Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3139332e3130392e3139332e302f32342d3234203d3e20383334.roa
File:                     3139332e3130392e3139332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          5Q5/4llOza1pB6CbbZVvm7WEQnOu23k6t4CEPPvdBoU=
Subject key identifier:   26:AC:A8:AF:A5:45:DA:16:5A:92:78:61:46:06:55:EA:60:34:31:DA
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       076E69A75FBE18063FCF29978E453988C449290D
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3139332e3130392e3139332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 14 Nov 2024 00:02:10 +0000
ROA not before:           Wed 13 Nov 2024 23:57:10 +0000
ROA not after:            Thu 13 Nov 2025 00:02:10 +0000
asID:                     834
IP address blocks:        193.109.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:6e:69:a7:5f:be:18:06:3f:cf:29:97:8e:45:39:88:c4:49:29:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Nov 13 23:57:10 2024 GMT
            Not After : Nov 13 00:02:10 2025 GMT
        Subject: CN=26ACA8AFA545DA165A927861460655EA603431DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fd:38:ac:f6:df:bb:23:67:6c:e1:da:0f:44:
                    f5:2e:d5:6a:ef:20:04:a5:7f:09:37:a7:ca:22:d5:
                    a0:e2:8e:64:a3:5e:4d:29:d3:7b:81:8f:79:7e:39:
                    13:ed:16:8d:b3:78:78:a5:55:40:f3:b7:11:e8:e3:
                    90:6d:8a:ac:0c:be:89:f5:23:79:95:78:e5:de:b0:
                    10:71:64:6c:b3:b0:5f:f6:5a:b6:6d:21:4e:2f:dd:
                    1f:8a:1c:39:28:cd:94:1e:c5:4e:5f:31:dc:06:ec:
                    b9:9e:a1:f4:3e:88:3e:97:80:b5:40:f7:44:7e:06:
                    db:b6:86:4a:95:3e:d5:d3:66:b8:7b:cc:c3:39:f4:
                    ad:c1:2b:b7:49:89:43:14:2f:1f:99:5f:d0:aa:19:
                    4c:73:3a:52:3f:e9:5f:14:f1:d0:46:59:3b:9f:bf:
                    cf:60:e1:cb:bb:98:88:05:43:ed:2c:04:59:84:ea:
                    22:58:1d:ef:ea:77:bf:3c:8e:cb:58:63:dd:b0:e2:
                    59:a9:f9:ae:fc:cf:d2:7c:82:0a:4c:3a:cd:33:77:
                    de:b6:28:56:27:11:c9:d6:24:56:a5:34:6b:15:40:
                    f9:39:62:fc:b5:5e:01:53:bb:45:28:6c:55:d5:e2:
                    f1:02:56:53:80:db:ed:c4:c7:0b:80:e0:1a:40:b5:
                    58:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:AC:A8:AF:A5:45:DA:16:5A:92:78:61:46:06:55:EA:60:34:31:DA
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3139332e3130392e3139332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:56:1b:54:a2:60:4e:f3:84:9e:d5:97:bb:78:35:6e:c1:fb:
         d7:97:73:fd:21:83:e4:e3:39:91:63:36:93:30:c5:4c:45:03:
         fc:00:36:50:7d:bb:e8:77:c7:38:df:48:d6:51:57:6d:27:a3:
         a3:f0:37:65:12:3f:ba:37:a5:55:ed:99:e2:e3:28:4f:3e:fd:
         4c:97:10:7a:f8:7d:0f:67:d1:42:ab:9f:30:41:0d:84:60:61:
         ca:b9:57:f0:10:12:58:ed:0b:d1:c8:28:db:33:37:1e:39:a1:
         70:a4:4b:e0:9d:01:ad:c1:d1:fa:3d:4d:1a:2f:84:93:31:3b:
         3f:fe:f1:18:47:64:06:c2:c0:ec:2b:0b:35:d3:05:c6:11:1e:
         0e:9d:3b:a9:07:e3:4c:50:c9:e2:e4:19:2a:e8:69:70:28:0e:
         a1:b7:79:61:3d:a1:17:0e:d2:73:4c:1e:94:c4:a4:3e:1c:3f:
         14:52:f1:43:4c:c4:03:09:f9:9a:64:76:87:d0:e2:9d:35:7b:
         6e:b9:68:af:02:d2:a6:cf:d7:9e:0c:ce:b1:b9:d3:1e:00:69:
         1c:2c:0b:d7:03:e9:7d:dc:86:a3:0b:69:f2:8b:7b:a3:40:a4:
         c9:61:5f:35:ad:2c:48:70:10:4e:2d:b2:62:a8:2f:e5:48:85:
         6d:fd:72:a4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUB25pp1++GAY/zymXjkU5iMRJKQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDExMTMyMzU3MTBaFw0yNTExMTMwMDAyMTBaMDMxMTAvBgNV
BAMTKDI2QUNBOEFGQTU0NURBMTY1QTkyNzg2MTQ2MDY1NUVBNjAzNDMxREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS/Tis9t+7I2ds4doPRPUu1Wrv
IASlfwk3p8oi1aDijmSjXk0p03uBj3l+ORPtFo2zeHilVUDztxHo45BtiqwMvon1
I3mVeOXesBBxZGyzsF/2WrZtIU4v3R+KHDkozZQexU5fMdwG7LmeofQ+iD6XgLVA
90R+Btu2hkqVPtXTZrh7zMM59K3BK7dJiUMULx+ZX9CqGUxzOlI/6V8U8dBGWTuf
v89g4cu7mIgFQ+0sBFmE6iJYHe/qd788jstYY92w4lmp+a78z9J8ggpMOs0zd962
KFYnEcnWJFalNGsVQPk5Yvy1XgFTu0UobFXV4vECVlOA2+3ExwuA4BpAtVgRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJqyor6VF2hZaknhhRgZV6mA0MdowHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzOTMzMmUzMTMwMzkyZTMx
MzkzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFt
wTANBgkqhkiG9w0BAQsFAAOCAQEAmVYbVKJgTvOEntWXu3g1bsH715dz/SGD5OM5
kWM2kzDFTEUD/AA2UH276HfHON9I1lFXbSejo/A3ZRI/ujelVe2Z4uMoTz79TJcQ
evh9D2fRQqufMEENhGBhyrlX8BASWO0L0cgo2zM3HjmhcKRL4J0BrcHR+j1NGi+E
kzE7P/7xGEdkBsLA7CsLNdMFxhEeDp07qQfjTFDJ4uQZKuhpcCgOobd5YT2hFw7S
c0welMSkPhw/FFLxQ0zEAwn5mmR2h9DinTV7brlorwLSps/XngzOsbnTHgBpHCwL
1wPpfdyGowtp8ot7o0CkyWFfNa0sSHAQTi2yYqgv5UiFbf1ypA==
-----END CERTIFICATE-----