Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab83a38a-7a39-4397-b588-edb9fbb62817/0/39312e3233352e3230352e302f32342d3234203d3e203630353034.roa
File:                     39312e3233352e3230352e302f32342d3234203d3e203630353034.roa (raw, json)
Hash identifier:          j6vYZtEefm6U9xRcCycNawpFSUKH1P79zkEqzcAmwPc=
Subject key identifier:   B2:4D:DD:D8:B7:DD:E2:0C:34:50:CD:64:B5:1A:27:26:A4:E1:AB:4C
Certificate issuer:       /CN=e92d148583a4642d90d4c4bc47b4504e180ea0c3
Certificate serial:       44AED8E87BBD0A1D17F84A9BA517BF208D689D02
Authority key identifier: E9:2D:14:85:83:A4:64:2D:90:D4:C4:BC:47:B4:50:4E:18:0E:A0:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6S0UhYOkZC2Q1MS8R7RQThgOoMM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab83a38a-7a39-4397-b588-edb9fbb62817/0/39312e3233352e3230352e302f32342d3234203d3e203630353034.roa
Signing time:             Tue 04 Jun 2024 09:05:18 +0000
ROA not before:           Tue 04 Jun 2024 09:00:18 +0000
ROA not after:            Tue 03 Jun 2025 09:05:18 +0000
asID:                     60504
IP address blocks:        91.235.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab83a38a-7a39-4397-b588-edb9fbb62817/0/E92D148583A4642D90D4C4BC47B4504E180EA0C3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab83a38a-7a39-4397-b588-edb9fbb62817/0/E92D148583A4642D90D4C4BC47B4504E180EA0C3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6S0UhYOkZC2Q1MS8R7RQThgOoMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:ae:d8:e8:7b:bd:0a:1d:17:f8:4a:9b:a5:17:bf:20:8d:68:9d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92d148583a4642d90d4c4bc47b4504e180ea0c3
        Validity
            Not Before: Jun  4 09:00:18 2024 GMT
            Not After : Jun  3 09:05:18 2025 GMT
        Subject: CN=B24DDDD8B7DDE20C3450CD64B51A2726A4E1AB4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:97:50:40:e2:73:ad:81:22:12:92:df:1f:50:
                    f9:6d:da:e5:fc:43:e2:31:c4:1d:5f:3a:39:ca:e0:
                    a2:2c:bc:17:60:2d:77:27:b4:80:90:71:60:18:31:
                    c7:34:38:fe:de:95:8a:81:73:ca:80:6e:c7:d0:84:
                    f4:40:14:b6:40:f2:ab:34:68:0f:d6:3a:25:b3:1d:
                    1c:98:bb:4f:74:27:b9:e7:2e:a2:e1:8b:c2:07:62:
                    92:90:3a:d7:c1:69:21:56:fc:a6:62:b7:d0:75:61:
                    41:af:83:07:cb:be:a9:d9:25:3e:ee:f5:e1:f1:0f:
                    24:a8:ad:7e:67:82:44:74:25:94:ce:ed:ad:ab:24:
                    15:77:a7:0b:70:7e:3b:6d:8e:c8:22:92:76:fb:b5:
                    a6:a5:47:ac:be:5b:d4:b6:82:3d:cb:e0:77:05:7b:
                    85:b5:36:b9:cc:33:95:94:57:a4:5d:ea:6f:db:4b:
                    cd:c0:a9:e1:0f:42:85:ab:93:e3:20:e0:9f:87:cd:
                    a1:5a:ee:16:e5:08:27:a0:ab:f7:48:13:88:4a:92:
                    55:e0:3c:50:6c:05:ca:d9:72:a9:23:ae:e1:90:b9:
                    1f:58:fc:26:1a:3f:c1:53:2a:13:c6:ec:86:18:93:
                    4c:0e:eb:8a:48:9d:7f:5b:28:4a:f9:65:2a:f3:d3:
                    6e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4D:DD:D8:B7:DD:E2:0C:34:50:CD:64:B5:1A:27:26:A4:E1:AB:4C
            X509v3 Authority Key Identifier:
                keyid:E9:2D:14:85:83:A4:64:2D:90:D4:C4:BC:47:B4:50:4E:18:0E:A0:C3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab83a38a-7a39-4397-b588-edb9fbb62817/0/E92D148583A4642D90D4C4BC47B4504E180EA0C3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6S0UhYOkZC2Q1MS8R7RQThgOoMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab83a38a-7a39-4397-b588-edb9fbb62817/0/39312e3233352e3230352e302f32342d3234203d3e203630353034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:74:c0:9e:c0:bd:5a:ef:51:de:b9:ae:ce:1f:93:00:f6:3b:
         25:b6:fb:60:da:da:9d:9b:b8:f2:1e:e2:75:29:0c:5e:79:c8:
         b4:46:ae:7b:2f:0e:db:62:6c:f4:a4:20:66:cc:b0:89:ae:3b:
         b6:e8:d6:be:d0:34:1d:ff:e8:84:58:15:02:a2:09:de:29:33:
         e9:02:d9:c4:ad:1f:3e:72:48:13:01:ea:dc:1a:91:4d:2d:46:
         bf:43:fa:6a:2a:d8:d1:7e:a1:3d:17:b0:66:1c:4c:e9:e8:f1:
         3b:b2:8d:89:e6:67:0a:71:1d:2f:e3:60:78:1f:38:27:c9:94:
         e9:92:35:eb:22:e4:b0:72:3b:03:2c:fd:ad:e2:40:ee:fd:29:
         4d:84:a4:6e:0a:a8:9c:e9:04:85:c4:eb:40:67:83:88:a3:16:
         88:c6:7d:b4:81:ab:23:15:03:0e:e5:f4:44:96:f0:3e:1d:e2:
         33:4e:54:c5:ef:84:a1:b4:8d:b1:96:51:df:19:c6:d5:c1:24:
         7f:b3:f0:44:b8:8c:19:88:fa:9f:84:e2:2f:8b:86:31:6d:2d:
         bf:fd:ba:3a:55:7b:5e:29:ee:14:26:ac:8c:29:f6:28:d4:60:
         c1:6b:52:cc:26:c7:ad:46:f6:c9:98:0f:6a:00:96:1d:aa:9d:
         85:93:7a:0f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIURK7Y6Hu9Ch0X+EqbpRe/II1onQIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTkyZDE0ODU4M2E0NjQyZDkwZDRjNGJjNDdiNDUwNGUx
ODBlYTBjMzAeFw0yNDA2MDQwOTAwMThaFw0yNTA2MDMwOTA1MThaMDMxMTAvBgNV
BAMTKEIyNEREREQ4QjdEREUyMEMzNDUwQ0Q2NEI1MUEyNzI2QTRFMUFCNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXl1BA4nOtgSISkt8fUPlt2uX8
Q+IxxB1fOjnK4KIsvBdgLXcntICQcWAYMcc0OP7elYqBc8qAbsfQhPRAFLZA8qs0
aA/WOiWzHRyYu090J7nnLqLhi8IHYpKQOtfBaSFW/KZit9B1YUGvgwfLvqnZJT7u
9eHxDySorX5ngkR0JZTO7a2rJBV3pwtwfjttjsgiknb7taalR6y+W9S2gj3L4HcF
e4W1NrnMM5WUV6Rd6m/bS83AqeEPQoWrk+Mg4J+HzaFa7hblCCegq/dIE4hKklXg
PFBsBcrZcqkjruGQuR9Y/CYaP8FTKhPG7IYYk0wO64pInX9bKEr5ZSrz025RAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUsk3d2Lfd4gw0UM1ktRonJqThq0wwHwYDVR0j
BBgwFoAU6S0UhYOkZC2Q1MS8R7RQThgOoMMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI4M2EzOGEtN2EzOS00Mzk3LWI1ODgtZWRiOWZiYjYy
ODE3LzAvRTkyRDE0ODU4M0E0NjQyRDkwRDRDNEJDNDdCNDUwNEUxODBFQTBDMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZTMFVoWU9rWkMyUTFNUzhSN1JRVGhn
T29NTS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI4M2EzOGEt
N2EzOS00Mzk3LWI1ODgtZWRiOWZiYjYyODE3LzAvMzkzMTJlMzIzMzM1MmUzMjMw
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMwMzUzMDM0LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
W+vNMA0GCSqGSIb3DQEBCwUAA4IBAQAHdMCewL1a71Heua7OH5MA9jsltvtg2tqd
m7jyHuJ1KQxeeci0Rq57Lw7bYmz0pCBmzLCJrju26Na+0DQd/+iEWBUCogneKTPp
AtnErR8+ckgTAercGpFNLUa/Q/pqKtjRfqE9F7BmHEzp6PE7so2J5mcKcR0v42B4
HzgnyZTpkjXrIuSwcjsDLP2t4kDu/SlNhKRuCqic6QSFxOtAZ4OIoxaIxn20gasj
FQMO5fRElvA+HeIzTlTF74ShtI2xllHfGcbVwSR/s/BEuIwZiPqfhOIvi4YxbS2/
/bo6VXteKe4UJqyMKfYo1GDBa1LMJsetRvbJmA9qAJYdqp2Fk3oP
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:41 2024 by rpki-client on console-ams.rpki-client.org