Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136352e302f32342d3234203d3e2035353131.roa
File:                     3139332e3234362e3136352e302f32342d3234203d3e2035353131.roa (raw, json)
Hash identifier:          NZf8m0EgOC7EMYtUd0vP6J4hYdRs1T6yQW13yb0E3eg=
Subject key identifier:   0E:53:38:9D:F4:75:14:61:63:68:1C:55:DC:32:B9:E7:81:65:2B:F8
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       19A7D4FCD31E1FFA5561CBC0BB36FDDB64096963
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136352e302f32342d3234203d3e2035353131.roa
Signing time:             Tue 20 Feb 2024 14:15:56 +0000
ROA not before:           Tue 20 Feb 2024 14:10:56 +0000
ROA not after:            Tue 18 Feb 2025 14:15:56 +0000
asID:                     5511
IP address blocks:        193.246.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:a7:d4:fc:d3:1e:1f:fa:55:61:cb:c0:bb:36:fd:db:64:09:69:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Feb 20 14:10:56 2024 GMT
            Not After : Feb 18 14:15:56 2025 GMT
        Subject: CN=0E53389DF475146163681C55DC32B9E781652BF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8a:49:76:64:15:41:60:7a:68:2d:ce:1e:66:
                    f2:51:95:45:a9:25:f0:d6:22:2a:df:ca:79:2f:2d:
                    8c:d5:38:ee:74:eb:3a:bb:c1:a6:2a:ad:e1:d4:98:
                    f1:a0:aa:10:37:5a:31:26:03:38:c9:90:0b:a0:35:
                    de:3f:df:ab:58:58:e6:25:df:ee:d9:13:20:f3:73:
                    62:77:80:6a:7a:e7:3c:62:17:05:f4:00:01:3f:b6:
                    a1:4d:aa:b1:f3:48:d4:36:eb:21:26:f6:64:71:bc:
                    37:db:51:16:b3:11:4f:64:0b:5f:88:e4:ad:32:e3:
                    d1:a0:b8:19:9e:cf:f9:e2:39:9c:e2:7b:5f:31:d8:
                    c6:71:cb:a1:9b:13:36:01:3b:b9:fa:50:86:a2:92:
                    39:ba:00:f0:54:d4:8d:9e:19:22:33:94:c7:9a:b6:
                    4b:bb:b6:7d:65:41:be:60:8a:85:f7:7d:d6:8a:ff:
                    07:dc:62:cf:da:06:89:2d:40:9e:ae:40:50:40:09:
                    e6:20:b7:a5:68:5f:95:e6:29:f2:f6:64:70:b7:10:
                    5f:2d:4a:5f:bd:5f:c0:0b:2d:56:5c:ee:98:95:7e:
                    f6:5d:4e:e5:60:58:ee:9a:61:a6:e6:37:db:7c:50:
                    1d:9f:a9:f9:f1:1c:68:ae:69:26:09:07:5d:9e:e5:
                    db:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:53:38:9D:F4:75:14:61:63:68:1C:55:DC:32:B9:E7:81:65:2B:F8
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3139332e3234362e3136352e302f32342d3234203d3e2035353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:d4:3e:11:3f:87:0b:f8:df:cb:e6:79:90:52:ef:3b:ba:90:
         ff:6d:8f:77:f1:28:18:d7:c3:70:13:76:c7:5c:f8:8f:d9:9b:
         85:45:34:c2:9e:0a:a6:57:e2:af:84:6f:9a:9f:d6:f6:3b:c4:
         45:fb:24:2d:82:3e:ab:e5:98:31:3c:76:a5:bb:58:fa:48:28:
         92:1c:23:98:58:29:bd:e1:1b:6a:b4:7d:81:b2:53:b1:54:43:
         ff:db:50:4c:8a:0d:a1:48:e2:b7:84:5c:f8:18:83:5c:e4:38:
         f0:19:51:cd:24:37:6a:4d:14:ad:f8:4c:bc:90:b9:c5:9a:12:
         c9:8a:96:17:61:ab:7b:01:7f:e3:61:8a:6d:07:eb:bf:bc:39:
         a2:a6:2c:6a:1f:a3:4d:b0:ac:46:16:16:d3:40:8f:fb:43:a6:
         d0:f2:3c:8a:ec:91:47:4b:79:80:d2:d2:da:70:d0:a9:1c:05:
         4f:c9:4a:7e:59:a5:26:30:e2:5b:59:bc:02:72:d1:aa:c1:b9:
         e8:16:ba:f7:c0:db:7f:61:ee:76:f6:d2:00:db:89:e2:d4:0e:
         38:c7:c0:32:f6:96:c3:b4:44:45:ac:bd:af:10:70:5d:bf:1c:
         f5:cc:28:38:63:02:bd:71:ac:de:12:17:2f:af:c9:cf:44:ec:
         e3:b4:07:58
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGafU/NMeH/pVYcvAuzb922QJaWMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDAyMjAxNDEwNTZaFw0yNTAyMTgxNDE1NTZaMDMxMTAvBgNV
BAMTKDBFNTMzODlERjQ3NTE0NjE2MzY4MUM1NURDMzJCOUU3ODE2NTJCRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeikl2ZBVBYHpoLc4eZvJRlUWp
JfDWIirfynkvLYzVOO506zq7waYqreHUmPGgqhA3WjEmAzjJkAugNd4/36tYWOYl
3+7ZEyDzc2J3gGp65zxiFwX0AAE/tqFNqrHzSNQ26yEm9mRxvDfbURazEU9kC1+I
5K0y49GguBmez/niOZzie18x2MZxy6GbEzYBO7n6UIaikjm6APBU1I2eGSIzlMea
tku7tn1lQb5gioX3fdaK/wfcYs/aBoktQJ6uQFBACeYgt6VoX5XmKfL2ZHC3EF8t
Sl+9X8ALLVZc7piVfvZdTuVgWO6aYabmN9t8UB2fqfnxHGiuaSYJB12e5dv5AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUDlM4nfR1FGFjaBxV3DK554FlK/gwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzOTMzMmUzMjM0MzYyZTMx
MzYzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzUzMTMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wfalMA0GCSqGSIb3DQEBCwUAA4IBAQCW1D4RP4cL+N/L5nmQUu87upD/bY938SgY
18NwE3bHXPiP2ZuFRTTCngqmV+KvhG+an9b2O8RF+yQtgj6r5ZgxPHalu1j6SCiS
HCOYWCm94RtqtH2BslOxVEP/21BMig2hSOK3hFz4GINc5DjwGVHNJDdqTRSt+Ey8
kLnFmhLJipYXYat7AX/jYYptB+u/vDmipixqH6NNsKxGFhbTQI/7Q6bQ8jyK7JFH
S3mA0tLacNCpHAVPyUp+WaUmMOJbWbwCctGqwbnoFrr3wNt/Ye529tIA24ni1A44
x8Ay9pbDtERFrL2vEHBdvxz1zCg4YwK9cazeEhcvr8nPROzjtAdY
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:40 2024 by rpki-client on console-fra.rpki-client.org