Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20313337323335.roa
File:                     3139352e3139312e34392e302f32342d3234203d3e20313337323335.roa (raw, json)
Hash identifier:          kJhH0vqYZkg5DzM5Pl/a0l5Kw1f8OmOrtk6aMG31fmc=
Subject key identifier:   9B:FA:45:F1:D5:1E:51:E3:20:45:3F:C0:35:70:FA:A0:EA:EB:18:5B
Certificate issuer:       /CN=ac428c8eed241857f73d0f3d483abecb240519d0
Certificate serial:       252A840346FB42590E2C133548C8A7752826C1E6
Authority key identifier: AC:42:8C:8E:ED:24:18:57:F7:3D:0F:3D:48:3A:BE:CB:24:05:19:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20313337323335.roa
Signing time:             Wed 21 Aug 2024 06:20:19 +0000
ROA not before:           Wed 21 Aug 2024 06:15:19 +0000
ROA not after:            Wed 20 Aug 2025 06:20:19 +0000
asID:                     137235
IP address blocks:        195.191.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 19:58:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:2a:84:03:46:fb:42:59:0e:2c:13:35:48:c8:a7:75:28:26:c1:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac428c8eed241857f73d0f3d483abecb240519d0
        Validity
            Not Before: Aug 21 06:15:19 2024 GMT
            Not After : Aug 20 06:20:19 2025 GMT
        Subject: CN=9BFA45F1D51E51E320453FC03570FAA0EAEB185B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:96:4a:9f:88:8a:9a:5d:9f:18:fb:52:62:a0:
                    50:b3:91:9e:76:ac:c4:93:84:ae:5d:56:67:2d:e9:
                    9e:bf:6f:cc:8c:66:53:ea:a7:5a:b7:69:f1:72:07:
                    a4:fd:a8:dd:3a:c1:b5:72:25:80:70:6d:81:be:be:
                    32:bb:d8:cc:67:1c:3d:53:4e:61:fa:f1:61:60:80:
                    f7:e8:61:42:a0:b6:ae:56:32:77:9d:67:aa:c6:26:
                    70:ac:bf:e9:52:85:be:55:3e:e6:04:25:44:6b:ff:
                    d2:b1:66:c1:5a:40:86:38:13:db:b3:47:c2:59:02:
                    da:4e:5c:fb:f3:de:b4:d6:93:86:9e:49:a8:93:57:
                    31:25:2d:5e:54:fa:f1:ed:4a:5a:b9:84:22:d6:aa:
                    0d:5e:73:97:95:30:70:ed:6e:10:d8:07:39:2d:ca:
                    f7:18:40:10:20:0e:66:dd:89:fc:98:59:86:76:8c:
                    57:49:5f:4a:2d:7f:ea:44:4b:13:ff:e1:72:5e:d8:
                    52:f5:0b:3c:f6:87:2e:da:6d:4b:79:5d:0b:a7:21:
                    a2:75:24:25:a7:0b:a7:09:db:25:70:38:85:e5:fe:
                    a8:96:12:9b:1a:2b:07:98:9b:c4:6d:04:21:67:e3:
                    44:08:42:89:fc:ff:e0:92:5f:c7:7d:91:9a:01:e1:
                    18:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:FA:45:F1:D5:1E:51:E3:20:45:3F:C0:35:70:FA:A0:EA:EB:18:5B
            X509v3 Authority Key Identifier:
                keyid:AC:42:8C:8E:ED:24:18:57:F7:3D:0F:3D:48:3A:BE:CB:24:05:19:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20313337323335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:8f:55:ec:5d:ed:0e:26:2a:cb:82:87:40:fa:39:b1:16:eb:
         df:e4:ce:88:6e:36:f5:9d:71:e0:68:70:13:67:e2:8c:8b:d3:
         5b:ba:98:b0:32:d5:ed:6a:b3:b2:21:f3:5f:28:e7:b8:2a:0a:
         6e:da:5b:2d:98:fc:f3:25:49:21:6f:0a:c0:54:52:6d:df:36:
         5e:ec:d8:78:73:09:92:6e:c0:12:00:3e:d6:90:0f:75:00:66:
         5b:ac:17:c6:ce:23:f4:02:48:a6:06:b8:3c:b4:e6:6c:c7:92:
         3c:f4:d1:6e:3d:9e:0c:87:68:8a:4a:42:4b:c3:42:64:53:09:
         0b:4c:fd:66:6b:a4:a3:2c:55:88:31:4a:40:a2:cb:07:5d:ad:
         0a:da:11:cb:15:85:a6:c0:cf:69:f2:a5:42:77:cf:e5:fa:10:
         6d:9d:d2:23:dc:60:f4:17:1c:6a:28:29:1f:e9:6d:fb:07:6c:
         d3:07:cf:54:0c:44:fb:f0:ae:44:03:f2:6e:2d:73:8a:e1:5f:
         50:ad:86:fd:d9:8e:3c:9f:a6:31:fe:ab:70:da:3e:dd:31:90:
         c0:99:d2:ba:53:86:5a:ab:ce:df:a1:0f:ad:17:cb:70:bf:93:
         68:41:3c:14:f7:de:fa:ca:2a:c6:ca:d9:74:66:8a:b4:ad:2d:
         ee:2a:62:31
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUJSqEA0b7QlkOLBM1SMindSgmweYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWM0MjhjOGVlZDI0MTg1N2Y3M2QwZjNkNDgzYWJlY2Iy
NDA1MTlkMDAeFw0yNDA4MjEwNjE1MTlaFw0yNTA4MjAwNjIwMTlaMDMxMTAvBgNV
BAMTKDlCRkE0NUYxRDUxRTUxRTMyMDQ1M0ZDMDM1NzBGQUEwRUFFQjE4NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4lkqfiIqaXZ8Y+1JioFCzkZ52
rMSThK5dVmct6Z6/b8yMZlPqp1q3afFyB6T9qN06wbVyJYBwbYG+vjK72MxnHD1T
TmH68WFggPfoYUKgtq5WMnedZ6rGJnCsv+lShb5VPuYEJURr/9KxZsFaQIY4E9uz
R8JZAtpOXPvz3rTWk4aeSaiTVzElLV5U+vHtSlq5hCLWqg1ec5eVMHDtbhDYBzkt
yvcYQBAgDmbdifyYWYZ2jFdJX0otf+pESxP/4XJe2FL1Czz2hy7abUt5XQunIaJ1
JCWnC6cJ2yVwOIXl/qiWEpsaKweYm8RtBCFn40QIQon8/+CSX8d9kZoB4Rg1AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUm/pF8dUeUeMgRT/ANXD6oOrrGFswHwYDVR0j
BBgwFoAUrEKMju0kGFf3PQ89SDq+yyQFGdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTMwOWJkY2UtNzBlMy00NmFlLThmMDUtMGMzYWRhOGY4
YTQyLzAvQUM0MjhDOEVFRDI0MTg1N0Y3M0QwRjNENDgzQUJFQ0IyNDA1MTlEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JFS01qdTBrR0ZmM1BRODlTRHEteXlR
RkdkQS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTMwOWJkY2Ut
NzBlMy00NmFlLThmMDUtMGMzYWRhOGY4YTQyLzAvMzEzOTM1MmUzMTM5MzEyZTM0
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzczMjMzMzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADDvzEwDQYJKoZIhvcNAQELBQADggEBAAKPVexd7Q4mKsuCh0D6ObEW69/kzohu
NvWdceBocBNn4oyL01u6mLAy1e1qs7Ih818o57gqCm7aWy2Y/PMlSSFvCsBUUm3f
Nl7s2HhzCZJuwBIAPtaQD3UAZlusF8bOI/QCSKYGuDy05mzHkjz00W49ngyHaIpK
QkvDQmRTCQtM/WZrpKMsVYgxSkCiywddrQraEcsVhabAz2nypUJ3z+X6EG2d0iPc
YPQXHGooKR/pbfsHbNMHz1QMRPvwrkQD8m4tc4rhX1Cthv3ZjjyfpjH+q3DaPt0x
kMCZ0rpThlqrzt+hD60Xy3C/k2hBPBT33vrKKsbK2XRmirStLe4qYjE=
-----END CERTIFICATE-----
Generated at Tue Nov 5 02:48:33 2024 by rpki-client on console-ams.rpki-client.org