Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/5/3139322e36372e33352e302f32342d3332203d3e203437323732.roa
File:                     3139322e36372e33352e302f32342d3332203d3e203437323732.roa (raw, json)
Hash identifier:          bXJfPCwpbnlLpcmE8lmUOlAlCpmh1jaVIU7iW2EZink=
Subject key identifier:   09:C8:78:D3:F8:38:28:80:47:F7:28:81:FD:52:49:E0:80:DC:F8:AE
Certificate issuer:       /CN=A9362D4E85AC589FD5EAF1AFB38B36251868267D
Certificate serial:       3D23E8D2450A876D653C76D2EE808F9A510B2F09
Authority key identifier: A9:36:2D:4E:85:AC:58:9F:D5:EA:F1:AF:B3:8B:36:25:18:68:26:7D
Authority info access:    rsync://krill.accuristechnologies.ca/repo/Accuris-Technologies/0/A9362D4E85AC589FD5EAF1AFB38B36251868267D.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/5/3139322e36372e33352e302f32342d3332203d3e203437323732.roa
Signing time:             Tue 09 Jul 2024 23:42:58 +0000
ROA not before:           Tue 09 Jul 2024 23:37:58 +0000
ROA not after:            Tue 08 Jul 2025 23:42:58 +0000
asID:                     47272
IP address blocks:        192.67.35.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/5/A9362D4E85AC589FD5EAF1AFB38B36251868267D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/5/A9362D4E85AC589FD5EAF1AFB38B36251868267D.mft
                          rsync://krill.accuristechnologies.ca/repo/Accuris-Technologies/0/A9362D4E85AC589FD5EAF1AFB38B36251868267D.cer
                          rsync://krill.accuristechnologies.ca/repo/Accuris-Technologies/0/8B83C5DA03B3CC029D95215A01320597814B38F0.crl
                          rsync://krill.accuristechnologies.ca/repo/Accuris-Technologies/0/8B83C5DA03B3CC029D95215A01320597814B38F0.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/63f5ee71-32bc-44e4-a1cd-1226ea3c4797/7afaf1c1b77eeda1a3a2ebada4b4dac89acbf38b3df75d3ce9.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/63f5ee71-32bc-44e4-a1cd-1226ea3c4797/63f5ee71-32bc-44e4-a1cd-1226ea3c4797.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/63f5ee71-32bc-44e4-a1cd-1226ea3c4797/63f5ee71-32bc-44e4-a1cd-1226ea3c4797.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/63f5ee71-32bc-44e4-a1cd-1226ea3c4797.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Nov 2024 11:28:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:23:e8:d2:45:0a:87:6d:65:3c:76:d2:ee:80:8f:9a:51:0b:2f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9362D4E85AC589FD5EAF1AFB38B36251868267D
        Validity
            Not Before: Jul  9 23:37:58 2024 GMT
            Not After : Jul  8 23:42:58 2025 GMT
        Subject: CN=09C878D3F838288047F72881FD5249E080DCF8AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e7:1c:8e:f0:1a:28:11:5a:7d:70:32:81:47:
                    47:8a:b0:57:bb:59:8d:f8:49:e4:36:ed:97:69:77:
                    17:e4:35:21:70:70:d4:14:fc:6f:11:8e:5b:8f:ed:
                    91:b9:d4:94:e9:c3:23:63:48:1b:24:f6:01:68:f5:
                    89:d0:1f:67:5d:5e:4c:58:9f:92:06:37:d9:56:50:
                    32:ba:b2:3e:46:92:fc:34:1f:7d:00:31:2c:63:c7:
                    55:98:dd:a9:bc:de:e6:cc:8f:16:e3:1c:a9:41:c6:
                    8d:e2:ac:cb:75:a6:2c:f7:79:cb:19:11:27:35:85:
                    bf:28:ad:08:e8:b4:12:0f:b3:6d:7a:40:0d:24:cd:
                    a0:a9:a6:71:2f:7c:ac:5b:f2:73:a2:22:9c:ef:9b:
                    0a:89:a1:2b:87:c7:19:d0:07:c9:ca:37:e0:5a:4a:
                    a6:49:1e:80:c8:6b:ff:d6:e6:82:8c:1c:4f:2a:6d:
                    c5:50:cc:95:63:ff:71:7f:14:cc:00:7c:75:6d:71:
                    4d:49:26:40:7d:92:e3:0a:90:05:6f:c0:ee:28:15:
                    3b:ca:7c:02:7e:7b:e7:a0:b4:00:c6:82:8e:c5:79:
                    cd:e3:bb:a6:1b:a5:b9:7c:54:c3:f1:50:a2:62:c5:
                    b1:0b:46:a4:77:17:4f:cd:f5:4c:79:90:e7:11:4f:
                    3a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C8:78:D3:F8:38:28:80:47:F7:28:81:FD:52:49:E0:80:DC:F8:AE
            X509v3 Authority Key Identifier:
                keyid:A9:36:2D:4E:85:AC:58:9F:D5:EA:F1:AF:B3:8B:36:25:18:68:26:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/5/A9362D4E85AC589FD5EAF1AFB38B36251868267D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://krill.accuristechnologies.ca/repo/Accuris-Technologies/0/A9362D4E85AC589FD5EAF1AFB38B36251868267D.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/5/3139322e36372e33352e302f32342d3332203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.67.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:da:1a:f6:b7:98:46:91:0a:14:23:4a:63:19:9a:3c:a3:ff:
         e2:9b:5f:83:0c:bc:6d:1f:aa:b5:9d:7c:44:d1:6d:0e:81:11:
         e0:ff:e8:1e:81:5e:06:59:47:21:56:49:74:9e:b0:6a:d9:e2:
         63:69:50:78:e9:3c:e6:82:1c:c0:53:70:c6:b9:64:5e:a0:f5:
         5f:4f:e6:58:34:a8:24:ba:a8:02:ad:9e:c4:8e:20:1c:d7:c6:
         e7:a6:96:2d:86:c1:61:78:7d:78:9b:06:74:df:91:0f:1c:bc:
         af:1b:8c:0e:50:2d:3e:28:e8:84:78:82:ea:f3:31:2f:51:8c:
         cd:d4:78:a5:9e:e5:a5:3d:98:63:7a:f8:4c:b9:43:6a:75:77:
         63:f5:9f:1c:8c:b7:a7:b0:7c:36:33:68:01:3f:73:fa:d7:6d:
         a0:ca:3d:99:b2:53:76:b4:84:a4:18:7e:0a:28:bc:84:b9:fa:
         16:95:ab:1c:99:32:84:19:7f:bf:e8:a6:ec:7f:a9:7b:d9:26:
         d9:ed:a1:90:22:eb:1f:a5:e6:9f:b4:de:9b:75:64:c2:d3:fe:
         73:08:96:ae:48:79:22:b3:3d:ab:0c:3f:b4:67:49:67:d3:6c:
         3e:27:7a:37:a1:11:f1:82:bd:45:4b:ed:ba:61:f4:b3:ad:10:
         09:cd:d1:19
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgIUPSPo0kUKh21lPHbS7oCPmlELLwkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTkzNjJENEU4NUFDNTg5RkQ1RUFGMUFGQjM4QjM2MjUx
ODY4MjY3RDAeFw0yNDA3MDkyMzM3NThaFw0yNTA3MDgyMzQyNThaMDMxMTAvBgNV
BAMTKDA5Qzg3OEQzRjgzODI4ODA0N0Y3Mjg4MUZENTI0OUUwODBEQ0Y4QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw5xyO8BooEVp9cDKBR0eKsFe7
WY34SeQ27ZdpdxfkNSFwcNQU/G8RjluP7ZG51JTpwyNjSBsk9gFo9YnQH2ddXkxY
n5IGN9lWUDK6sj5Gkvw0H30AMSxjx1WY3am83ubMjxbjHKlBxo3irMt1piz3ecsZ
ESc1hb8orQjotBIPs216QA0kzaCppnEvfKxb8nOiIpzvmwqJoSuHxxnQB8nKN+Ba
SqZJHoDIa//W5oKMHE8qbcVQzJVj/3F/FMwAfHVtcU1JJkB9kuMKkAVvwO4oFTvK
fAJ+e+egtADGgo7Fec3ju6Ybpbl8VMPxUKJixbELRqR3F0/N9Ux5kOcRTzpTAgMB
AAGjggJhMIICXTAdBgNVHQ4EFgQUCch40/g4KIBH9yiB/VJJ4IDc+K4wHwYDVR0j
BBgwFoAUqTYtToWsWJ/V6vGvs4s2JRhoJn0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzUvQTkzNjJENEU4NUFDNTg5RkQ1RUFGMUFGQjM4QjM2MjUxODY4MjY3RC5j
cmwwgYkGCCsGAQUFBwEBBH0wezB5BggrBgEFBQcwAoZtcnN5bmM6Ly9rcmlsbC5h
Y2N1cmlzdGVjaG5vbG9naWVzLmNhL3JlcG8vQWNjdXJpcy1UZWNobm9sb2dpZXMv
MC9BOTM2MkQ0RTg1QUM1ODlGRDVFQUYxQUZCMzhCMzYyNTE4NjgyNjdELmNlcjCB
qwYIKwYBBQUHAQsEgZ4wgZswgZgGCCsGAQUFBzALhoGLcnN5bmM6Ly9yc3luYy5w
YWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8zMjUzZDk3My1kNWJmLTQ1NDEt
YmNjMS0yNzY1NDNhMjVjN2QvNS8zMTM5MzIyZTM2MzcyZTMzMzUyZTMwMmYzMjM0
MmQzMzMyMjAzZDNlMjAzNDM3MzIzNzMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEMjMA0GCSqGSIb3
DQEBCwUAA4IBAQDD2hr2t5hGkQoUI0pjGZo8o//im1+DDLxtH6q1nXxE0W0OgRHg
/+gegV4GWUchVkl0nrBq2eJjaVB46TzmghzAU3DGuWReoPVfT+ZYNKgkuqgCrZ7E
jiAc18bnppYthsFheH14mwZ035EPHLyvG4wOUC0+KOiEeILq8zEvUYzN1HilnuWl
PZhjevhMuUNqdXdj9Z8cjLensHw2M2gBP3P6122gyj2ZslN2tISkGH4KKLyEufoW
lascmTKEGX+/6Kbsf6l72SbZ7aGQIusfpeaftN6bdWTC0/5zCJauSHkisz2rDD+0
Z0ln02w+J3o3oRHxgr1FS+26YfSzrRAJzdEZ
-----END CERTIFICATE-----