Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d08bc49d-0338-4b5f-8204-0004a66105c9/0/3139332e3230312e37322e302f32342d3234203d3e20313439343537.roa
File:                     3139332e3230312e37322e302f32342d3234203d3e20313439343537.roa (raw, json)
Hash identifier:          IP0uzV9rWd0ZorOSj1B8b/iGZQUw5ZtYHISrcsa/oKg=
Subject key identifier:   32:74:6E:75:48:94:50:0B:0D:C0:C2:A6:0E:96:3D:83:1A:EE:4D:A2
Certificate issuer:       /CN=5511f6d7def4c0ffb6e2b3b3f0c4455dcd14c160
Certificate serial:       1A5160AA1E0F6E92B83D9FC12513B232DF44FAB5
Authority key identifier: 55:11:F6:D7:DE:F4:C0:FF:B6:E2:B3:B3:F0:C4:45:5D:CD:14:C1:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VRH21970wP-24rOz8MRFXc0UwWA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d08bc49d-0338-4b5f-8204-0004a66105c9/0/3139332e3230312e37322e302f32342d3234203d3e20313439343537.roa
Signing time:             Mon 08 Jan 2024 09:08:01 +0000
ROA not before:           Mon 08 Jan 2024 09:03:01 +0000
ROA not after:            Mon 06 Jan 2025 09:08:01 +0000
asID:                     149457
IP address blocks:        193.201.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d08bc49d-0338-4b5f-8204-0004a66105c9/0/5511F6D7DEF4C0FFB6E2B3B3F0C4455DCD14C160.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d08bc49d-0338-4b5f-8204-0004a66105c9/0/5511F6D7DEF4C0FFB6E2B3B3F0C4455DCD14C160.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VRH21970wP-24rOz8MRFXc0UwWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:51:60:aa:1e:0f:6e:92:b8:3d:9f:c1:25:13:b2:32:df:44:fa:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5511f6d7def4c0ffb6e2b3b3f0c4455dcd14c160
        Validity
            Not Before: Jan  8 09:03:01 2024 GMT
            Not After : Jan  6 09:08:01 2025 GMT
        Subject: CN=32746E754894500B0DC0C2A60E963D831AEE4DA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:00:43:f0:e1:74:be:0e:1b:6c:82:9c:af:72:
                    58:04:53:07:16:4c:eb:c6:4d:0a:fd:37:69:df:01:
                    98:2a:8e:51:08:1a:84:c0:fa:79:30:84:76:74:32:
                    5c:4e:9f:b8:5e:07:a2:cb:0d:6c:3b:7d:34:35:f0:
                    a5:58:e8:5c:07:79:48:29:eb:02:2f:5a:d0:fe:4d:
                    51:c1:eb:7e:54:ed:9e:42:a9:51:70:4d:3d:f1:82:
                    d3:ba:c6:e7:b3:bb:6e:7f:13:5c:99:ea:4c:25:52:
                    dc:65:0e:a4:1e:2f:96:dd:b1:a1:01:db:64:9f:78:
                    60:62:37:b4:ce:c8:19:25:12:16:4c:66:a0:05:32:
                    b0:d5:7d:c4:2d:1a:1c:9e:8e:c6:12:dc:6d:e6:16:
                    c0:7d:b5:25:80:1b:79:25:33:96:85:75:28:4b:94:
                    7b:b9:61:42:bd:fd:8c:a1:59:ba:fd:1c:b6:fd:d2:
                    ca:40:1d:ea:0a:7b:d1:d7:6a:63:6d:43:b4:ce:f4:
                    8d:2d:4e:85:da:b6:09:aa:db:a5:5f:31:da:ac:6e:
                    4d:5a:24:35:8a:37:e9:51:5b:0e:0a:4d:f0:50:bd:
                    e4:83:8e:cf:b3:82:ca:0d:39:a3:cb:41:86:d9:dc:
                    c3:18:d9:9e:67:1d:ef:29:9a:c2:18:87:cf:91:a6:
                    f0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:74:6E:75:48:94:50:0B:0D:C0:C2:A6:0E:96:3D:83:1A:EE:4D:A2
            X509v3 Authority Key Identifier:
                keyid:55:11:F6:D7:DE:F4:C0:FF:B6:E2:B3:B3:F0:C4:45:5D:CD:14:C1:60

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d08bc49d-0338-4b5f-8204-0004a66105c9/0/5511F6D7DEF4C0FFB6E2B3B3F0C4455DCD14C160.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VRH21970wP-24rOz8MRFXc0UwWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d08bc49d-0338-4b5f-8204-0004a66105c9/0/3139332e3230312e37322e302f32342d3234203d3e20313439343537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:20:c0:92:8b:0a:0a:09:29:37:58:a9:4f:92:83:dc:10:c6:
         fb:28:7d:57:2a:7b:04:95:27:23:8d:c3:77:0a:81:f5:10:09:
         8c:ba:45:48:46:c1:93:c0:15:30:6e:d3:d2:f8:b5:1f:68:a4:
         df:41:8b:ea:39:2b:c6:27:16:ef:d5:04:2d:b1:83:85:4b:3a:
         57:c7:29:cf:ce:53:75:83:49:54:9d:62:e4:9d:4c:ca:6c:12:
         c9:a3:91:1e:67:33:0a:05:0a:0d:27:72:32:9e:5d:49:57:13:
         33:c9:5e:9e:98:bb:7d:a8:5b:d5:fb:f8:ad:1e:08:09:9d:40:
         06:5b:ef:28:37:97:c9:e8:f4:ca:1e:b6:cb:ed:40:be:93:31:
         80:bb:3c:48:ab:e6:2e:80:b3:d4:c1:a0:f5:da:02:00:f6:8e:
         c3:9b:08:12:53:83:56:ae:e7:ed:e3:1c:9e:f1:cf:db:b1:66:
         fc:33:9d:4c:be:cf:31:ae:38:53:e3:4f:e0:a3:6a:63:63:81:
         da:42:98:53:81:e2:10:52:6c:be:35:03:1e:ec:d5:a2:6b:c6:
         f9:37:4d:c9:ae:84:86:d1:5a:bf:29:e0:f8:67:2f:04:18:9d:
         f2:93:59:38:ff:c5:fe:c0:6d:48:c0:96:d6:f6:8c:12:39:67:
         43:12:14:0e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUGlFgqh4PbpK4PZ/BJROyMt9E+rUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTUxMWY2ZDdkZWY0YzBmZmI2ZTJiM2IzZjBjNDQ1NWRj
ZDE0YzE2MDAeFw0yNDAxMDgwOTAzMDFaFw0yNTAxMDYwOTA4MDFaMDMxMTAvBgNV
BAMTKDMyNzQ2RTc1NDg5NDUwMEIwREMwQzJBNjBFOTYzRDgzMUFFRTREQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbAEPw4XS+DhtsgpyvclgEUwcW
TOvGTQr9N2nfAZgqjlEIGoTA+nkwhHZ0MlxOn7heB6LLDWw7fTQ18KVY6FwHeUgp
6wIvWtD+TVHB635U7Z5CqVFwTT3xgtO6xuezu25/E1yZ6kwlUtxlDqQeL5bdsaEB
22SfeGBiN7TOyBklEhZMZqAFMrDVfcQtGhyejsYS3G3mFsB9tSWAG3klM5aFdShL
lHu5YUK9/YyhWbr9HLb90spAHeoKe9HXamNtQ7TO9I0tToXatgmq26VfMdqsbk1a
JDWKN+lRWw4KTfBQveSDjs+zgsoNOaPLQYbZ3MMY2Z5nHe8pmsIYh8+RpvCFAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUMnRudUiUUAsNwMKmDpY9gxruTaIwHwYDVR0j
BBgwFoAUVRH21970wP+24rOz8MRFXc0UwWAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDA4YmM0OWQtMDMzOC00YjVmLTgyMDQtMDAwNGE2NjEw
NWM5LzAvNTUxMUY2RDdERUY0QzBGRkI2RTJCM0IzRjBDNDQ1NURDRDE0QzE2MC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1ZSSDIxOTcwd1AtMjRyT3o4TVJGWGMw
VXdXQS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDA4YmM0OWQt
MDMzOC00YjVmLTgyMDQtMDAwNGE2NjEwNWM5LzAvMzEzOTMzMmUzMjMwMzEyZTM3
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzkzNDM1Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADByUgwDQYJKoZIhvcNAQELBQADggEBABEgwJKLCgoJKTdYqU+Sg9wQxvsofVcq
ewSVJyONw3cKgfUQCYy6RUhGwZPAFTBu09L4tR9opN9Bi+o5K8YnFu/VBC2xg4VL
OlfHKc/OU3WDSVSdYuSdTMpsEsmjkR5nMwoFCg0ncjKeXUlXEzPJXp6Yu32oW9X7
+K0eCAmdQAZb7yg3l8no9MoetsvtQL6TMYC7PEir5i6As9TBoPXaAgD2jsObCBJT
g1au5+3jHJ7xz9uxZvwznUy+zzGuOFPjT+CjamNjgdpCmFOB4hBSbL41Ax7s1aJr
xvk3TcmuhIbRWr8p4PhnLwQYnfKTWTj/xf7AbUjAltb2jBI5Z0MSFA4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:52:27 2024 by rpki-client on console-ams.rpki-client.org