Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e3135302e3230352e302f32342d3234203d3e20333939363431.roa
File:                     3139342e3135302e3230352e302f32342d3234203d3e20333939363431.roa (raw, json)
Hash identifier:          snF4WJKlzwdnmGi9ywILFvWW4hfXqlMHf2VQzcK78dw=
Subject key identifier:   21:80:8F:EF:61:A5:06:5B:FA:6C:D9:A5:03:43:3A:1A:06:DF:2F:1F
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       5C12EFF0F41B0952A1B7E4099507C80D09AFA362
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e3135302e3230352e302f32342d3234203d3e20333939363431.roa
Signing time:             Fri 03 Nov 2023 20:10:50 +0000
ROA not before:           Fri 03 Nov 2023 20:05:50 +0000
ROA not after:            Fri 01 Nov 2024 20:10:50 +0000
asID:                     399641
IP address blocks:        194.150.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Mar 2024 19:58:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:12:ef:f0:f4:1b:09:52:a1:b7:e4:09:95:07:c8:0d:09:af:a3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Nov  3 20:05:50 2023 GMT
            Not After : Nov  1 20:10:50 2024 GMT
        Subject: CN=21808FEF61A5065BFA6CD9A503433A1A06DF2F1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:48:e9:cd:6b:c3:6b:15:b5:58:f6:fb:4b:ef:
                    3e:fa:26:4a:9c:6a:12:be:22:b8:4a:a6:b7:32:5c:
                    ce:63:f8:ed:ed:a0:31:12:76:74:fc:f2:2a:51:b4:
                    4a:5c:07:72:9f:36:c0:4f:51:b4:83:f7:8c:62:ca:
                    8e:ff:1b:65:41:7a:af:11:fc:46:c0:08:78:34:d1:
                    01:6b:0e:88:d0:36:50:16:e3:7f:46:e9:9f:cb:5c:
                    3c:7b:04:82:d6:e2:b0:3d:5b:f4:cd:78:34:e4:84:
                    bc:cf:91:10:f4:26:ec:a2:22:72:68:81:85:94:f1:
                    90:f7:b6:da:a0:8b:08:cf:08:96:04:b7:18:07:58:
                    30:b7:dd:a5:a6:5e:cc:e0:44:5d:1b:eb:e6:2f:88:
                    d8:bc:ef:c0:8c:35:4e:2a:fb:ea:02:3b:bb:5b:15:
                    a9:45:8f:9f:e6:9a:5a:e7:57:12:22:44:5c:78:3f:
                    d3:30:30:37:c5:d1:dd:d6:6c:40:27:28:53:01:88:
                    94:aa:c2:03:28:dc:21:16:26:47:61:43:dd:92:57:
                    d3:76:87:36:df:ef:09:9c:75:d8:b3:d8:74:09:e7:
                    ea:8d:24:19:84:7a:51:88:94:72:c4:38:d7:6e:55:
                    22:f7:db:ad:c7:61:86:a2:57:ad:1c:67:1e:91:28:
                    a4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:80:8F:EF:61:A5:06:5B:FA:6C:D9:A5:03:43:3A:1A:06:DF:2F:1F
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e3135302e3230352e302f32342d3234203d3e20333939363431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:ee:8e:c0:9a:97:b9:e6:73:f7:f4:26:63:a0:f8:d5:ff:3e:
         40:3e:da:76:49:4b:71:fa:5a:5b:d5:5f:f6:6a:fb:c1:b5:c1:
         ae:0a:79:b0:6c:79:ad:03:b5:ae:4f:30:b0:da:68:6f:10:aa:
         98:ce:1e:3d:a9:5d:6b:35:67:23:e0:99:cf:9d:20:9a:bf:a5:
         b2:d1:b8:61:6c:4c:f0:08:0a:c2:71:f3:18:af:42:ba:09:e4:
         66:7b:e4:de:b9:db:36:fd:67:70:2b:79:14:16:78:9b:35:db:
         21:b4:34:7e:83:ba:07:35:14:c2:bf:32:c5:5e:b8:a1:91:d6:
         09:46:7e:a4:ba:44:19:65:b5:64:cd:c0:33:29:da:1e:8d:e4:
         2a:56:92:ac:54:71:0f:f0:8e:33:b0:60:67:71:65:f9:92:dc:
         75:55:63:6a:38:28:7e:d5:7b:7b:37:10:8c:dd:27:8e:a9:0d:
         b3:15:23:55:6a:21:cf:f0:6e:f3:b9:4b:ef:cd:7b:ce:8a:19:
         74:68:22:87:61:95:e0:13:3a:58:9d:18:de:aa:3c:f0:dc:ae:
         7f:ca:fb:ca:5a:15:8a:53:86:f9:ba:dd:72:93:da:b1:06:56:
         3a:21:1b:77:ed:a7:44:53:3f:a3:94:c5:d3:10:0c:58:c8:0a:
         e5:5a:95:a8
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUXBLv8PQbCVKht+QJlQfIDQmvo2IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzExMDMyMDA1NTBaFw0yNDExMDEyMDEwNTBaMDMxMTAvBgNV
BAMTKDIxODA4RkVGNjFBNTA2NUJGQTZDRDlBNTAzNDMzQTFBMDZERjJGMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/SOnNa8NrFbVY9vtL7z76Jkqc
ahK+IrhKprcyXM5j+O3toDESdnT88ipRtEpcB3KfNsBPUbSD94xiyo7/G2VBeq8R
/EbACHg00QFrDojQNlAW439G6Z/LXDx7BILW4rA9W/TNeDTkhLzPkRD0JuyiInJo
gYWU8ZD3ttqgiwjPCJYEtxgHWDC33aWmXszgRF0b6+YviNi878CMNU4q++oCO7tb
FalFj5/mmlrnVxIiRFx4P9MwMDfF0d3WbEAnKFMBiJSqwgMo3CEWJkdhQ92SV9N2
hzbf7wmcddiz2HQJ5+qNJBmEelGIlHLEONduVSL3263HYYaiV60cZx6RKKRTAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUIYCP72GlBlv6bNmlA0M6GgbfLx8wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzEzOTM0MmUzMTM1MzAyZTMy
MzAzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzOTM2MzQzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMKWzTANBgkqhkiG9w0BAQsFAAOCAQEAwu6OwJqXueZz9/QmY6D41f8+QD7a
dklLcfpaW9Vf9mr7wbXBrgp5sGx5rQO1rk8wsNpobxCqmM4ePaldazVnI+CZz50g
mr+lstG4YWxM8AgKwnHzGK9CugnkZnvk3rnbNv1ncCt5FBZ4mzXbIbQ0foO6BzUU
wr8yxV64oZHWCUZ+pLpEGWW1ZM3AMynaHo3kKlaSrFRxD/COM7BgZ3Fl+ZLcdVVj
ajgoftV7ezcQjN0njqkNsxUjVWohz/Bu87lL7817zooZdGgih2GV4BM6WJ0Y3qo8
8Nyuf8r7yloVilOG+brdcpPasQZWOiEbd+2nRFM/o5TF0xAMWMgK5VqVqA==
-----END CERTIFICATE-----
Generated at Thu Feb 29 23:56:58 2024 by rpki-client on console-fra.rpki-client.org