Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3233392e3234302e302f32312d3332203d3e203430303231.roa
File:                     38352e3233392e3234302e302f32312d3332203d3e203430303231.roa (raw, json)
Hash identifier:          JOsfK+TDKOMCz5o8mDTLQrb3UgYPY2PHIdiDiQXf+Gw=
Subject key identifier:   EB:F2:5B:04:1E:4B:13:77:B1:CC:EA:35:F6:F8:E1:CB:55:A8:7A:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7C6C04972CAA3E6510E8E7F5E94AED5DF2977515
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3233392e3234302e302f32312d3332203d3e203430303231.roa
Signing time:             Mon 26 Feb 2024 08:52:59 +0000
ROA not before:           Mon 26 Feb 2024 08:47:59 +0000
ROA not after:            Mon 24 Feb 2025 08:52:59 +0000
asID:                     40021
IP address blocks:        85.239.240.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:6c:04:97:2c:aa:3e:65:10:e8:e7:f5:e9:4a:ed:5d:f2:97:75:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:47:59 2024 GMT
            Not After : Feb 24 08:52:59 2025 GMT
        Subject: CN=EBF25B041E4B1377B1CCEA35F6F8E1CB55A87ABA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f6:91:94:02:7c:a4:2b:ed:75:58:d6:3c:4b:
                    0c:a2:10:2b:39:aa:c3:ec:6d:69:27:49:2a:ac:02:
                    c2:ff:b4:56:85:03:18:7a:6e:38:9e:33:f2:5c:95:
                    1f:91:a6:9f:a8:ed:94:84:f4:54:44:e3:50:d4:ba:
                    bb:4c:05:77:a7:6f:90:56:4f:74:f7:bf:8a:d7:68:
                    1b:31:96:91:d3:80:5b:7d:26:fb:51:5b:2b:61:89:
                    8d:3f:3b:40:06:f2:a5:7a:31:8d:76:12:ea:3b:c3:
                    10:8f:f1:18:e4:87:d1:99:15:20:cb:2b:b1:ea:af:
                    ae:2e:7b:6e:1d:aa:d9:f5:83:69:44:e0:c4:46:74:
                    b6:49:f9:52:57:31:ef:87:d9:43:e3:f6:a0:c4:e5:
                    04:11:42:39:5c:b1:94:ac:ad:bd:8e:4e:5e:ac:b4:
                    e5:8f:72:f9:b9:1f:06:73:32:04:d9:42:be:51:a9:
                    51:da:4d:ba:50:29:07:73:ec:c9:93:d3:b6:f2:29:
                    a2:25:61:5c:3a:28:e1:7e:29:86:33:58:fc:74:2b:
                    ae:87:2c:d6:c1:d8:05:ba:1a:f9:3f:0d:8f:12:76:
                    7a:aa:2c:3e:57:c3:a7:e4:23:b0:5a:7f:ac:02:64:
                    41:6f:67:a8:e9:53:25:32:e1:dc:81:41:52:40:26:
                    b1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:F2:5B:04:1E:4B:13:77:B1:CC:EA:35:F6:F8:E1:CB:55:A8:7A:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3233392e3234302e302f32312d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0d:4a:8a:1f:ee:30:3c:0b:be:e6:ad:ec:06:43:80:08:b0:26:
         3e:01:05:8f:f6:4c:fc:61:4c:0e:e1:08:4d:32:54:c9:f8:69:
         c6:86:ac:35:cb:56:8c:a0:ff:17:5e:31:25:49:13:3c:53:b5:
         b4:7b:a7:7c:72:ad:59:9b:65:ec:74:90:03:49:87:9f:36:c9:
         80:16:ec:08:97:c3:c1:ff:20:bd:89:4c:54:5c:51:93:ef:9b:
         f4:b4:6f:b4:04:a6:27:0a:c7:4c:b5:7b:ca:8e:d6:36:b8:3e:
         2a:68:3f:f9:82:15:aa:d9:ae:8a:c4:24:25:74:13:60:3c:20:
         74:48:56:9b:cf:03:98:d0:83:44:b1:80:5f:c7:a8:71:3b:cd:
         e2:68:1d:a0:46:4a:7d:2f:41:d4:b3:6b:5f:97:4b:8f:d1:f4:
         6e:d1:60:49:6b:18:85:db:95:8d:b2:07:44:e1:3a:08:93:93:
         7f:a1:b0:e4:fb:17:60:28:bb:cc:8f:b4:4a:5c:1f:0f:68:01:
         54:96:af:68:c8:4d:7a:56:df:87:75:fb:0a:76:9f:42:e9:af:
         5e:e7:0b:38:5b:09:41:b6:77:8c:51:11:28:87:a7:bd:89:ed:
         19:66:3f:f4:99:d8:9f:fb:cb:03:08:88:0d:f5:7d:0c:db:b0:
         8e:5c:66:83
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUfGwElyyqPmUQ6Of16UrtXfKXdRUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ3NTlaFw0yNTAyMjQwODUyNTlaMDMxMTAvBgNV
BAMTKEVCRjI1QjA0MUU0QjEzNzdCMUNDRUEzNUY2RjhFMUNCNTVBODdBQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM9pGUAnykK+11WNY8SwyiECs5
qsPsbWknSSqsAsL/tFaFAxh6bjieM/JclR+Rpp+o7ZSE9FRE41DUurtMBXenb5BW
T3T3v4rXaBsxlpHTgFt9JvtRWythiY0/O0AG8qV6MY12Euo7wxCP8Rjkh9GZFSDL
K7Hqr64ue24dqtn1g2lE4MRGdLZJ+VJXMe+H2UPj9qDE5QQRQjlcsZSsrb2OTl6s
tOWPcvm5HwZzMgTZQr5RqVHaTbpQKQdz7MmT07byKaIlYVw6KOF+KYYzWPx0K66H
LNbB2AW6Gvk/DY8SdnqqLD5Xw6fkI7Baf6wCZEFvZ6jpUyUy4dyBQVJAJrHbAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU6/JbBB5LE3exzOo19vjhy1WoerowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMzM5MmUzMjM0
MzAyZTMwMmYzMjMxMmQzMzMyMjAzZDNlMjAzNDMwMzAzMjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD
Ve/wMA0GCSqGSIb3DQEBCwUAA4IBAQANSoof7jA8C77mrewGQ4AIsCY+AQWP9kz8
YUwO4QhNMlTJ+GnGhqw1y1aMoP8XXjElSRM8U7W0e6d8cq1Zm2XsdJADSYefNsmA
FuwIl8PB/yC9iUxUXFGT75v0tG+0BKYnCsdMtXvKjtY2uD4qaD/5ghWq2a6KxCQl
dBNgPCB0SFabzwOY0INEsYBfx6hxO83iaB2gRkp9L0HUs2tfl0uP0fRu0WBJaxiF
25WNsgdE4ToIk5N/obDk+xdgKLvMj7RKXB8PaAFUlq9oyE16Vt+HdfsKdp9C6a9e
5ws4WwlBtneMUREoh6e9ie0ZZj/0mdif+8sDCIgN9X0M27COXGaD
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:59 2024 by rpki-client on console-fra.rpki-client.org