Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136382e302f32342d3234203d3e2035303635.roa
File:                     3130392e3131302e3136382e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          7eJyxRqGBa2D2o4m2ndGjwX8RFO9ZzYjcKbZaJnx9G8=
Subject key identifier:   7A:77:B1:67:5A:3E:14:3B:5F:28:5F:E1:11:25:9F:CF:44:5D:E6:56
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       5FDC4F2B3DAAA5F011D64BF7551E6039AD8121B9
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136382e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 09 Apr 2024 04:14:12 +0000
ROA not before:           Tue 09 Apr 2024 04:09:12 +0000
ROA not after:            Tue 08 Apr 2025 04:14:12 +0000
asID:                     5065
IP address blocks:        109.110.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:dc:4f:2b:3d:aa:a5:f0:11:d6:4b:f7:55:1e:60:39:ad:81:21:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Apr  9 04:09:12 2024 GMT
            Not After : Apr  8 04:14:12 2025 GMT
        Subject: CN=7A77B1675A3E143B5F285FE111259FCF445DE656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9c:0f:29:6f:09:d0:0d:67:cf:27:5f:59:3b:
                    e8:28:c2:e1:b2:15:bc:d9:d0:96:17:d6:97:e6:34:
                    a0:62:e8:8f:b3:76:d2:a3:14:71:83:cd:de:49:7d:
                    36:44:89:75:0b:80:06:c0:c1:87:a2:c9:8c:0b:f4:
                    27:7c:fa:d5:60:49:a9:94:d2:26:f8:c5:15:cf:2e:
                    0c:91:02:5e:06:22:0c:1c:3f:10:89:f8:0e:ca:f8:
                    1f:94:5d:51:5d:d9:3b:46:be:ac:d6:99:f1:54:09:
                    c6:dc:a4:dc:36:9f:53:7a:b3:10:5d:1d:c0:3a:00:
                    9f:e9:be:9e:63:ae:6e:65:6c:88:c9:e7:b9:21:ea:
                    ad:a0:cb:28:6e:1e:0b:a1:01:a7:b5:99:a0:b3:1f:
                    f7:a1:da:2f:e9:10:c1:a9:f1:a1:46:ed:a0:73:2c:
                    b5:c4:1a:72:86:93:22:14:af:6f:d6:3b:f0:53:82:
                    36:40:1a:38:ce:87:8c:43:c5:65:76:97:bd:f4:ef:
                    df:0e:e1:cc:03:0d:1b:1e:42:73:da:70:f2:7a:e8:
                    28:8d:e0:14:f8:56:e6:c2:d4:ce:61:eb:d9:2e:ef:
                    f7:e6:8b:d3:a9:77:ac:7b:6d:8a:54:21:b4:88:d2:
                    84:29:8c:15:46:a8:f9:bb:20:7a:ae:a9:e6:76:02:
                    1e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:77:B1:67:5A:3E:14:3B:5F:28:5F:E1:11:25:9F:CF:44:5D:E6:56
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136382e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:bc:3a:99:fa:20:59:3d:27:c6:01:70:ac:e1:e9:55:1e:1f:
         ef:d9:46:c6:37:86:c3:9c:16:50:28:ab:1f:3e:f1:b2:6a:2e:
         99:30:45:01:fb:98:e0:d0:d6:d2:f0:ba:c1:fa:9a:1f:91:3e:
         cf:70:c1:b1:ff:5a:3b:e1:2b:f0:a9:f7:46:68:dc:80:3b:74:
         5d:b8:21:55:27:bd:db:39:5e:88:a7:a3:c3:01:d5:77:f7:2e:
         4e:85:b6:aa:b2:26:3a:f0:e7:68:3e:ab:0a:5c:34:4e:9c:5c:
         cb:5a:15:77:35:ef:fc:d8:b8:f9:5f:1b:d5:96:e5:7c:02:f3:
         27:b8:5b:00:10:9f:7b:d2:49:86:8e:f9:ea:51:d9:52:cf:2c:
         8d:94:80:40:62:4d:e0:75:3a:d3:7b:29:b5:63:ff:52:9c:8b:
         b5:1a:30:f8:d4:80:a9:5e:f5:c9:1b:1f:21:ae:9f:e6:f1:ef:
         6f:4d:d1:45:c3:0e:37:87:d1:30:cb:47:54:6b:34:a9:d2:ad:
         41:9a:61:34:a6:b4:4b:2d:c5:0f:07:4a:29:60:d8:4b:24:ce:
         de:40:26:53:29:6b:5f:a1:e0:25:60:4b:56:64:8d:69:de:ff:
         6c:08:f1:45:c7:96:16:5f:88:1f:2c:7c:2d:b3:e0:89:d1:a0:
         90:ab:b3:a6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUX9xPKz2qpfAR1kv3VR5gOa2BIbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDA0MDkwNDA5MTJaFw0yNTA0MDgwNDE0MTJaMDMxMTAvBgNV
BAMTKDdBNzdCMTY3NUEzRTE0M0I1RjI4NUZFMTExMjU5RkNGNDQ1REU2NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmnA8pbwnQDWfPJ19ZO+gowuGy
FbzZ0JYX1pfmNKBi6I+zdtKjFHGDzd5JfTZEiXULgAbAwYeiyYwL9Cd8+tVgSamU
0ib4xRXPLgyRAl4GIgwcPxCJ+A7K+B+UXVFd2TtGvqzWmfFUCcbcpNw2n1N6sxBd
HcA6AJ/pvp5jrm5lbIjJ57kh6q2gyyhuHguhAae1maCzH/eh2i/pEMGp8aFG7aBz
LLXEGnKGkyIUr2/WO/BTgjZAGjjOh4xDxWV2l730798O4cwDDRseQnPacPJ66CiN
4BT4VubC1M5h69ku7/fmi9Opd6x7bYpUIbSI0oQpjBVGqPm7IHquqeZ2Ah6pAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUenexZ1o+FDtfKF/hESWfz0Rd5lYwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzYzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzAzNjM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
bW6oMA0GCSqGSIb3DQEBCwUAA4IBAQBXvDqZ+iBZPSfGAXCs4elVHh/v2UbGN4bD
nBZQKKsfPvGyai6ZMEUB+5jg0NbS8LrB+pofkT7PcMGx/1o74SvwqfdGaNyAO3Rd
uCFVJ73bOV6Ip6PDAdV39y5OhbaqsiY68OdoPqsKXDROnFzLWhV3Ne/82Lj5XxvV
luV8AvMnuFsAEJ970kmGjvnqUdlSzyyNlIBAYk3gdTrTeym1Y/9SnIu1GjD41ICp
XvXJGx8hrp/m8e9vTdFFww43h9Ewy0dUazSp0q1BmmE0prRLLcUPB0opYNhLJM7e
QCZTKWtfoeAlYEtWZI1p3v9sCPFFx5YWX4gfLHwts+CJ0aCQq7Om
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:40 2024 by rpki-client on console-fra.rpki-client.org