Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3139302e302f32332d3234203d3e20323731373939.roa
File:                     3130392e3131302e3139302e302f32332d3234203d3e20323731373939.roa (raw, json)
Hash identifier:          vetYdkzuDSK50az8dg7qsTdJq9hp0zjC0YJqaTOTIJo=
Subject key identifier:   2A:ED:6A:39:38:CD:44:3C:CC:BE:70:52:0F:89:FF:4E:31:A4:56:1D
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       06C53B318B0F1A315D3A06D9B32629BA3F947C77
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3139302e302f32332d3234203d3e20323731373939.roa
Signing time:             Thu 28 Mar 2024 20:54:52 +0000
ROA not before:           Thu 28 Mar 2024 20:49:52 +0000
ROA not after:            Thu 27 Mar 2025 20:54:52 +0000
asID:                     271799
IP address blocks:        109.110.190.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:c5:3b:31:8b:0f:1a:31:5d:3a:06:d9:b3:26:29:ba:3f:94:7c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Mar 28 20:49:52 2024 GMT
            Not After : Mar 27 20:54:52 2025 GMT
        Subject: CN=2AED6A3938CD443CCCBE70520F89FF4E31A4561D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:54:1f:29:5b:ab:87:a0:27:c3:92:16:e9:89:
                    66:ff:12:99:4a:9c:60:13:4c:09:5e:98:03:88:a3:
                    79:28:0b:f7:a9:4d:06:c7:89:cf:86:e7:c8:d1:5a:
                    89:0d:06:67:b8:b9:b6:f0:79:12:23:bc:6b:72:0a:
                    1c:64:c9:2f:80:28:ca:63:2a:d0:4f:ba:26:b4:e8:
                    23:ec:3e:ba:72:fc:03:1a:fd:06:23:1c:da:fa:a4:
                    15:23:19:95:24:45:c4:2b:b1:02:22:a4:8b:8c:41:
                    3f:23:8c:67:c9:c0:14:83:8c:02:ee:73:9e:90:29:
                    d8:73:0f:26:e3:a3:a7:f2:61:9a:a9:c4:93:96:ff:
                    f8:2b:be:a7:ab:ca:be:fe:f4:74:47:47:77:a2:9d:
                    8b:e3:ae:4d:b4:b9:4f:d6:a5:35:3a:f5:df:21:45:
                    a3:ac:e3:1f:da:86:8e:87:23:ca:25:af:2c:fa:2f:
                    c9:fd:39:42:8c:99:5c:50:a2:5e:64:c4:5d:92:00:
                    e3:77:b6:ba:59:9c:5c:84:a3:04:cb:59:3c:eb:d4:
                    09:c6:c6:77:8d:36:8a:ed:3b:a2:e2:47:bb:cd:24:
                    6b:89:07:99:df:34:9d:ab:66:1d:31:ce:93:3d:80:
                    d8:64:1f:ca:bb:3e:df:61:7d:98:98:56:a4:62:0b:
                    5e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:ED:6A:39:38:CD:44:3C:CC:BE:70:52:0F:89:FF:4E:31:A4:56:1D
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3139302e302f32332d3234203d3e20323731373939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:c1:06:27:ca:79:c0:bb:5a:c8:93:72:47:51:fe:90:c3:57:
         49:b1:03:ea:9a:f6:a5:45:44:5c:1d:33:a2:6a:da:af:5e:92:
         46:98:3d:1c:8a:67:a9:c5:ad:d8:45:00:7f:e0:92:a3:ac:49:
         35:0b:71:e7:6b:55:f5:01:ce:07:93:f4:ab:24:a2:c1:7f:d3:
         7c:22:59:ca:9d:cf:0f:61:06:23:ac:6a:3c:79:3f:d3:93:5e:
         af:be:df:2f:67:e0:4a:ba:61:55:5c:e6:a5:4e:8a:6a:cd:dd:
         e2:36:8e:05:b8:f0:dc:26:a7:09:f5:eb:37:db:a4:e1:3b:07:
         cc:a2:95:80:cb:c6:5c:4e:02:c4:1e:1e:80:41:72:2f:40:1a:
         33:e4:1d:c8:a2:a7:4f:03:eb:d7:b2:b2:af:bd:8b:fa:cd:b5:
         9f:8a:48:96:95:63:91:d9:0c:d4:08:81:8e:83:cd:25:56:ed:
         a5:ea:94:26:91:04:d3:55:7b:45:5a:96:33:83:de:d9:07:e2:
         04:0a:a3:23:4c:8b:3b:a2:5f:08:b7:71:d5:24:80:d7:d3:e4:
         38:30:2e:d7:6c:32:bc:af:5b:04:b6:a7:d4:9d:8e:43:2d:54:
         5d:38:18:fa:4a:02:29:8c:93:86:07:e1:64:42:9d:0e:b6:84:
         16:ca:57:61
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUBsU7MYsPGjFdOgbZsyYpuj+UfHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDAzMjgyMDQ5NTJaFw0yNTAzMjcyMDU0NTJaMDMxMTAvBgNV
BAMTKDJBRUQ2QTM5MzhDRDQ0M0NDQ0JFNzA1MjBGODlGRjRFMzFBNDU2MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnVB8pW6uHoCfDkhbpiWb/EplK
nGATTAlemAOIo3koC/epTQbHic+G58jRWokNBme4ubbweRIjvGtyChxkyS+AKMpj
KtBPuia06CPsPrpy/AMa/QYjHNr6pBUjGZUkRcQrsQIipIuMQT8jjGfJwBSDjALu
c56QKdhzDybjo6fyYZqpxJOW//grvqeryr7+9HRHR3einYvjrk20uU/WpTU69d8h
RaOs4x/aho6HI8olryz6L8n9OUKMmVxQol5kxF2SAON3trpZnFyEowTLWTzr1AnG
xneNNortO6LiR7vNJGuJB5nfNJ2rZh0xzpM9gNhkH8q7Pt9hfZiYVqRiC17TAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUKu1qOTjNRDzMvnBSD4n/TjGkVh0wHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzkzMDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMyMzczMTM3MzkzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAW1uvjANBgkqhkiG9w0BAQsFAAOCAQEAFMEGJ8p5wLtayJNyR1H+kMNXSbED
6pr2pUVEXB0zomrar16SRpg9HIpnqcWt2EUAf+CSo6xJNQtx52tV9QHOB5P0qySi
wX/TfCJZyp3PD2EGI6xqPHk/05Ner77fL2fgSrphVVzmpU6Kas3d4jaOBbjw3Can
CfXrN9uk4TsHzKKVgMvGXE4CxB4egEFyL0AaM+QdyKKnTwPr17Kyr72L+s21n4pI
lpVjkdkM1AiBjoPNJVbtpeqUJpEE01V7RVqWM4Pe2QfiBAqjI0yLO6JfCLdx1SSA
19PkODAu12wyvK9bBLan1J2OQy1UXTgY+koCKYyThgfhZEKdDraEFspXYQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:58:16 2024 by rpki-client on console-ams.rpki-client.org