Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136352e302f32342d3234203d3e20323135373237.roa
File:                     3139332e3234362e3136352e302f32342d3234203d3e20323135373237.roa (raw, json)
Hash identifier:          W5AfQNytRxHIdmSnVMxJz9DrQcmqASwcUfc2R62hD7I=
Subject key identifier:   D6:88:3B:A0:DC:C6:22:82:7E:07:5D:00:E8:70:40:51:5B:EC:4A:D8
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       3411FB86334563B45EDF87EE39AABBADD2F4605B
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136352e302f32342d3234203d3e20323135373237.roa
Signing time:             Sun 14 Jan 2024 16:44:53 +0000
ROA not before:           Sun 14 Jan 2024 16:39:53 +0000
ROA not after:            Sun 12 Jan 2025 16:44:53 +0000
asID:                     215727
IP address blocks:        193.246.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:11:fb:86:33:45:63:b4:5e:df:87:ee:39:aa:bb:ad:d2:f4:60:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Jan 14 16:39:53 2024 GMT
            Not After : Jan 12 16:44:53 2025 GMT
        Subject: CN=D6883BA0DCC622827E075D00E87040515BEC4AD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:eb:e4:d4:9e:7c:2b:71:26:0d:32:a6:e8:4a:
                    0d:61:1e:d0:a0:48:42:d9:3e:90:33:68:8d:b8:3e:
                    6e:82:0d:1e:a9:13:c7:b0:6f:9a:8c:0d:e9:d9:1b:
                    78:e9:90:cf:fc:d4:a8:00:f9:34:3e:55:a8:ea:38:
                    6f:cf:c7:c3:e3:60:10:dc:1c:43:1e:96:37:5f:78:
                    0d:8a:c3:b8:7a:88:97:40:7f:ab:5f:4c:78:0c:12:
                    a7:f3:b7:ed:6d:58:f1:d0:b1:3a:7c:98:08:bc:b5:
                    1c:4a:90:8f:ec:db:32:00:fc:b2:38:f8:5b:74:f1:
                    96:59:33:ff:96:9b:bb:ae:f9:19:b7:f4:2f:23:53:
                    17:b4:df:3a:57:d6:68:b4:c4:b2:5e:d8:4c:c5:e7:
                    69:81:1b:ce:c7:c8:40:52:42:8a:b9:fc:39:8a:52:
                    6d:28:8d:0f:7a:d9:9b:d3:f3:d5:10:21:31:fc:f6:
                    71:d1:f4:97:2f:1d:75:03:4c:dd:2a:5d:bc:dc:57:
                    2e:8c:a2:a5:16:44:88:c3:ee:1c:3f:33:bd:e3:f1:
                    98:46:7a:d8:f9:6a:c9:ce:5f:bf:67:f8:1e:11:1f:
                    f7:d9:14:34:11:f0:8e:91:f6:13:40:29:fa:96:1e:
                    81:e0:95:97:67:62:b8:bc:4d:93:1d:88:4d:77:65:
                    3d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:88:3B:A0:DC:C6:22:82:7E:07:5D:00:E8:70:40:51:5B:EC:4A:D8
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136352e302f32342d3234203d3e20323135373237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:df:32:ba:c9:79:fa:ef:59:34:b0:42:a6:47:9a:98:c5:99:
         3a:6d:20:95:b9:0f:66:b9:27:ea:0b:ce:30:58:00:08:f2:b5:
         5b:dd:ee:4f:63:00:bd:af:3d:22:2a:55:12:1b:0c:fe:6b:18:
         7f:fa:3c:d7:e2:fe:f5:81:4b:eb:f9:03:74:33:43:b9:59:13:
         a5:ff:48:08:9c:32:e5:1e:91:5e:95:1d:8c:0d:76:f7:36:5e:
         3c:a2:4a:3c:b2:78:d1:b9:72:15:98:c7:05:06:46:b1:ef:02:
         68:51:f4:77:24:33:80:37:4e:65:10:89:18:d4:0b:3b:0a:a2:
         41:59:76:55:11:db:3b:72:64:86:4d:aa:ac:10:a8:fc:e8:ad:
         cc:fe:6f:0e:1c:9b:0d:a8:24:e8:58:93:c7:1e:c7:fe:1f:a6:
         12:ad:95:eb:44:c7:6d:dd:b6:d4:b3:eb:25:ef:23:65:b3:32:
         e7:98:e6:ad:00:73:8e:08:ae:d3:9a:5d:57:e7:b5:34:37:2a:
         48:b6:4e:52:3c:14:fe:3a:60:67:5c:8e:3f:bd:0e:33:50:31:
         eb:59:65:f6:a4:65:be:71:ed:40:51:de:05:18:aa:f7:03:2b:
         9a:3e:bf:b5:41:9f:c0:2d:93:e3:2d:38:b8:96:9a:cd:2a:c1:
         c2:93:0f:bd
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUNBH7hjNFY7Re34fuOaq7rdL0YFswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDAxMTQxNjM5NTNaFw0yNTAxMTIxNjQ0NTNaMDMxMTAvBgNV
BAMTKEQ2ODgzQkEwRENDNjIyODI3RTA3NUQwMEU4NzA0MDUxNUJFQzRBRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD86+TUnnwrcSYNMqboSg1hHtCg
SELZPpAzaI24Pm6CDR6pE8ewb5qMDenZG3jpkM/81KgA+TQ+VajqOG/Px8PjYBDc
HEMeljdfeA2Kw7h6iJdAf6tfTHgMEqfzt+1tWPHQsTp8mAi8tRxKkI/s2zIA/LI4
+Ft08ZZZM/+Wm7uu+Rm39C8jUxe03zpX1mi0xLJe2EzF52mBG87HyEBSQoq5/DmK
Um0ojQ962ZvT89UQITH89nHR9JcvHXUDTN0qXbzcVy6MoqUWRIjD7hw/M73j8ZhG
etj5asnOX79n+B4RH/fZFDQR8I6R9hNAKfqWHoHglZdnYri8TZMdiE13ZT2zAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU1og7oNzGIoJ+B10A6HBAUVvsStgwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzOTMzMmUzMjM0MzYyZTMx
MzYzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTM3MzIzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMH2pTANBgkqhkiG9w0BAQsFAAOCAQEAVN8yusl5+u9ZNLBCpkeamMWZOm0g
lbkPZrkn6gvOMFgACPK1W93uT2MAva89IipVEhsM/msYf/o81+L+9YFL6/kDdDND
uVkTpf9ICJwy5R6RXpUdjA129zZePKJKPLJ40blyFZjHBQZGse8CaFH0dyQzgDdO
ZRCJGNQLOwqiQVl2VRHbO3Jkhk2qrBCo/OitzP5vDhybDagk6FiTxx7H/h+mEq2V
60THbd221LPrJe8jZbMy55jmrQBzjgiu05pdV+e1NDcqSLZOUjwU/jpgZ1yOP70O
M1Ax61ll9qRlvnHtQFHeBRiq9wMrmj6/tUGfwC2T4y04uJaazSrBwpMPvQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:40 2024 by rpki-client on console-fra.rpki-client.org