Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/3139332e39332e3135322e302f32342d3234203d3e20313939363134.roa
File:                     3139332e39332e3135322e302f32342d3234203d3e20313939363134.roa (raw, json)
Hash identifier:          jNaGJEHXg+vn+v2vVdhmJa1IVdEz/D1ggT5kvM1c0Hk=
Subject key identifier:   5E:8B:23:9A:86:68:1C:66:F1:B5:2C:97:07:BE:6C:82:49:CD:92:34
Certificate issuer:       /CN=f29fbab4db867f6bd9a7eff6aa55d98c162e1aad
Certificate serial:       52CD4EC4A04F7200DF3ECCC2F0384DDBB9978B
Authority key identifier: F2:9F:BA:B4:DB:86:7F:6B:D9:A7:EF:F6:AA:55:D9:8C:16:2E:1A:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8p-6tNuGf2vZp-_2qlXZjBYuGq0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/3139332e39332e3135322e302f32342d3234203d3e20313939363134.roa
Signing time:             Thu 31 Oct 2024 00:43:26 +0000
ROA not before:           Thu 31 Oct 2024 00:38:26 +0000
ROA not after:            Thu 30 Oct 2025 00:43:26 +0000
asID:                     199614
IP address blocks:        193.93.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/F29FBAB4DB867F6BD9A7EFF6AA55D98C162E1AAD.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/F29FBAB4DB867F6BD9A7EFF6AA55D98C162E1AAD.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8p-6tNuGf2vZp-_2qlXZjBYuGq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Dec 2024 22:37:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:cd:4e:c4:a0:4f:72:00:df:3e:cc:c2:f0:38:4d:db:b9:97:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f29fbab4db867f6bd9a7eff6aa55d98c162e1aad
        Validity
            Not Before: Oct 31 00:38:26 2024 GMT
            Not After : Oct 30 00:43:26 2025 GMT
        Subject: CN=5E8B239A86681C66F1B52C9707BE6C8249CD9234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5e:b7:90:bb:61:2f:9a:0d:8d:71:7c:37:56:
                    84:0a:9f:97:d6:67:7e:39:54:cd:b5:ff:33:d6:21:
                    b0:8b:b1:ba:bc:f3:5d:d6:49:3b:c9:63:67:ca:d5:
                    b9:70:a7:d0:58:a6:9b:e5:3b:1f:8c:52:86:a4:82:
                    9a:1f:ef:60:a2:d2:a2:f6:73:3e:b2:0d:f9:4a:ec:
                    21:04:81:bd:39:a3:ed:f9:5c:0f:72:f6:d2:a9:3d:
                    83:61:1d:2b:04:47:c5:f6:42:be:33:e6:f9:55:93:
                    64:5f:24:ea:cf:3f:bd:7f:e0:c7:cd:43:bc:a3:20:
                    86:23:bd:8e:cd:9a:c3:8a:10:56:6b:c8:67:19:c8:
                    52:d7:ea:bc:cc:7b:ff:e0:c7:e3:37:89:86:10:93:
                    95:d8:75:9e:6b:ae:d7:79:c4:5b:0b:62:a1:fc:eb:
                    bd:3c:6d:0a:2f:50:03:d5:9f:77:d5:bc:34:56:01:
                    b9:c8:a7:9b:e9:21:42:07:3c:63:c9:ee:b4:90:13:
                    d7:9b:b2:07:06:1c:01:bb:c5:85:c5:95:9a:63:42:
                    04:44:4d:4a:1a:1c:72:8a:37:50:cc:d2:96:06:77:
                    b0:94:8a:27:2a:b0:20:ab:d1:0f:7d:b7:5a:42:8e:
                    bc:ff:db:14:12:7e:53:7c:78:54:9d:4a:0e:af:64:
                    a0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:8B:23:9A:86:68:1C:66:F1:B5:2C:97:07:BE:6C:82:49:CD:92:34
            X509v3 Authority Key Identifier:
                keyid:F2:9F:BA:B4:DB:86:7F:6B:D9:A7:EF:F6:AA:55:D9:8C:16:2E:1A:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/F29FBAB4DB867F6BD9A7EFF6AA55D98C162E1AAD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8p-6tNuGf2vZp-_2qlXZjBYuGq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf52d814-3d2f-4df4-8140-dfb530f74912/0/3139332e39332e3135322e302f32342d3234203d3e20313939363134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:6c:a0:79:d4:83:e7:83:a1:6b:95:a8:53:43:c5:60:2b:8d:
         d4:74:27:70:62:3b:69:f0:83:e1:bc:0c:80:3d:11:e7:cf:df:
         f4:96:46:6e:0b:4d:98:28:b4:4c:23:9c:81:ea:0e:d3:09:b9:
         00:fd:6a:f4:bc:ac:a0:47:7a:34:66:3b:3d:a2:08:c7:3c:20:
         1e:8c:06:9e:3c:4d:8d:55:14:e7:a9:ec:20:e8:1f:46:e4:de:
         0b:93:95:49:cf:43:b4:2c:21:bd:6c:c1:d8:27:03:71:d4:55:
         4d:25:08:98:2c:43:fe:92:a8:9a:98:03:a3:9a:1d:c2:49:b4:
         55:28:7e:8d:ce:6c:31:d7:1c:9a:11:21:25:bb:9c:67:99:d7:
         cd:7e:85:38:51:f8:8e:43:17:f0:77:d1:3c:7d:4d:db:4c:24:
         a7:42:33:a1:0b:6d:6b:6a:3c:62:fc:98:1b:22:05:56:19:95:
         a9:24:a4:45:e0:33:0c:2e:ad:d3:50:75:31:43:09:51:90:fd:
         39:63:ac:92:99:7a:c6:40:93:de:a7:f3:4d:31:c6:96:25:5e:
         7b:83:69:77:a4:f7:22:fb:c1:4f:ee:4a:09:0b:9b:55:75:f3:
         9b:e6:94:82:50:a8:0f:d8:5f:5c:76:18:e3:3c:84:c4:76:aa:
         a6:38:8b:90
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgITUs1OxKBPcgDfPszC8DhN27mXizANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyhmMjlmYmFiNGRiODY3ZjZiZDlhN2VmZjZhYTU1ZDk4YzE2
MmUxYWFkMB4XDTI0MTAzMTAwMzgyNloXDTI1MTAzMDAwNDMyNlowMzExMC8GA1UE
AxMoNUU4QjIzOUE4NjY4MUM2NkYxQjUyQzk3MDdCRTZDODI0OUNEOTIzNDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9et5C7YS+aDY1xfDdWhAqfl9Zn
fjlUzbX/M9YhsIuxurzzXdZJO8ljZ8rVuXCn0Fimm+U7H4xShqSCmh/vYKLSovZz
PrIN+UrsIQSBvTmj7flcD3L20qk9g2EdKwRHxfZCvjPm+VWTZF8k6s8/vX/gx81D
vKMghiO9js2aw4oQVmvIZxnIUtfqvMx7/+DH4zeJhhCTldh1nmuu13nEWwtiofzr
vTxtCi9QA9Wfd9W8NFYBucinm+khQgc8Y8nutJAT15uyBwYcAbvFhcWVmmNCBERN
Shoccoo3UMzSlgZ3sJSKJyqwIKvRD323WkKOvP/bFBJ+U3x4VJ1KDq9koM0CAwEA
AaOCAj8wggI7MB0GA1UdDgQWBBReiyOahmgcZvG1LJcHvmyCSc2SNDAfBgNVHSME
GDAWgBTyn7q024Z/a9mn7/aqVdmMFi4arTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9iZjUyZDgxNC0zZDJmLTRkZjQtODE0MC1kZmI1MzBmNzQ5
MTIvMC9GMjlGQkFCNERCODY3RjZCRDlBN0VGRjZBQTU1RDk4QzE2MkUxQUFELmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOHAtNnROdUdmMnZacC1fMnFsWFpqQll1
R3EwLmNlcjCBrwYIKwYBBQUHAQsEgaIwgZ8wgZwGCCsGAQUFBzALhoGPcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9iZjUyZDgxNC0z
ZDJmLTRkZjQtODE0MC1kZmI1MzBmNzQ5MTIvMC8zMTM5MzMyZTM5MzMyZTMxMzUz
MjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzOTM2MzEzNC5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AMFdmDANBgkqhkiG9w0BAQsFAAOCAQEAE2ygedSD54Oha5WoU0PFYCuN1HQncGI7
afCD4bwMgD0R58/f9JZGbgtNmCi0TCOcgeoO0wm5AP1q9LysoEd6NGY7PaIIxzwg
HowGnjxNjVUU56nsIOgfRuTeC5OVSc9DtCwhvWzB2CcDcdRVTSUImCxD/pKompgD
o5odwkm0VSh+jc5sMdccmhEhJbucZ5nXzX6FOFH4jkMX8HfRPH1N20wkp0IzoQtt
a2o8YvyYGyIFVhmVqSSkReAzDC6t01B1MUMJUZD9OWOskpl6xkCT3qfzTTHGliVe
e4Npd6T3IvvBT+5KCQubVXXzm+aUglCoD9hfXHYY4zyExHaqpjiLkA==
-----END CERTIFICATE-----
Generated at Thu Dec 12 05:39:43 2024 by rpki-client on console-fra.rpki-client.org