Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e3131392e302f32342d3234203d3e203630343538.roa
File:                     3139352e382e3131392e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          7rmEBzCcKzytpb74duJg1saj5hIb4quQZTOE5453MEI=
Subject key identifier:   8D:1B:1D:57:22:A0:9D:B9:59:7A:86:FA:45:AB:68:F7:3F:0B:80:F9
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       27EDD04A4574608884C34D06220A0C2D26522CB8
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e3131392e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 03 Jun 2024 06:05:17 +0000
ROA not before:           Mon 03 Jun 2024 06:00:17 +0000
ROA not after:            Mon 02 Jun 2025 06:05:17 +0000
asID:                     60458
IP address blocks:        195.8.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:ed:d0:4a:45:74:60:88:84:c3:4d:06:22:0a:0c:2d:26:52:2c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jun  3 06:00:17 2024 GMT
            Not After : Jun  2 06:05:17 2025 GMT
        Subject: CN=8D1B1D5722A09DB9597A86FA45AB68F73F0B80F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:8f:4a:d0:52:d5:44:cb:04:b6:f1:57:11:50:
                    47:ba:a0:a9:71:b9:18:38:0b:5d:e6:df:b0:3d:9e:
                    3c:b6:98:48:b2:37:7b:6a:fa:e3:23:75:54:72:f3:
                    4c:d0:00:26:4f:6f:c7:fb:fa:b2:36:6d:23:c3:0b:
                    8e:a3:68:3e:10:d9:0a:6d:7a:8a:9e:39:c7:9d:0a:
                    2a:ac:6d:23:d2:3a:8a:c7:6e:aa:93:40:d0:00:29:
                    f3:38:f8:fa:fb:fa:05:c1:b3:d9:38:33:fd:4c:ea:
                    25:70:6a:10:c2:98:1d:64:c6:85:81:52:db:6d:3a:
                    fe:41:28:a1:c1:a1:6d:35:aa:b4:03:d1:53:37:d3:
                    df:eb:b2:c6:47:a7:1b:c0:b7:08:72:54:16:4e:11:
                    4c:41:fe:3f:5e:ff:84:86:15:4c:68:7d:c0:72:09:
                    a7:cd:74:e8:5e:24:59:e9:61:56:0e:07:4e:3d:0e:
                    29:81:14:b2:e2:c3:18:a9:32:10:24:30:fc:49:60:
                    ea:3e:b3:ff:21:18:9a:9e:c7:de:b7:ef:b2:d0:6c:
                    79:36:79:c3:ab:8b:db:c3:ca:af:c5:0b:0f:60:92:
                    99:4d:e4:e9:c9:da:cd:27:15:e9:5b:59:de:67:0a:
                    c6:a8:84:f4:11:a1:e0:97:2f:37:7d:06:fb:16:0c:
                    8f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:1B:1D:57:22:A0:9D:B9:59:7A:86:FA:45:AB:68:F7:3F:0B:80:F9
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e3131392e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4e:62:97:dd:8e:f8:4a:55:60:b9:8a:a3:23:b4:de:8d:f4:
         21:14:bc:ff:11:88:a5:95:8d:5f:c4:66:d6:b0:d7:5c:56:72:
         47:16:05:14:d1:d9:ba:46:e3:bb:41:dc:97:ee:1f:d3:20:e0:
         0e:0a:64:c0:73:8f:05:c4:f5:a0:20:c7:0f:ea:80:f4:12:d3:
         f9:3d:a0:00:20:5b:4e:43:f8:1c:16:89:9f:cb:0d:5e:5a:b0:
         b8:a5:67:37:10:b9:10:d0:bd:d2:9c:b8:ec:bf:bc:08:aa:37:
         28:53:25:07:42:1c:66:16:d4:a5:ae:2b:38:89:59:c0:5f:09:
         7d:a9:46:0c:34:57:0a:09:b4:9a:06:f3:5b:ae:7e:27:b9:07:
         07:5f:d2:1e:39:67:0b:fe:d6:cf:41:94:1a:dd:45:db:5e:72:
         fa:10:ce:05:df:d6:74:c4:9c:bd:da:d2:e0:a1:2b:30:1b:07:
         8c:6d:7f:fe:19:e9:fa:76:8e:46:1f:f6:5b:12:55:ed:92:71:
         07:24:38:fc:a7:ca:20:7e:03:54:ce:50:ba:23:b4:a1:7e:56:
         af:3e:06:ad:16:17:d2:e9:aa:b3:fd:e8:6b:b8:94:af:f5:8e:
         5e:c0:60:0b:8e:27:76:5d:2f:2b:06:8f:0c:0f:56:cf:a0:45:
         09:fd:8f:72
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ+3QSkV0YIiEw00GIgoMLSZSLLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA2MDMwNjAwMTdaFw0yNTA2MDIwNjA1MTdaMDMxMTAvBgNV
BAMTKDhEMUIxRDU3MjJBMDlEQjk1OTdBODZGQTQ1QUI2OEY3M0YwQjgwRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4j0rQUtVEywS28VcRUEe6oKlx
uRg4C13m37A9njy2mEiyN3tq+uMjdVRy80zQACZPb8f7+rI2bSPDC46jaD4Q2Qpt
eoqeOcedCiqsbSPSOorHbqqTQNAAKfM4+Pr7+gXBs9k4M/1M6iVwahDCmB1kxoWB
UtttOv5BKKHBoW01qrQD0VM309/rssZHpxvAtwhyVBZOEUxB/j9e/4SGFUxofcBy
CafNdOheJFnpYVYOB049DimBFLLiwxipMhAkMPxJYOo+s/8hGJqex96377LQbHk2
ecOri9vDyq/FCw9gkplN5OnJ2s0nFelbWd5nCsaohPQRoeCXLzd9BvsWDI9lAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjRsdVyKgnblZeob6Rato9z8LgPkwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzOTM1MmUzODJlMzEzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMI
dzANBgkqhkiG9w0BAQsFAAOCAQEALk5il92O+EpVYLmKoyO03o30IRS8/xGIpZWN
X8Rm1rDXXFZyRxYFFNHZukbju0Hcl+4f0yDgDgpkwHOPBcT1oCDHD+qA9BLT+T2g
ACBbTkP4HBaJn8sNXlqwuKVnNxC5ENC90py47L+8CKo3KFMlB0IcZhbUpa4rOIlZ
wF8JfalGDDRXCgm0mgbzW65+J7kHB1/SHjlnC/7Wz0GUGt1F215y+hDOBd/WdMSc
vdrS4KErMBsHjG1//hnp+naORh/2WxJV7ZJxByQ4/KfKIH4DVM5QuiO0oX5Wrz4G
rRYX0umqs/3oa7iUr/WOXsBgC44ndl0vKwaPDA9Wz6BFCf2Pcg==
-----END CERTIFICATE-----