Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20383334.roa
File:                     3139352e3139312e34392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          0bvKjkKRqwfCik5JsxeWrE4eu0d+1AWkqsAc5FjxYsA=
Subject key identifier:   FE:D8:E9:8C:14:9E:29:E3:D3:A5:A1:81:1C:46:8F:E5:D3:DC:61:49
Certificate issuer:       /CN=ac428c8eed241857f73d0f3d483abecb240519d0
Certificate serial:       5D6C5375500F85F225D698FA659D9C51D1993FB8
Authority key identifier: AC:42:8C:8E:ED:24:18:57:F7:3D:0F:3D:48:3A:BE:CB:24:05:19:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 19 Apr 2024 00:03:39 +0000
ROA not before:           Thu 18 Apr 2024 23:58:39 +0000
ROA not after:            Fri 18 Apr 2025 00:03:39 +0000
asID:                     834
IP address blocks:        195.191.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:6c:53:75:50:0f:85:f2:25:d6:98:fa:65:9d:9c:51:d1:99:3f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac428c8eed241857f73d0f3d483abecb240519d0
        Validity
            Not Before: Apr 18 23:58:39 2024 GMT
            Not After : Apr 18 00:03:39 2025 GMT
        Subject: CN=FED8E98C149E29E3D3A5A1811C468FE5D3DC6149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e1:00:fe:f5:65:81:fd:bf:32:32:b5:e7:d0:
                    67:10:7a:be:c3:55:f7:02:87:9e:79:44:07:14:8f:
                    5c:50:06:1b:80:9b:96:e5:51:1e:c8:f8:82:a5:d5:
                    bb:8d:e1:5c:1b:90:5c:0a:68:27:80:a9:5f:58:c2:
                    a7:4a:cb:13:21:a3:7c:78:6f:70:bf:a0:64:61:33:
                    ba:82:7b:5a:26:74:1e:0f:ff:16:82:23:ab:78:be:
                    0e:3e:41:04:76:44:51:03:43:8e:4d:09:ee:de:02:
                    51:cf:7b:40:61:67:68:d8:45:5b:1b:3f:97:00:c9:
                    1e:66:91:8f:a4:16:2e:e3:34:22:c9:79:e7:10:9d:
                    8f:d7:77:e1:e1:76:f3:03:15:cf:d9:9d:ad:22:9f:
                    5e:5a:d7:80:38:6d:f7:ad:6c:3f:20:3a:08:19:ed:
                    86:d4:1b:71:d3:f6:52:02:20:b0:4d:fc:6d:e2:d1:
                    52:9e:d5:b2:da:b7:e3:90:bb:d3:eb:3c:82:40:e3:
                    cf:3f:85:23:06:3a:f4:a5:30:9e:60:fc:25:f2:25:
                    58:b3:20:4f:c9:0e:16:a8:55:3f:01:9c:39:2d:a0:
                    36:b5:bd:5d:a4:50:b8:88:48:ce:54:fe:67:5a:92:
                    51:d0:65:a1:9c:3d:60:13:03:cc:22:76:a2:75:77:
                    f6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D8:E9:8C:14:9E:29:E3:D3:A5:A1:81:1C:46:8F:E5:D3:DC:61:49
            X509v3 Authority Key Identifier:
                keyid:AC:42:8C:8E:ED:24:18:57:F7:3D:0F:3D:48:3A:BE:CB:24:05:19:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:cd:f5:94:7f:d1:7d:60:b9:9d:82:19:0e:b7:6f:2c:f5:23:
         7a:8c:f7:59:f2:f3:85:61:b1:fb:ec:15:11:3e:1a:2a:0c:a7:
         1e:49:ed:9d:a3:36:e6:17:92:cc:bc:63:4f:b2:d4:f5:ae:2b:
         10:af:e1:37:e6:64:30:5e:80:63:d5:95:2c:0b:aa:7c:11:4b:
         be:c5:75:34:7b:f0:22:8d:05:7c:dc:93:0c:91:97:6b:c2:74:
         b9:db:0b:c4:f7:29:02:44:02:48:d4:28:53:23:6f:2a:69:86:
         1b:10:dd:eb:5c:08:60:ff:13:23:8c:a0:32:9f:48:47:79:1b:
         5d:a1:b7:6f:84:a5:d4:6b:64:11:dd:a2:79:d1:f8:61:50:51:
         15:99:7f:cb:30:3b:cb:0f:57:a7:5c:59:c7:d5:7d:d1:ec:66:
         c6:75:bc:19:c0:b5:89:12:f6:a6:4a:11:3d:42:6d:1c:0b:89:
         8b:7d:5b:30:89:5f:81:ca:e2:78:c1:ae:8b:e2:a9:92:da:8f:
         b8:b4:af:92:9f:22:e6:9c:1a:23:c3:91:46:89:41:93:fe:78:
         71:bb:00:df:06:56:a0:40:79:04:d0:c7:e5:ee:5a:17:17:83:
         cd:f1:7c:a3:09:f4:57:92:c1:70:48:0a:87:1d:64:fd:84:96:
         28:a9:c0:fa
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXWxTdVAPhfIl1pj6ZZ2cUdGZP7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWM0MjhjOGVlZDI0MTg1N2Y3M2QwZjNkNDgzYWJlY2Iy
NDA1MTlkMDAeFw0yNDA0MTgyMzU4MzlaFw0yNTA0MTgwMDAzMzlaMDMxMTAvBgNV
BAMTKEZFRDhFOThDMTQ5RTI5RTNEM0E1QTE4MTFDNDY4RkU1RDNEQzYxNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh4QD+9WWB/b8yMrXn0GcQer7D
VfcCh555RAcUj1xQBhuAm5blUR7I+IKl1buN4VwbkFwKaCeAqV9YwqdKyxMho3x4
b3C/oGRhM7qCe1omdB4P/xaCI6t4vg4+QQR2RFEDQ45NCe7eAlHPe0BhZ2jYRVsb
P5cAyR5mkY+kFi7jNCLJeecQnY/Xd+HhdvMDFc/Zna0in15a14A4bfetbD8gOggZ
7YbUG3HT9lICILBN/G3i0VKe1bLat+OQu9PrPIJA488/hSMGOvSlMJ5g/CXyJViz
IE/JDhaoVT8BnDktoDa1vV2kULiISM5U/mdaklHQZaGcPWATA8widqJ1d/bpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU/tjpjBSeKePTpaGBHEaP5dPcYUkwHwYDVR0j
BBgwFoAUrEKMju0kGFf3PQ89SDq+yyQFGdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTMwOWJkY2UtNzBlMy00NmFlLThmMDUtMGMzYWRhOGY4
YTQyLzAvQUM0MjhDOEVFRDI0MTg1N0Y3M0QwRjNENDgzQUJFQ0IyNDA1MTlEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JFS01qdTBrR0ZmM1BRODlTRHEteXlR
RkdkQS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTMwOWJkY2Ut
NzBlMy00NmFlLThmMDUtMGMzYWRhOGY4YTQyLzAvMzEzOTM1MmUzMTM5MzEyZTM0
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDvzEw
DQYJKoZIhvcNAQELBQADggEBAGfN9ZR/0X1guZ2CGQ63byz1I3qM91ny84Vhsfvs
FRE+GioMpx5J7Z2jNuYXksy8Y0+y1PWuKxCv4TfmZDBegGPVlSwLqnwRS77FdTR7
8CKNBXzckwyRl2vCdLnbC8T3KQJEAkjUKFMjbypphhsQ3etcCGD/EyOMoDKfSEd5
G12ht2+EpdRrZBHdonnR+GFQURWZf8swO8sPV6dcWcfVfdHsZsZ1vBnAtYkS9qZK
ET1CbRwLiYt9WzCJX4HK4njBroviqZLaj7i0r5KfIuacGiPDkUaJQZP+eHG7AN8G
VqBAeQTQx+XuWhcXg83xfKMJ9FeSwXBICocdZP2EliipwPo=
-----END CERTIFICATE-----