a1:41:
                    93:49:16:28:34:77:41:34:57:f1:88:8a:e3:91:e4:
                    13:ef:c5:5c:5b:26:07:68:06:85:d7:dd:40:2f:06:
                    6b:49:a7:74:20:e0:d8:51:3d:bf:df:e2:f3:64:f0:
                    82:dc:35:42:ae:61:b0:03:e7:4a:0d:a3:62:91:bd:
                    67:a6:56:85:b6:63:86:4d:9f:60:a4:18:6d:d2:70:
                    02:c5:f6:3b:94:33:ae:03:0d:f8:43:b8:ad:e4:75:
                    b3:1b:59:8e:0d:ff:f0:22:69:22:bd:11:fe:95:82:
                    62:a0:85:44:ca:20:57:1f:ab:5f:4f:e9:5c:70:f4:
                    8c:09:3f:6c:68:46:c9:9d:68:a7:05:d7:09:ab:17:
                    a4:36:de:21:01:81:42:73:3e:2c:58:0e:67:92:64:
                    5f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8C:05:EA:C7:93:53:FB:27:CD:3E:EE:58:49:BB:87:33:87:9A:BB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.190.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:ab:75:e0:6e:10:03:3d:e4:68:06:49:21:2b:dd:23:6d:e1:
         09:b8:c5:c2:8d:26:63:6f:7f:e8:2c:2b:02:6f:14:02:7b:15:
         78:53:9d:4b:ee:fd:93:12:aa:a0:73:1d:61:99:35:f5:f8:f3:
         8f:4e:01:3a:5f:a3:89:14:c0:fd:93:5c:86:22:01:4e:66:90:
         b6:0e:bb:09:74:6e:b9:fd:35:72:01:81:9e:39:8e:76:01:8d:
         6e:e0:07:e0:be:42:14:90:b9:8d:84:8e:f6:af:98:2b:52:19:
         26:b0:e3:34:87:83:88:85:9e:c0:67:f6:ad:fb:44:39:a1:75:
         f7:a4:66:af:c9:44:85:8a:f2:7a:ab:a2:4e:73:41:48:98:6f:
         e7:54:1d:ec:f6:66:83:40:19:a8:70:7d:e4:2d:e8:88:35:cd:
         d7:89:cb:c6:48:61:ac:c2:8b:b2:72:7a:07:b8:76:48:28:bf:
         79:14:30:43:d3:17:5d:c2:91:b9:d3:1e:c8:46:95:73:8a:2a:
         82:80:b5:29:2d:dd:cc:6f:af:74:f8:0b:7a:da:44:d8:54:a2:
         ca:2e:c6:51:d4:96:90:7a:d0:42:94:8b:5e:2a:80:4a:6f:a9:
         a4:41:ea:34:8e:73:76:2d:e7:cd:d7:bb:ef:ae:bd:03:e4:32:
         05:ef:6e:dc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUAk822uoTX//JfYJORHsm/icCxjAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjhaFw0yNTAyMjQwODUzMjhaMDMxMTAvBgNV
BAMTKDQyOEMwNUVBQzc5MzUzRkIyN0NEM0VFRTU4NDlCQjg3MzM4NzlBQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd3CJS8jUQPSYaKDGUHpQwpvg9
GPqWCLVAotPwzvaR9k3wlktG0DhIKhzkhdPAk4xGRuKwtrIrime/H73wl36C1f4i
snV6sQWmGlEWE/zcv6XSpCNKxmyeu5XYo62j3/nHcTFBwt+hQZNJFig0d0E0V/GI
iuOR5BPvxVxbJgdoBoXX3UAvBmtJp3Qg4NhRPb/f4vNk8ILcNUKuYbAD50oNo2KR
vWemVoW2Y4ZNn2CkGG3ScALF9juUM64DDfhDuK3kdbMbWY4N//AiaSK9Ef6VgmKg
hUTKIFcfq19P6Vxw9IwJP2xoRsmdaKcF1wmrF6Q23iEBgUJzPixYDmeSZF/rAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUQowF6seTU/snzT7uWEm7hzOHmrswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzEzOTMwMmUzMjM1
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABVvv0wDQYJKoZIhvcNAQELBQADggEBAAerdeBuEAM95GgGSSEr3SNt4Qm4xcKN
JmNvf+gsKwJvFAJ7FXhTnUvu/ZMSqqBzHWGZNfX4849OATpfo4kUwP2TXIYiAU5m
kLYOuwl0brn9NXIBgZ45jnYBjW7gB+C+QhSQuY2EjvavmCtSGSaw4zSHg4iFnsBn
9q37RDmhdfekZq/JRIWK8nqrok5zQUiYb+dUHez2ZoNAGahwfeQt6Ig1zdeJy8ZI
YazCi7Jyege4dkgov3kUMEPTF13CkbnTHshGlXOKKoKAtSkt3cxvr3T4C3raRNhU
osouxlHUlpB60EKUi14qgEpvqaRB6jSOc3Yt583Xu++uvQPkMgXvbtw=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:16 2024 by rpki-client on console-fra.rpki-client.org