Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139342e35392e3232332e302f32342d3234203d3e20313939363134.roa
File:                     3139342e35392e3232332e302f32342d3234203d3e20313939363134.roa (raw, json)
Hash identifier:          Q+aTRZ6Bj34jlOI880qva89jcDljlnRfljW0rbqvKUM=
Subject key identifier:   30:02:72:18:64:12:2A:4D:8D:5E:F9:45:60:19:2C:9F:1B:7C:28:77
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       64EA0AF905A1C26EDF0CFD258C77F21F0070BBB4
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139342e35392e3232332e302f32342d3234203d3e20313939363134.roa
Signing time:             Fri 22 Nov 2024 07:43:28 +0000
ROA not before:           Fri 22 Nov 2024 07:38:28 +0000
ROA not after:            Fri 21 Nov 2025 07:43:28 +0000
asID:                     199614
IP address blocks:        194.59.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Dec 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:ea:0a:f9:05:a1:c2:6e:df:0c:fd:25:8c:77:f2:1f:00:70:bb:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Nov 22 07:38:28 2024 GMT
            Not After : Nov 21 07:43:28 2025 GMT
        Subject: CN=3002721864122A4D8D5EF94560192C9F1B7C2877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2e:a6:26:07:6e:84:01:e7:e5:a1:9b:6a:33:
                    2c:1d:48:80:0d:87:46:c9:dd:ba:ad:55:8b:47:fb:
                    31:f4:d9:46:04:cc:0e:82:d7:fb:24:f8:cd:99:f8:
                    67:76:f2:7c:19:c4:22:71:4b:26:2c:9c:8c:79:a8:
                    28:1b:db:b7:a0:a1:53:46:58:c0:f4:68:a3:85:ba:
                    fe:25:d7:f4:78:fe:0e:1f:69:2b:d4:f9:90:28:19:
                    a4:c5:0b:1e:7d:21:57:ac:a3:a8:9e:d3:d1:d7:18:
                    9f:8e:30:c9:f6:36:50:1f:8a:ed:10:06:d3:db:d5:
                    4e:8f:e6:7b:f4:21:cd:b2:dd:cc:a3:21:67:28:c3:
                    3c:16:01:b4:c7:67:25:12:52:b8:9b:86:78:1c:9f:
                    a7:23:ab:56:e3:56:e5:e2:e5:7b:c7:6b:2f:55:d7:
                    0e:14:e4:9c:cc:8d:a6:e3:7a:4f:db:4e:ba:6a:ab:
                    6f:fe:be:c3:5d:d8:27:f5:48:e8:7a:1c:7e:0e:ff:
                    5a:f7:15:7d:59:25:90:1e:c6:6a:77:90:1b:ba:85:
                    b1:92:41:10:70:07:c3:8d:88:c5:26:cd:aa:f8:59:
                    98:07:7c:98:f0:22:ec:46:0e:77:09:7a:e5:95:21:
                    76:b7:76:f1:0c:96:64:28:f4:ba:50:7e:9f:7c:32:
                    1c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:02:72:18:64:12:2A:4D:8D:5E:F9:45:60:19:2C:9F:1B:7C:28:77
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139342e35392e3232332e302f32342d3234203d3e20313939363134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:73:94:19:27:41:72:d6:15:e3:e2:d8:eb:2d:7a:28:63:93:
         b9:b1:d0:d0:17:8a:e8:f2:8e:dd:18:e6:f3:82:94:01:25:8f:
         19:ea:20:65:84:e6:8c:99:55:e3:c9:6e:bd:35:58:0c:79:f7:
         8a:d4:22:3d:1d:81:4f:4a:1c:b1:38:1e:c6:8b:b2:ea:47:fe:
         fb:61:d3:02:79:77:ea:17:fd:fc:83:78:df:be:2c:23:78:0c:
         3d:78:95:c1:81:2d:c6:fe:aa:ee:b3:aa:4c:08:09:cf:d2:6c:
         a9:fb:b5:5b:76:24:26:6c:e7:9b:2b:62:03:05:86:0e:04:27:
         db:02:74:9f:38:44:93:30:a4:7d:ef:6b:2f:b3:d0:6c:c0:eb:
         9a:48:c7:e1:48:46:37:56:11:78:7b:f2:82:16:0a:d1:65:f9:
         72:1d:44:fa:4a:92:b9:4f:76:fd:a6:c3:4e:94:38:20:59:06:
         d8:8b:8c:fa:c6:82:d5:1d:ee:bc:15:0a:27:42:37:84:e0:d6:
         99:31:ad:37:ac:37:82:b1:1c:53:68:a8:1a:40:f2:dd:b4:84:
         5e:4f:0d:5a:38:e2:a2:16:86:8b:2c:7a:45:3d:61:cd:92:d8:
         12:8e:13:eb:ea:97:c9:19:8c:51:38:76:b5:2e:18:f3:b4:7a:
         e6:29:1b:c3
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUZOoK+QWhwm7fDP0ljHfyHwBwu7QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDExMjIwNzM4MjhaFw0yNTExMjEwNzQzMjhaMDMxMTAvBgNV
BAMTKDMwMDI3MjE4NjQxMjJBNEQ4RDVFRjk0NTYwMTkyQzlGMUI3QzI4NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbLqYmB26EAefloZtqMywdSIAN
h0bJ3bqtVYtH+zH02UYEzA6C1/sk+M2Z+Gd28nwZxCJxSyYsnIx5qCgb27egoVNG
WMD0aKOFuv4l1/R4/g4faSvU+ZAoGaTFCx59IVeso6ie09HXGJ+OMMn2NlAfiu0Q
BtPb1U6P5nv0Ic2y3cyjIWcowzwWAbTHZyUSUribhngcn6cjq1bjVuXi5XvHay9V
1w4U5JzMjabjek/bTrpqq2/+vsNd2Cf1SOh6HH4O/1r3FX1ZJZAexmp3kBu6hbGS
QRBwB8ONiMUmzar4WZgHfJjwIuxGDncJeuWVIXa3dvEMlmQo9LpQfp98MhxLAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUMAJyGGQSKk2NXvlFYBksnxt8KHcwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzOTM0MmUzNTM5MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM5MzkzNjMxMzQucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCO98wDQYJKoZIhvcNAQELBQADggEBAKhzlBknQXLWFePi2Osteihjk7mx0NAX
iujyjt0Y5vOClAEljxnqIGWE5oyZVePJbr01WAx594rUIj0dgU9KHLE4HsaLsupH
/vth0wJ5d+oX/fyDeN++LCN4DD14lcGBLcb+qu6zqkwICc/SbKn7tVt2JCZs55sr
YgMFhg4EJ9sCdJ84RJMwpH3vay+z0GzA65pIx+FIRjdWEXh78oIWCtFl+XIdRPpK
krlPdv2mw06UOCBZBtiLjPrGgtUd7rwVCidCN4Tg1pkxrTesN4KxHFNoqBpA8t20
hF5PDVo44qIWhossekU9Yc2S2BKOE+vql8kZjFE4drUuGPO0euYpG8M=
-----END CERTIFICATE-----
Generated at Thu Dec 12 13:53:08 2024 by rpki-client on console-fra.rpki-client.org