Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136312e302f32342d3234203d3e203631313132.roa
File:                     3139332e3234362e3136312e302f32342d3234203d3e203631313132.roa (raw, json)
Hash identifier:          dSRrehznyyAAM3ueG66pE/oqWbkUfruTwAQWvTx0IUE=
Subject key identifier:   AF:06:FE:73:44:76:D9:B1:14:73:C1:A7:9F:A1:AE:71:49:60:08:91
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       073A7E98A5A984ED36C7553F4C12CD4173AE5E3D
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136312e302f32342d3234203d3e203631313132.roa
Signing time:             Sun 24 Dec 2023 10:51:46 +0000
ROA not before:           Sun 24 Dec 2023 10:46:46 +0000
ROA not after:            Sun 22 Dec 2024 10:51:46 +0000
asID:                     61112
IP address blocks:        193.246.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:3a:7e:98:a5:a9:84:ed:36:c7:55:3f:4c:12:cd:41:73:ae:5e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Dec 24 10:46:46 2023 GMT
            Not After : Dec 22 10:51:46 2024 GMT
        Subject: CN=AF06FE734476D9B11473C1A79FA1AE7149600891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d0:f6:68:d7:32:33:5b:2a:75:c6:aa:50:43:
                    9a:09:dc:e3:2d:91:2b:0e:68:bf:ab:85:da:f8:18:
                    fa:8d:f7:ba:87:6d:cc:f9:d3:b7:df:ad:da:67:cc:
                    41:62:15:67:30:de:bd:65:0b:f7:c7:6e:71:f7:0f:
                    8a:25:12:c6:62:16:4b:4c:53:ff:27:73:8e:b8:0a:
                    1c:bf:53:fb:9a:cd:91:65:34:4c:18:27:ba:dc:7c:
                    90:32:bb:9c:19:b6:f3:c0:25:14:7a:25:57:f6:5f:
                    f2:96:ef:36:44:6d:81:41:33:1d:42:e4:bf:40:da:
                    fb:0d:51:87:74:7a:f9:f3:7d:ca:71:56:e5:60:c6:
                    54:52:da:3b:84:8f:90:ab:2b:99:bf:14:7f:d2:d7:
                    51:0c:1b:02:7b:b8:2d:61:3c:ca:e2:27:3a:38:e5:
                    b6:2a:8a:d0:57:8c:55:34:44:f9:4b:45:12:b3:c2:
                    66:f1:db:04:30:25:f2:96:06:4e:34:80:d5:5b:b9:
                    ae:36:bf:68:73:5b:8c:bf:fb:b8:c7:7f:c1:8d:2c:
                    56:a7:3d:b8:a4:f4:21:d3:cd:7b:73:e8:a9:db:e9:
                    93:06:03:08:52:68:1e:63:74:8d:69:00:66:ca:86:
                    3d:f9:10:3a:2e:7d:57:2a:1d:08:5d:91:a6:27:05:
                    ed:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:06:FE:73:44:76:D9:B1:14:73:C1:A7:9F:A1:AE:71:49:60:08:91
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136312e302f32342d3234203d3e203631313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:15:85:98:40:a7:9d:74:07:c8:82:2a:56:8a:7d:10:66:48:
         6f:ad:8d:1a:ca:e9:4c:c4:8a:0f:b8:a9:e5:4c:90:eb:5d:5d:
         67:fc:52:d9:a5:4b:b9:e9:0d:cb:ae:58:f3:1f:29:8f:c9:d5:
         94:3f:da:1f:ad:01:a4:9b:7f:0c:1c:1d:54:2f:6e:ec:08:c5:
         20:44:cf:4d:24:5b:c1:22:83:1a:a3:8c:5d:d6:f5:a9:6e:2b:
         a1:b0:27:5d:ac:dc:a7:de:52:7b:ac:16:af:99:38:e4:81:50:
         70:a6:b6:3e:b0:d4:34:74:73:22:43:36:fa:e5:e7:24:12:8a:
         38:25:b2:e9:54:0c:db:71:9e:03:b1:84:f6:42:6a:f1:9b:13:
         8f:f2:3d:0a:54:31:23:9a:9e:f2:cc:54:62:12:18:63:d0:fe:
         98:b7:bf:ee:56:3a:9e:9b:bc:4d:b8:74:69:54:61:f4:12:69:
         ad:3f:36:3e:a8:be:9e:b0:2d:22:0e:88:23:f0:9b:b1:b8:bc:
         ae:d5:db:7c:0c:e9:4d:b0:4a:80:7a:84:55:f4:99:48:4e:e3:
         5c:af:f7:ae:7b:55:86:1c:9c:b3:00:c2:63:bc:cf:de:d3:fd:
         db:ee:9e:4b:f6:b4:49:52:22:4c:28:06:d7:b7:37:ef:f5:61:
         15:24:69:bf
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUBzp+mKWphO02x1U/TBLNQXOuXj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yMzEyMjQxMDQ2NDZaFw0yNDEyMjIxMDUxNDZaMDMxMTAvBgNV
BAMTKEFGMDZGRTczNDQ3NkQ5QjExNDczQzFBNzlGQTFBRTcxNDk2MDA4OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg0PZo1zIzWyp1xqpQQ5oJ3OMt
kSsOaL+rhdr4GPqN97qHbcz507ffrdpnzEFiFWcw3r1lC/fHbnH3D4olEsZiFktM
U/8nc464Chy/U/uazZFlNEwYJ7rcfJAyu5wZtvPAJRR6JVf2X/KW7zZEbYFBMx1C
5L9A2vsNUYd0evnzfcpxVuVgxlRS2juEj5CrK5m/FH/S11EMGwJ7uC1hPMriJzo4
5bYqitBXjFU0RPlLRRKzwmbx2wQwJfKWBk40gNVbua42v2hzW4y/+7jHf8GNLFan
Pbik9CHTzXtz6Knb6ZMGAwhSaB5jdI1pAGbKhj35EDoufVcqHQhdkaYnBe2HAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUrwb+c0R22bEUc8Gnn6GucUlgCJEwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzOTMzMmUzMjM0MzYyZTMx
MzYzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMTMxMzIucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADB9qEwDQYJKoZIhvcNAQELBQADggEBADcVhZhAp510B8iCKlaKfRBmSG+tjRrK
6UzEig+4qeVMkOtdXWf8UtmlS7npDcuuWPMfKY/J1ZQ/2h+tAaSbfwwcHVQvbuwI
xSBEz00kW8EigxqjjF3W9aluK6GwJ12s3KfeUnusFq+ZOOSBUHCmtj6w1DR0cyJD
Nvrl5yQSijglsulUDNtxngOxhPZCavGbE4/yPQpUMSOanvLMVGISGGPQ/pi3v+5W
Op6bvE24dGlUYfQSaa0/Nj6ovp6wLSIOiCPwm7G4vK7V23wM6U2wSoB6hFX0mUhO
41yv9657VYYcnLMAwmO8z97T/dvunkv2tElSIkwoBte3N+/1YRUkab8=
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:58:16 2024 by rpki-client on console-ams.rpki-client.org