Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3234332e302f32342d3234203d3e20333939363431.roa
File:                     3139342e35302e3234332e302f32342d3234203d3e20333939363431.roa (raw, json)
Hash identifier:          bknrv16eXGI6N6AqZx9H5omin9A1fsO347quNIRSyZg=
Subject key identifier:   3E:04:28:B9:21:B0:BA:3F:F9:82:3E:94:3B:77:CC:C1:8E:F6:2A:2F
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       205CE799F2A6C77EF148BEADD4AA755084292F7E
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3234332e302f32342d3234203d3e20333939363431.roa
Signing time:             Fri 03 Nov 2023 20:10:49 +0000
ROA not before:           Fri 03 Nov 2023 20:05:49 +0000
ROA not after:            Fri 01 Nov 2024 20:10:49 +0000
asID:                     399641
IP address blocks:        194.50.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Mar 2024 19:58:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:5c:e7:99:f2:a6:c7:7e:f1:48:be:ad:d4:aa:75:50:84:29:2f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Nov  3 20:05:49 2023 GMT
            Not After : Nov  1 20:10:49 2024 GMT
        Subject: CN=3E0428B921B0BA3FF9823E943B77CCC18EF62A2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d8:56:7d:60:4b:f6:46:d5:7e:74:1b:e5:e5:
                    c0:22:f6:34:f6:40:c2:ad:f0:e2:e1:8b:bc:b8:a3:
                    c0:27:49:e5:1d:d9:73:59:65:ed:e3:ae:8e:d2:60:
                    d4:15:3f:7b:8c:0d:2a:19:97:ea:7e:0a:e2:1a:7c:
                    2e:0b:9d:65:8c:53:f9:96:a5:60:ea:fa:c6:7a:0a:
                    11:f6:12:4f:60:24:fd:97:98:73:88:83:d2:83:d9:
                    fa:3e:c8:a2:41:03:80:a0:9d:fa:72:62:d2:da:f8:
                    52:04:be:42:77:37:b0:98:3e:a2:18:51:ca:0a:35:
                    d0:c7:04:5b:23:84:ea:8d:43:2e:fb:b3:e5:eb:8c:
                    0e:c8:02:46:82:4e:96:d4:2d:7b:56:fd:f9:b7:f4:
                    d2:da:c7:0d:dd:4a:2d:76:2c:1a:a8:94:98:2a:24:
                    f3:2c:37:74:ae:92:0d:54:5a:53:43:f1:c4:ad:0b:
                    7f:f6:31:cc:70:88:07:5c:23:6a:7f:0f:5b:22:6d:
                    26:14:a5:8d:29:fe:0d:32:b1:75:6d:8b:8f:7e:bd:
                    50:dd:60:0a:ce:42:54:a1:eb:90:97:c7:d3:1f:21:
                    68:b6:ba:45:76:7f:08:93:78:f1:a9:8d:f4:23:c9:
                    37:54:b1:2c:58:f0:60:7c:0b:da:98:16:95:3d:ce:
                    e6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:04:28:B9:21:B0:BA:3F:F9:82:3E:94:3B:77:CC:C1:8E:F6:2A:2F
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3234332e302f32342d3234203d3e20333939363431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:b6:6a:1b:f3:00:f3:03:ea:84:5e:46:4e:9d:a4:70:fc:d5:
         c1:30:6b:48:05:0b:10:3e:65:e7:bd:82:59:a1:5a:46:e9:9b:
         4d:5e:84:c0:7d:8a:a1:51:cc:3b:d0:07:5d:ed:ca:c4:40:96:
         63:17:ce:06:13:d6:af:00:48:ff:d5:fc:9a:7d:67:5c:2b:ae:
         d3:48:f3:7a:9c:7b:5b:86:8a:be:26:48:b9:7b:53:f5:b3:2d:
         43:cf:0a:42:ce:6d:bb:b4:72:b9:be:ec:72:00:f6:4d:a5:87:
         cc:7c:b4:83:c5:38:15:9d:16:ce:8a:59:b1:2f:7f:5e:f0:ae:
         4e:fb:b8:bf:3f:87:7f:8a:7b:c2:81:e9:f7:7d:cd:48:45:26:
         09:2d:74:0a:02:c2:33:b0:34:ac:d8:19:34:07:90:6f:10:ed:
         92:e2:a3:29:14:38:99:98:02:62:c5:e1:fe:48:a3:34:8f:88:
         bd:d5:1f:43:85:07:cf:4f:58:c8:57:8d:11:19:ac:29:f4:90:
         70:1e:d7:a1:94:00:ba:a3:54:99:cf:7c:4d:da:85:de:cd:52:
         63:d6:22:eb:ca:6b:84:23:1c:4d:39:ad:df:bf:ca:a0:89:8e:
         80:c1:e3:12:b0:cc:24:cc:35:f7:b5:34:a9:05:6c:73:02:de:
         55:54:17:c9
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUIFznmfKmx37xSL6t1Kp1UIQpL34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzExMDMyMDA1NDlaFw0yNDExMDEyMDEwNDlaMDMxMTAvBgNV
BAMTKDNFMDQyOEI5MjFCMEJBM0ZGOTgyM0U5NDNCNzdDQ0MxOEVGNjJBMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv2FZ9YEv2RtV+dBvl5cAi9jT2
QMKt8OLhi7y4o8AnSeUd2XNZZe3jro7SYNQVP3uMDSoZl+p+CuIafC4LnWWMU/mW
pWDq+sZ6ChH2Ek9gJP2XmHOIg9KD2fo+yKJBA4CgnfpyYtLa+FIEvkJ3N7CYPqIY
UcoKNdDHBFsjhOqNQy77s+XrjA7IAkaCTpbULXtW/fm39NLaxw3dSi12LBqolJgq
JPMsN3Sukg1UWlND8cStC3/2McxwiAdcI2p/D1sibSYUpY0p/g0ysXVti49+vVDd
YArOQlSh65CXx9MfIWi2ukV2fwiTePGpjfQjyTdUsSxY8GB8C9qYFpU9zuYLAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUPgQouSGwuj/5gj6UO3fMwY72Ki8wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzEzOTM0MmUzNTMwMmUzMjM0
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzkzNjM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCMvMwDQYJKoZIhvcNAQELBQADggEBAEi2ahvzAPMD6oReRk6dpHD81cEwa0gF
CxA+Zee9glmhWkbpm01ehMB9iqFRzDvQB13tysRAlmMXzgYT1q8ASP/V/Jp9Z1wr
rtNI83qce1uGir4mSLl7U/WzLUPPCkLObbu0crm+7HIA9k2lh8x8tIPFOBWdFs6K
WbEvf17wrk77uL8/h3+Ke8KB6fd9zUhFJgktdAoCwjOwNKzYGTQHkG8Q7ZLioykU
OJmYAmLF4f5IozSPiL3VH0OFB89PWMhXjREZrCn0kHAe16GUALqjVJnPfE3ahd7N
UmPWIuvKa4QjHE05rd+/yqCJjoDB4xKwzCTMNfe1NKkFbHMC3lVUF8k=
-----END CERTIFICATE-----
Generated at Fri Mar 1 00:13:22 2024 by rpki-client on console-ams.rpki-client.org