Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138362e302f32342d3234203d3e203539383935.roa
File:                     3130392e3131302e3138362e302f32342d3234203d3e203539383935.roa (raw, json)
Hash identifier:          jxZrZrsUycanEG4ZxFOnRSypoDF+U35PqVIdeGAZfvk=
Subject key identifier:   98:38:C1:3C:73:BD:67:04:4F:07:B4:0C:AF:65:EC:EB:2C:EA:92:6A
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       3F1F0E8C21E081AE487EDFC7F9B07D1C3AA16FC1
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138362e302f32342d3234203d3e203539383935.roa
Signing time:             Thu 21 Mar 2024 14:10:23 +0000
ROA not before:           Thu 21 Mar 2024 14:05:23 +0000
ROA not after:            Thu 20 Mar 2025 14:10:23 +0000
asID:                     59895
IP address blocks:        109.110.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 16:08:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:1f:0e:8c:21:e0:81:ae:48:7e:df:c7:f9:b0:7d:1c:3a:a1:6f:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Mar 21 14:05:23 2024 GMT
            Not After : Mar 20 14:10:23 2025 GMT
        Subject: CN=9838C13C73BD67044F07B40CAF65ECEB2CEA926A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f4:e8:93:74:22:96:2b:69:37:e2:dd:a3:50:
                    51:1f:bf:e2:8e:0c:95:9a:ea:fc:82:9e:30:b4:c6:
                    49:f2:b6:a6:f4:6b:13:40:1d:92:95:3b:d3:f5:53:
                    25:86:25:ed:39:2a:d6:9a:93:67:58:77:79:68:9b:
                    55:4d:67:a7:de:6e:5d:a8:da:29:f1:8a:06:bc:75:
                    d9:83:63:6d:ad:30:d8:35:ee:c0:c4:2b:65:ee:94:
                    bb:06:1f:cc:dc:a4:f9:96:18:df:0f:75:f2:cd:db:
                    0c:34:91:53:0f:bf:0a:8c:b4:38:e3:6e:17:ea:7d:
                    f6:f4:cd:40:ce:97:c6:b1:af:f1:69:09:89:19:51:
                    69:93:fa:b4:ba:7f:1c:af:34:38:35:d0:75:09:78:
                    5e:b0:86:0d:85:f4:b8:cb:51:75:a9:a6:ca:63:3d:
                    e5:cf:e3:5b:da:2d:62:87:25:d2:df:3d:92:8e:e9:
                    77:2a:db:a0:63:3d:0b:4e:88:6c:1d:07:71:d3:b7:
                    4a:9f:e5:53:c0:e8:6b:e7:44:7e:b1:6c:69:0d:af:
                    71:ae:7b:59:e9:9e:4f:aa:7b:12:3b:9c:5c:4b:ef:
                    5a:1e:15:ad:2d:e7:d6:5b:30:32:61:45:49:f0:ff:
                    57:3c:80:62:ca:f7:2f:3a:00:a4:71:db:35:b8:31:
                    9d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:38:C1:3C:73:BD:67:04:4F:07:B4:0C:AF:65:EC:EB:2C:EA:92:6A
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138362e302f32342d3234203d3e203539383935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:4c:a1:23:e0:5b:df:ef:75:06:16:79:48:8e:bd:37:30:ba:
         73:ee:40:c4:90:f1:17:90:ad:a5:ab:56:be:de:cd:db:8b:46:
         99:26:28:fd:c0:44:b7:31:f8:5a:45:b8:80:14:0e:a3:62:a8:
         da:bb:34:18:0e:2b:6c:e4:ee:bb:f1:c7:09:63:21:fb:b7:74:
         4a:27:71:c0:e2:4c:73:a1:31:9d:53:a6:88:4e:01:2d:87:c3:
         7f:02:87:e5:ad:62:c5:0b:f3:f4:b3:20:a3:35:73:6f:30:a3:
         9e:22:b5:98:e7:ce:39:e6:ed:0b:69:60:46:9c:3e:52:b8:b8:
         5e:22:ef:3f:86:b1:88:fb:d5:70:d2:8f:cc:ba:37:c7:0d:7e:
         79:26:2d:50:b7:b5:d7:09:a3:f2:be:f6:f9:22:3a:fe:25:04:
         5d:d2:4f:47:83:9d:a6:8e:87:f7:ed:78:09:82:4e:d2:64:37:
         9d:54:f0:a9:d4:fe:52:56:9f:1e:dc:1b:dc:a3:52:23:f2:12:
         f4:ab:43:7c:6e:45:75:4f:1e:f1:63:71:ec:96:96:3a:76:4b:
         02:7b:63:f2:e5:38:81:cd:8c:b2:24:11:6f:da:cd:af:c3:78:
         6d:9a:88:b0:d5:2c:c7:20:e6:91:9f:95:99:19:5e:b6:84:c7:
         47:17:56:f5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUPx8OjCHgga5Ift/H+bB9HDqhb8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDAzMjExNDA1MjNaFw0yNTAzMjAxNDEwMjNaMDMxMTAvBgNV
BAMTKDk4MzhDMTNDNzNCRDY3MDQ0RjA3QjQwQ0FGNjVFQ0VCMkNFQTkyNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCM9OiTdCKWK2k34t2jUFEfv+KO
DJWa6vyCnjC0xknytqb0axNAHZKVO9P1UyWGJe05Ktaak2dYd3lom1VNZ6febl2o
2inxiga8ddmDY22tMNg17sDEK2XulLsGH8zcpPmWGN8PdfLN2ww0kVMPvwqMtDjj
bhfqffb0zUDOl8axr/FpCYkZUWmT+rS6fxyvNDg10HUJeF6whg2F9LjLUXWppspj
PeXP41vaLWKHJdLfPZKO6Xcq26BjPQtOiGwdB3HTt0qf5VPA6GvnRH6xbGkNr3Gu
e1npnk+qexI7nFxL71oeFa0t59ZbMDJhRUnw/1c8gGLK9y86AKRx2zW4MZ1BAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUmDjBPHO9ZwRPB7QMr2Xs6yzqkmowHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzgzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzkzODM5MzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABtbrowDQYJKoZIhvcNAQELBQADggEBAEdMoSPgW9/vdQYWeUiOvTcwunPuQMSQ
8ReQraWrVr7ezduLRpkmKP3ARLcx+FpFuIAUDqNiqNq7NBgOK2zk7rvxxwljIfu3
dEonccDiTHOhMZ1TpohOAS2Hw38Ch+WtYsUL8/SzIKM1c28wo54itZjnzjnm7Qtp
YEacPlK4uF4i7z+GsYj71XDSj8y6N8cNfnkmLVC3tdcJo/K+9vkiOv4lBF3ST0eD
naaOh/fteAmCTtJkN51U8KnU/lJWnx7cG9yjUiPyEvSrQ3xuRXVPHvFjceyWljp2
SwJ7Y/LlOIHNjLIkEW/aza/DeG2aiLDVLMcg5pGflZkZXraEx0cXVvU=
-----END CERTIFICATE-----
Generated at Sun Apr 21 00:50:10 2024 by rpki-client on console-ams.rpki-client.org