Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e322e302f32332d3233203d3e203135343139.roa
File:                     38392e3131362e322e302f32332d3233203d3e203135343139.roa (raw, json)
Hash identifier:          yJ3jgTP5ms7vVZ9OOIspuE+dSGOdGl3B8e0eCPkkuvo=
Subject key identifier:   B2:3B:ED:03:FD:0D:48:A8:D9:90:5D:44:F8:0F:B5:7C:61:81:96:F0
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       5028D11E85907DD86FB5D83079D6B827E572E7DE
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e322e302f32332d3233203d3e203135343139.roa
Signing time:             Fri 07 Jun 2024 09:01:53 +0000
ROA not before:           Fri 07 Jun 2024 08:56:53 +0000
ROA not after:            Fri 06 Jun 2025 09:01:53 +0000
asID:                     15419
IP address blocks:        89.116.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:28:d1:1e:85:90:7d:d8:6f:b5:d8:30:79:d6:b8:27:e5:72:e7:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Jun  7 08:56:53 2024 GMT
            Not After : Jun  6 09:01:53 2025 GMT
        Subject: CN=B23BED03FD0D48A8D9905D44F80FB57C618196F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cb:7e:49:b0:7f:f4:b6:42:fd:75:44:d2:88:
                    76:59:c7:68:1f:e2:08:d2:5d:40:79:7a:e3:52:a5:
                    34:6a:94:ab:7a:b2:fd:ff:72:37:52:25:7a:a6:36:
                    59:9b:d7:f8:41:2c:65:82:54:4d:66:4f:c7:38:1f:
                    4e:68:c6:7f:05:8f:bf:72:0f:6b:c8:e5:5f:f0:e0:
                    88:b5:3d:04:53:92:25:87:87:6b:9f:28:7d:90:c1:
                    00:cd:95:f3:43:06:61:fc:45:84:ae:dd:d4:87:14:
                    75:90:fe:aa:45:ae:9a:30:00:cf:85:71:f4:f9:c1:
                    cc:64:c1:d6:33:a4:b3:79:d4:66:28:98:da:8a:4e:
                    7f:4c:3b:4b:1b:3f:35:51:5a:f5:d8:1c:26:17:c3:
                    d0:db:03:58:b4:15:28:53:68:84:b4:04:50:d7:8b:
                    0c:90:fa:54:c2:d9:04:39:19:21:2a:b8:8c:84:22:
                    a6:e2:49:b7:45:b1:3b:16:48:e7:1d:33:1e:cf:ac:
                    d1:94:5d:c8:07:49:40:18:f6:d2:37:f2:50:d7:a8:
                    f0:af:84:f9:6a:c9:5b:bf:cb:28:62:d5:19:c3:75:
                    99:7b:f1:07:30:a1:98:48:7d:a7:04:18:84:b4:d4:
                    ac:69:aa:76:e8:44:e1:a0:da:8a:5c:a6:10:42:5f:
                    2d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:3B:ED:03:FD:0D:48:A8:D9:90:5D:44:F8:0F:B5:7C:61:81:96:F0
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e322e302f32332d3233203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:83:c1:7f:36:33:01:5e:bc:f3:e5:8e:a7:af:1d:44:d7:6b:
         6a:4d:8f:3b:ad:a8:d7:08:ad:f6:c2:69:4c:17:10:b1:04:a8:
         a4:e1:c2:bd:a3:76:62:73:cf:21:d7:6e:6a:4e:f5:ec:33:bb:
         31:95:46:e1:6e:4c:51:2a:09:42:ad:fa:75:6d:4b:f4:a9:43:
         d7:56:26:91:cc:91:e3:80:17:7f:0a:fe:c0:4f:82:e9:04:51:
         58:e5:54:74:e2:97:58:b7:4d:f4:63:8d:6b:64:f5:22:41:ae:
         e8:da:cc:be:73:4a:da:2e:a2:0a:5e:21:1a:9c:d9:b3:c0:3e:
         3b:3c:ff:ef:36:3e:69:16:99:21:92:39:88:4d:a2:7d:67:19:
         be:2c:36:fe:a2:2e:5c:07:81:34:e8:4d:e0:36:13:5e:bc:21:
         74:60:c4:93:e3:d8:76:b7:e4:fc:64:cc:a2:bd:6d:9f:d6:13:
         b0:06:25:71:99:7d:17:d4:88:fd:1b:a0:ea:e3:1f:41:94:38:
         a0:54:83:9a:cc:69:d6:64:b4:62:03:de:62:4a:9a:4d:78:99:
         43:53:a1:9c:10:0e:33:e6:93:fc:c6:f2:60:06:d2:ff:4d:14:
         4a:07:a2:8d:15:27:9b:1e:1d:a0:b9:6e:6a:52:48:16:3d:43:
         ac:3c:72:b0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUCjRHoWQfdhvtdgweda4J+Vy594wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNDA2MDcwODU2NTNaFw0yNTA2MDYwOTAxNTNaMDMxMTAvBgNV
BAMTKEIyM0JFRDAzRkQwRDQ4QThEOTkwNUQ0NEY4MEZCNTdDNjE4MTk2RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCky35JsH/0tkL9dUTSiHZZx2gf
4gjSXUB5euNSpTRqlKt6sv3/cjdSJXqmNlmb1/hBLGWCVE1mT8c4H05oxn8Fj79y
D2vI5V/w4Ii1PQRTkiWHh2ufKH2QwQDNlfNDBmH8RYSu3dSHFHWQ/qpFrpowAM+F
cfT5wcxkwdYzpLN51GYomNqKTn9MO0sbPzVRWvXYHCYXw9DbA1i0FShTaIS0BFDX
iwyQ+lTC2QQ5GSEquIyEIqbiSbdFsTsWSOcdMx7PrNGUXcgHSUAY9tI38lDXqPCv
hPlqyVu/yyhi1RnDdZl78QcwoZhIfacEGIS01KxpqnboROGg2opcphBCXy2NAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUsjvtA/0NSKjZkF1E+A+1fGGBlvAwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMjJl
MzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMxMzUzNDMxMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFZdAIw
DQYJKoZIhvcNAQELBQADggEBAAuDwX82MwFevPPljqevHUTXa2pNjzutqNcIrfbC
aUwXELEEqKThwr2jdmJzzyHXbmpO9ewzuzGVRuFuTFEqCUKt+nVtS/SpQ9dWJpHM
keOAF38K/sBPgukEUVjlVHTil1i3TfRjjWtk9SJBrujazL5zStouogpeIRqc2bPA
Pjs8/+82PmkWmSGSOYhNon1nGb4sNv6iLlwHgTToTeA2E168IXRgxJPj2Ha35Pxk
zKK9bZ/WE7AGJXGZfRfUiP0boOrjH0GUOKBUg5rMadZktGID3mJKmk14mUNToZwQ
DjPmk/zG8mAG0v9NFEoHoo0VJ5seHaC5bmpSSBY9Q6w8crA=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:24:34 2024 by rpki-client on console-fra.rpki-client.org