Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e35372e3136362e302f32342d3234203d3e20323132323338.roa
File:                     3139332e35372e3136362e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          TKzHkE5brOv+Ymj1t1OQ0nwk6zZgZ+UJVub+EA0zWoY=
Subject key identifier:   FE:CF:BB:A8:3B:A9:A8:95:F6:EF:B3:F9:E3:DF:B6:49:AB:00:B0:55
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       3DEF84C1425BFCE627A5EACE2A9240544899D3D0
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e35372e3136362e302f32342d3234203d3e20323132323338.roa
Signing time:             Fri 22 Dec 2023 07:34:05 +0000
ROA not before:           Fri 22 Dec 2023 07:29:05 +0000
ROA not after:            Fri 20 Dec 2024 07:34:05 +0000
asID:                     212238
IP address blocks:        193.57.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:ef:84:c1:42:5b:fc:e6:27:a5:ea:ce:2a:92:40:54:48:99:d3:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Dec 22 07:29:05 2023 GMT
            Not After : Dec 20 07:34:05 2024 GMT
        Subject: CN=FECFBBA83BA9A895F6EFB3F9E3DFB649AB00B055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:96:5f:9f:72:e0:0a:2e:a9:09:5e:7f:cd:d3:
                    a6:b6:2b:fc:d3:1c:41:00:1f:4d:71:11:79:3e:f5:
                    25:a9:15:1c:0a:4e:44:57:84:83:b4:53:82:a6:d1:
                    2d:19:a4:80:27:c1:7c:15:94:ae:18:a6:ea:15:63:
                    b1:5c:44:a3:98:b2:a3:3b:c0:5e:63:51:02:38:f5:
                    14:e5:10:ca:9f:5e:b6:0b:5d:0a:3c:05:68:1f:34:
                    c0:7d:9a:ae:4d:27:14:11:64:25:2d:a3:6b:84:0f:
                    4e:26:70:8b:a5:ae:8e:e7:e3:84:4a:ee:5f:74:2c:
                    8d:66:b8:6f:2c:11:e8:54:56:6d:2c:7a:6b:f6:ba:
                    d6:f1:e3:ea:40:da:48:97:a0:c7:77:76:2e:62:83:
                    6f:dc:6a:e4:58:ff:c6:e4:f2:49:d5:bc:c2:e4:9d:
                    23:8f:32:2f:34:d8:9c:93:5e:9f:c5:f6:1e:a3:29:
                    19:7b:d6:d3:dc:0f:99:eb:c2:b0:0c:f1:72:f9:f7:
                    af:77:37:0d:3c:d8:a8:d7:e6:f3:58:d1:c4:44:19:
                    5c:cc:e9:42:e6:61:c9:39:1b:f6:54:90:b0:0e:ab:
                    c0:1c:5b:77:ba:21:4e:fe:ad:b6:9e:ca:0d:27:2b:
                    26:cf:27:d8:83:ac:55:77:3a:5b:d3:8e:d0:43:73:
                    2f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:CF:BB:A8:3B:A9:A8:95:F6:EF:B3:F9:E3:DF:B6:49:AB:00:B0:55
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e35372e3136362e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:c8:85:8a:d6:f9:c3:72:22:85:de:c1:b9:51:6a:98:47:3c:
         86:b2:db:72:34:08:d4:db:68:36:72:c6:7a:24:d3:bb:7b:9a:
         e4:09:86:af:f5:5a:09:fd:f9:6b:df:19:4d:da:8c:e4:4a:03:
         3a:9d:d1:40:75:96:3d:46:a6:95:66:94:e9:53:b7:fe:45:58:
         b3:bc:28:e1:10:39:f7:6d:7d:6d:c2:75:ca:c2:a9:b7:7d:d4:
         f2:ef:12:ce:3c:7c:23:3e:9d:5e:ed:2e:c3:86:c4:50:b9:0b:
         c0:10:c6:51:cc:6a:2d:f8:d6:f9:fd:70:a0:6b:de:80:cc:58:
         cc:61:67:bb:ff:17:82:67:16:8a:c5:9d:f4:2a:63:4a:1c:cc:
         c7:29:16:64:d3:dd:ee:f3:94:41:18:89:bd:cf:28:bf:58:37:
         4c:37:fa:4c:86:ee:2f:3b:24:59:73:83:31:18:99:92:01:42:
         c3:8c:b0:28:4b:73:7e:4e:44:ab:3d:da:b7:17:92:61:2e:1c:
         28:c5:3d:34:18:9f:2e:88:04:af:90:89:9c:4e:95:3c:4b:10:
         c2:58:09:b7:08:4e:d3:5b:71:dc:e4:0d:ff:f1:cb:34:4c:26:
         5a:29:20:e2:81:fb:d0:21:8d:b3:47:91:db:b7:05:f0:80:a8:
         2f:ff:1d:8c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUPe+EwUJb/OYnperOKpJAVEiZ09AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzEyMjIwNzI5MDVaFw0yNDEyMjAwNzM0MDVaMDMxMTAvBgNV
BAMTKEZFQ0ZCQkE4M0JBOUE4OTVGNkVGQjNGOUUzREZCNjQ5QUIwMEIwNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRll+fcuAKLqkJXn/N06a2K/zT
HEEAH01xEXk+9SWpFRwKTkRXhIO0U4Km0S0ZpIAnwXwVlK4YpuoVY7FcRKOYsqM7
wF5jUQI49RTlEMqfXrYLXQo8BWgfNMB9mq5NJxQRZCUto2uED04mcIulro7n44RK
7l90LI1muG8sEehUVm0semv2utbx4+pA2kiXoMd3di5ig2/cauRY/8bk8knVvMLk
nSOPMi802JyTXp/F9h6jKRl71tPcD5nrwrAM8XL59693Nw082KjX5vNY0cREGVzM
6ULmYck5G/ZUkLAOq8AcW3e6IU7+rbaeyg0nKybPJ9iDrFV3OlvTjtBDcy9RAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU/s+7qDupqJX277P549+2SasAsFUwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzOTMzMmUzNTM3MmUzMTM2
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBOaYwDQYJKoZIhvcNAQELBQADggEBAJnIhYrW+cNyIoXewblRaphHPIay23I0
CNTbaDZyxnok07t7muQJhq/1Wgn9+WvfGU3ajORKAzqd0UB1lj1GppVmlOlTt/5F
WLO8KOEQOfdtfW3CdcrCqbd91PLvEs48fCM+nV7tLsOGxFC5C8AQxlHMai341vn9
cKBr3oDMWMxhZ7v/F4JnForFnfQqY0oczMcpFmTT3e7zlEEYib3PKL9YN0w3+kyG
7i87JFlzgzEYmZIBQsOMsChLc35ORKs92rcXkmEuHCjFPTQYny6IBK+QiZxOlTxL
EMJYCbcITtNbcdzkDf/xyzRMJlopIOKB+9AhjbNHkdu3BfCAqC//HYw=
-----END CERTIFICATE-----
Generated at Thu Nov 21 13:55:50 2024 by rpki-client on console-fra.rpki-client.org