Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33382e35332e302f32342d3234203d3e20323132363039.roa
File:                     3139332e33382e35332e302f32342d3234203d3e20323132363039.roa (raw, json)
Hash identifier:          W1h+v8ZAHmHMY4NdHXLIICqaF7XWMXgzSxmkglaGJqQ=
Subject key identifier:   A9:EA:4F:F6:E6:E1:2A:5F:55:EE:34:83:8F:4E:15:F4:05:4C:A9:CB
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       015D56BAADA027B8375EBD317D9A16887F9A4104
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33382e35332e302f32342d3234203d3e20323132363039.roa
Signing time:             Wed 21 Feb 2024 19:05:13 +0000
ROA not before:           Wed 21 Feb 2024 19:00:13 +0000
ROA not after:            Wed 19 Feb 2025 19:05:13 +0000
asID:                     212609
IP address blocks:        193.38.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Dec 2024 20:20:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:5d:56:ba:ad:a0:27:b8:37:5e:bd:31:7d:9a:16:88:7f:9a:41:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:13 2024 GMT
            Not After : Feb 19 19:05:13 2025 GMT
        Subject: CN=A9EA4FF6E6E12A5F55EE34838F4E15F4054CA9CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e4:5f:0b:a3:4b:93:dc:2d:6a:3a:f2:28:31:
                    d3:bf:65:d7:e9:cd:8f:95:8d:72:6e:80:e0:5a:b7:
                    8b:cf:ca:88:9e:b0:22:75:d8:b0:42:33:b6:63:6b:
                    26:32:be:64:3b:f5:a2:27:59:1e:17:1d:3d:e3:ec:
                    36:45:83:93:40:82:84:73:53:cd:14:a0:16:c7:5c:
                    c0:d0:4d:c5:85:b8:f9:51:fb:d2:fd:68:41:55:75:
                    69:e1:a6:f5:79:ba:8a:e2:fd:01:9b:a7:1e:90:6e:
                    67:d5:a0:b5:3e:79:9f:c5:c3:2e:ac:1e:a3:20:27:
                    cb:91:2a:0f:98:1d:f2:ae:1d:f3:c6:32:12:07:b2:
                    ee:d6:75:b4:6c:3c:2a:74:06:25:08:14:a1:8e:c6:
                    d1:7d:03:ac:b0:9f:3e:8e:00:31:f9:0f:28:a7:af:
                    cb:5f:45:4f:88:e1:2e:b0:11:1c:08:1d:cf:ce:cb:
                    67:35:ec:f9:9f:cc:de:2e:3b:92:f8:2f:aa:ba:4d:
                    d0:07:72:0c:45:6f:53:1d:6e:45:5c:2d:f4:30:9b:
                    1b:30:99:d2:b4:e9:44:17:88:73:71:28:be:40:ba:
                    4e:9b:fd:d3:6a:71:5b:82:35:39:d3:67:3a:56:32:
                    b0:db:10:43:52:88:7b:9c:d5:97:01:93:d9:59:12:
                    cd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:EA:4F:F6:E6:E1:2A:5F:55:EE:34:83:8F:4E:15:F4:05:4C:A9:CB
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33382e35332e302f32342d3234203d3e20323132363039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:b0:bf:4c:79:49:43:fb:73:1a:c1:2c:1c:b5:a3:ab:c4:51:
         7a:2a:48:db:70:47:16:b6:4a:a5:04:05:ce:f7:47:21:6e:8c:
         5c:6c:58:09:67:b2:65:67:cf:98:40:14:f0:06:60:f6:4f:b8:
         dc:2b:fa:8c:b7:29:d4:96:0f:0d:f3:d7:e6:4d:33:74:d9:44:
         a1:ea:9b:e5:ff:34:fc:0f:29:b8:ab:a5:b1:1e:6d:a4:35:53:
         45:e4:3b:e2:5d:1d:43:7d:02:70:d8:7c:f0:e4:ed:8f:18:09:
         fb:60:ee:77:1e:a7:fe:f6:c4:74:86:57:3b:9d:63:c8:9a:a0:
         1e:bc:19:f2:59:0a:28:5b:dd:55:54:8f:de:96:bf:e3:e2:f5:
         30:ec:80:81:5e:56:62:4d:aa:dd:41:e5:af:74:4e:0d:eb:a0:
         7f:61:2a:28:bc:6b:d6:9f:54:a0:a2:72:72:f0:78:a7:25:74:
         76:6e:e6:55:bc:de:35:f1:47:d2:9b:73:30:71:00:ef:66:2a:
         c6:88:a3:d5:61:29:29:04:d7:f2:a7:7f:e5:ae:4d:58:fd:8c:
         c6:85:65:35:43:99:10:c9:99:63:d7:0b:69:24:66:35:14:84:
         91:c1:8e:9a:07:28:7c:f0:22:44:71:d8:d5:2b:48:10:72:e1:
         83:6a:50:fa
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUAV1Wuq2gJ7g3Xr0xfZoWiH+aQQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTNaFw0yNTAyMTkxOTA1MTNaMDMxMTAvBgNV
BAMTKEE5RUE0RkY2RTZFMTJBNUY1NUVFMzQ4MzhGNEUxNUY0MDU0Q0E5Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW5F8Lo0uT3C1qOvIoMdO/Zdfp
zY+VjXJugOBat4vPyoiesCJ12LBCM7ZjayYyvmQ79aInWR4XHT3j7DZFg5NAgoRz
U80UoBbHXMDQTcWFuPlR+9L9aEFVdWnhpvV5uori/QGbpx6QbmfVoLU+eZ/Fwy6s
HqMgJ8uRKg+YHfKuHfPGMhIHsu7WdbRsPCp0BiUIFKGOxtF9A6ywnz6OADH5Dyin
r8tfRU+I4S6wERwIHc/Oy2c17PmfzN4uO5L4L6q6TdAHcgxFb1MdbkVcLfQwmxsw
mdK06UQXiHNxKL5Auk6b/dNqcVuCNTnTZzpWMrDbEENSiHuc1ZcBk9lZEs2jAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUqepP9ubhKl9V7jSDj04V9AVMqcswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzOTMzMmUzMzM4MmUzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzYzMDM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wSY1MA0GCSqGSIb3DQEBCwUAA4IBAQANsL9MeUlD+3MawSwctaOrxFF6KkjbcEcW
tkqlBAXO90chboxcbFgJZ7JlZ8+YQBTwBmD2T7jcK/qMtynUlg8N89fmTTN02USh
6pvl/zT8Dym4q6WxHm2kNVNF5DviXR1DfQJw2Hzw5O2PGAn7YO53Hqf+9sR0hlc7
nWPImqAevBnyWQooW91VVI/elr/j4vUw7ICBXlZiTardQeWvdE4N66B/YSoovGvW
n1SgonJy8HinJXR2buZVvN418UfSm3MwcQDvZirGiKPVYSkpBNfyp3/lrk1Y/YzG
hWU1Q5kQyZlj1wtpJGY1FISRwY6aByh88CJEcdjVK0gQcuGDalD6
-----END CERTIFICATE-----
Generated at Wed Dec 11 05:43:53 2024 by rpki-client on console-ams.rpki-client.org