Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136352e302f32342d3234203d3e20323131343339.roa
File:                     3130392e3131302e3136352e302f32342d3234203d3e20323131343339.roa (raw, json)
Hash identifier:          0QjU3qq9DjCZPSrxdqGGxq9fHmcBXyabPiI3BQggNtM=
Subject key identifier:   84:CB:1F:C5:C3:2C:33:7A:F9:0D:2F:6F:66:4E:99:72:13:F7:80:63
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       11C448412274467290CB0A411E5EBCDD098F839E
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136352e302f32342d3234203d3e20323131343339.roa
Signing time:             Thu 16 May 2024 09:31:38 +0000
ROA not before:           Thu 16 May 2024 09:26:38 +0000
ROA not after:            Thu 15 May 2025 09:31:38 +0000
asID:                     211439
IP address blocks:        109.110.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:c4:48:41:22:74:46:72:90:cb:0a:41:1e:5e:bc:dd:09:8f:83:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: May 16 09:26:38 2024 GMT
            Not After : May 15 09:31:38 2025 GMT
        Subject: CN=84CB1FC5C32C337AF90D2F6F664E997213F78063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c5:9f:06:bf:e2:33:90:17:42:64:35:be:3a:
                    d1:90:06:f8:1f:42:79:c0:48:ca:98:20:69:88:d0:
                    f2:34:aa:06:cd:db:b6:33:d4:d2:b4:f0:15:1e:f9:
                    15:f6:9e:03:0f:70:19:7b:d7:68:f5:d2:11:d1:ac:
                    f4:98:90:c9:91:fa:bf:ac:7c:01:30:df:70:d5:3d:
                    3d:45:0d:48:9d:01:f5:63:08:d1:b5:43:a6:a5:7d:
                    c3:18:64:c0:b9:5d:7a:25:00:f2:a8:06:da:9b:9e:
                    89:ef:19:68:f0:40:6b:85:e0:6e:3b:2a:e9:e4:80:
                    2d:73:26:2f:0d:ee:8b:cc:b5:b2:6a:9b:25:8a:6b:
                    5d:fc:c2:6a:04:39:be:66:e5:89:b9:9e:43:dd:36:
                    4c:d3:71:2e:c5:6b:69:bf:48:d2:b0:97:32:de:4f:
                    53:0c:70:b0:92:6e:59:43:91:6b:f1:83:73:46:fa:
                    0b:43:15:ad:62:1a:88:f4:fc:73:b1:35:b3:9c:90:
                    d4:20:b3:0e:ba:95:02:03:70:18:47:00:92:5f:05:
                    c7:93:16:9d:cc:97:dd:56:b6:b7:4a:d8:ee:bf:ff:
                    02:7b:79:30:51:89:a9:d0:e4:2a:90:92:7b:87:89:
                    47:f9:07:7c:63:27:e7:d5:db:39:4b:88:66:5c:b1:
                    71:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CB:1F:C5:C3:2C:33:7A:F9:0D:2F:6F:66:4E:99:72:13:F7:80:63
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136352e302f32342d3234203d3e20323131343339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:b4:0c:3b:a9:f7:e8:a9:60:78:e1:35:85:a8:9d:61:b5:5f:
         7c:d2:26:0e:78:11:85:8a:7e:0d:51:41:85:e3:83:00:75:fb:
         97:20:24:a9:32:cd:cb:7d:58:e7:5b:20:e5:14:60:d9:06:f0:
         26:82:88:86:22:8f:e7:4e:3d:ba:e0:9a:ee:ad:3b:18:81:b1:
         de:b3:f1:f2:02:56:e9:48:79:1a:36:ff:43:8a:49:03:40:91:
         c9:c7:cb:1c:12:e1:e4:b8:d7:20:99:53:ac:e9:0b:8c:0b:54:
         8c:57:d5:0f:73:76:93:46:b5:e7:02:cc:43:e4:4d:dd:ca:f4:
         09:1f:c8:54:4b:09:3e:9e:93:e1:b8:5e:2a:03:92:66:40:21:
         57:78:b1:aa:8f:dc:9d:f7:2d:0b:8d:65:a3:c1:4d:80:1d:29:
         79:cc:87:db:db:18:2d:89:45:78:49:5d:60:59:dd:c1:e8:5c:
         40:9a:15:e0:fe:fa:a4:6c:1f:3b:12:f7:6f:15:2f:76:0b:1f:
         c6:ad:9c:11:9f:72:ed:26:9d:e9:28:03:d4:ae:2f:58:2e:84:
         51:b5:09:ca:32:eb:28:5a:a4:81:7a:fe:9d:81:2d:e0:60:0b:
         e1:40:33:d0:7e:cb:59:72:a3:ee:da:c9:bd:7e:01:89:27:e5:
         a5:52:8e:3b
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUEcRIQSJ0RnKQywpBHl683QmPg54wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDA1MTYwOTI2MzhaFw0yNTA1MTUwOTMxMzhaMDMxMTAvBgNV
BAMTKDg0Q0IxRkM1QzMyQzMzN0FGOTBEMkY2RjY2NEU5OTcyMTNGNzgwNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSxZ8Gv+IzkBdCZDW+OtGQBvgf
QnnASMqYIGmI0PI0qgbN27Yz1NK08BUe+RX2ngMPcBl712j10hHRrPSYkMmR+r+s
fAEw33DVPT1FDUidAfVjCNG1Q6alfcMYZMC5XXolAPKoBtqbnonvGWjwQGuF4G47
KunkgC1zJi8N7ovMtbJqmyWKa138wmoEOb5m5Ym5nkPdNkzTcS7Fa2m/SNKwlzLe
T1MMcLCSbllDkWvxg3NG+gtDFa1iGoj0/HOxNbOckNQgsw66lQIDcBhHAJJfBceT
Fp3Ml91WtrdK2O6//wJ7eTBRianQ5CqQknuHiUf5B3xjJ+fV2zlLiGZcsXGNAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUhMsfxcMsM3r5DS9vZk6ZchP3gGMwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzYzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTM0MzMzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAG1upTANBgkqhkiG9w0BAQsFAAOCAQEALbQMO6n36KlgeOE1haidYbVffNIm
DngRhYp+DVFBheODAHX7lyAkqTLNy31Y51sg5RRg2QbwJoKIhiKP5049uuCa7q07
GIGx3rPx8gJW6Uh5Gjb/Q4pJA0CRycfLHBLh5LjXIJlTrOkLjAtUjFfVD3N2k0a1
5wLMQ+RN3cr0CR/IVEsJPp6T4bheKgOSZkAhV3ixqo/cnfctC41lo8FNgB0pecyH
29sYLYlFeEldYFndwehcQJoV4P76pGwfOxL3bxUvdgsfxq2cEZ9y7Sad6SgD1K4v
WC6EUbUJyjLrKFqkgXr+nYEt4GAL4UAz0H7LWXKj7trJvX4BiSflpVKOOw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:40 2024 by rpki-client on console-fra.rpki-client.org