Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa
File:                     322e35392e36322e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          DSrssF4mQ2FpkJ2bTT0rXZrpSPxbZ/p2NNnVGrB1zBA=
Subject key identifier:   E3:4F:7F:74:02:88:D9:B9:FB:90:E9:E4:D0:EA:13:66:6F:D8:6F:32
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       1AA91E86A32DA27E60D6DFEE28A8B53834C1E3CF
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa
Signing time:             Fri 22 Nov 2024 08:43:28 +0000
ROA not before:           Fri 22 Nov 2024 08:38:28 +0000
ROA not after:            Fri 21 Nov 2025 08:43:28 +0000
asID:                     63023
IP address blocks:        2.59.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 15:18:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:a9:1e:86:a3:2d:a2:7e:60:d6:df:ee:28:a8:b5:38:34:c1:e3:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Nov 22 08:38:28 2024 GMT
            Not After : Nov 21 08:43:28 2025 GMT
        Subject: CN=E34F7F740288D9B9FB90E9E4D0EA13666FD86F32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:90:cf:48:1d:8d:fa:80:67:99:2a:9f:d2:f2:
                    93:9a:b3:c3:93:68:43:66:5a:2b:ce:09:57:91:3c:
                    be:44:84:f3:43:4a:56:f7:f4:df:c7:5e:32:a6:93:
                    c9:dc:22:22:76:09:23:96:c0:85:72:fa:1f:a0:85:
                    5c:3f:56:1b:a8:39:da:6a:19:f1:85:88:cc:10:29:
                    0d:3e:70:18:e9:85:04:74:22:33:2f:0c:06:e8:be:
                    66:f9:ba:43:cd:a8:92:fb:1f:0d:e1:e4:d8:4f:70:
                    42:0a:bc:3d:af:bc:a7:2e:5f:04:f4:da:a9:7d:68:
                    24:11:cb:d2:8d:c0:6d:c1:55:8b:39:6a:02:f3:68:
                    b0:aa:57:ab:02:c3:b5:b4:38:de:ea:cc:f1:11:12:
                    95:9b:08:9a:c5:00:44:ba:18:76:38:50:68:a8:eb:
                    7d:71:b5:05:12:3c:f2:52:09:43:d4:d6:f2:f1:31:
                    1f:98:3e:4a:db:c9:e6:4e:94:06:65:c9:d1:dd:70:
                    40:fa:87:d5:4f:ec:b7:c7:5c:ff:54:6c:a2:cb:61:
                    af:35:9a:46:80:8a:4c:5c:3b:d8:40:d4:f2:27:fc:
                    db:44:13:d4:2b:ac:e0:6f:c9:30:7d:1b:4a:5f:99:
                    e2:bd:f4:27:64:b9:85:ee:44:03:03:e0:c8:9b:43:
                    eb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:4F:7F:74:02:88:D9:B9:FB:90:E9:E4:D0:EA:13:66:6F:D8:6F:32
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/322e35392e36322e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:22:05:2d:ce:98:de:0c:1a:7b:50:c2:02:99:4c:4e:f2:35:
         97:2f:d4:4d:ea:d4:e0:fb:f1:af:30:40:f4:99:59:3d:a1:ca:
         f0:11:04:81:dc:19:f7:b7:45:d4:44:6c:43:df:29:bc:39:11:
         49:ff:ef:b5:27:62:b9:52:ae:9c:e8:16:7e:df:5c:fb:3e:53:
         94:d1:b6:69:cc:d1:13:e7:95:e9:89:24:61:28:3d:05:65:a3:
         85:a1:72:54:53:f5:73:cd:20:fa:e7:99:27:d5:69:08:2f:3f:
         b4:01:ef:d3:1a:79:9e:00:94:6e:e0:6f:ce:77:8d:b5:19:c4:
         9b:4d:91:93:c7:56:de:98:ff:f7:12:a6:15:23:c6:34:6c:11:
         4b:98:c0:e0:53:ca:14:f0:de:d9:cf:04:27:7a:4b:7f:23:b9:
         7d:24:49:d1:bf:51:a0:4c:ba:7b:d3:a7:9a:02:64:3c:93:31:
         94:0b:ff:85:7a:03:d4:a2:11:7b:4d:c2:ce:d1:66:0c:f8:32:
         61:18:08:c9:31:db:9e:56:78:92:f7:ec:fb:5c:95:8f:0a:c4:
         d8:6a:b4:8e:85:2d:24:0e:88:da:58:9b:db:12:2c:34:4f:d1:
         11:0c:25:ba:ec:c8:17:86:3a:9b:7f:e3:e7:b0:86:7a:86:cc:
         cb:4d:3e:99
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUGqkehqMton5g1t/uKKi1ODTB488wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNDExMjIwODM4MjhaFw0yNTExMjEwODQzMjhaMDMxMTAvBgNV
BAMTKEUzNEY3Rjc0MDI4OEQ5QjlGQjkwRTlFNEQwRUExMzY2NkZEODZGMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKkM9IHY36gGeZKp/S8pOas8OT
aENmWivOCVeRPL5EhPNDSlb39N/HXjKmk8ncIiJ2CSOWwIVy+h+ghVw/VhuoOdpq
GfGFiMwQKQ0+cBjphQR0IjMvDAbovmb5ukPNqJL7Hw3h5NhPcEIKvD2vvKcuXwT0
2ql9aCQRy9KNwG3BVYs5agLzaLCqV6sCw7W0ON7qzPEREpWbCJrFAES6GHY4UGio
631xtQUSPPJSCUPU1vLxMR+YPkrbyeZOlAZlydHdcED6h9VP7LfHXP9UbKLLYa81
mkaAikxcO9hA1PIn/NtEE9QrrOBvyTB9G0pfmeK99CdkuYXuRAMD4MibQ+vvAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU409/dAKI2bn7kOnk0OoTZm/YbzIwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzIyZTM1MzkyZTM2MzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjs+MA0G
CSqGSIb3DQEBCwUAA4IBAQCjIgUtzpjeDBp7UMICmUxO8jWXL9RN6tTg+/GvMED0
mVk9ocrwEQSB3Bn3t0XURGxD3ym8ORFJ/++1J2K5Uq6c6BZ+31z7PlOU0bZpzNET
55XpiSRhKD0FZaOFoXJUU/VzzSD655kn1WkILz+0Ae/TGnmeAJRu4G/Od421GcSb
TZGTx1bemP/3EqYVI8Y0bBFLmMDgU8oU8N7ZzwQnekt/I7l9JEnRv1GgTLp706ea
AmQ8kzGUC/+FegPUohF7TcLO0WYM+DJhGAjJMdueVniS9+z7XJWPCsTYarSOhS0k
DojaWJvbEiw0T9ERDCW67MgXhjqbf+PnsIZ6hszLTT6Z
-----END CERTIFICATE-----
Generated at Mon Dec 9 22:08:42 2024 by rpki-client on console-fra.rpki-client.org