Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3139332e3234362e3130332e302f32342d3234203d3e203134343435.roa
File:                     3139332e3234362e3130332e302f32342d3234203d3e203134343435.roa (raw, json)
Hash identifier:          ufXtcIzi4rnGki461GEkPvVnVefe9lwcKtdLvFw4GmM=
Subject key identifier:   DA:9F:7B:11:36:5F:07:8B:65:D8:02:58:ED:2F:01:A3:7F:62:5B:85
Certificate issuer:       /CN=c79d02c618861ad45baf78ce39023cbcb494a7bf
Certificate serial:       594DC4A051B69B14BF5123D13616FBC68016F959
Authority key identifier: C7:9D:02:C6:18:86:1A:D4:5B:AF:78:CE:39:02:3C:BC:B4:94:A7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3139332e3234362e3130332e302f32342d3234203d3e203134343435.roa
Signing time:             Thu 28 Mar 2024 11:10:23 +0000
ROA not before:           Thu 28 Mar 2024 11:05:23 +0000
ROA not after:            Thu 27 Mar 2025 11:10:23 +0000
asID:                     14445
IP address blocks:        193.246.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:4d:c4:a0:51:b6:9b:14:bf:51:23:d1:36:16:fb:c6:80:16:f9:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c79d02c618861ad45baf78ce39023cbcb494a7bf
        Validity
            Not Before: Mar 28 11:05:23 2024 GMT
            Not After : Mar 27 11:10:23 2025 GMT
        Subject: CN=DA9F7B11365F078B65D80258ED2F01A37F625B85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:68:7a:fc:39:8a:d2:df:cb:18:ab:5c:3a:fc:
                    97:14:7f:0c:0a:19:91:de:1c:25:e9:37:4a:87:b4:
                    65:b9:9f:32:fe:e2:70:d5:7f:3e:41:66:12:22:9a:
                    fc:19:6f:3f:22:9d:7e:56:e6:a8:4e:e7:f0:b4:c6:
                    4a:d8:ec:74:59:65:4d:df:20:a9:9d:f9:b7:d5:b0:
                    49:05:9c:06:f5:e9:49:cb:0c:8b:5a:8e:32:6f:97:
                    b4:f8:b8:42:68:3f:46:76:6d:14:25:a6:92:8c:83:
                    ae:ec:e8:3c:c5:ce:b3:12:c3:ac:86:93:6a:87:a5:
                    db:aa:20:b1:d5:71:45:7c:9d:a9:31:33:89:1b:30:
                    a5:fb:54:e2:02:d6:d0:70:c3:ef:5e:ae:49:27:b0:
                    2f:88:62:55:5a:a0:47:14:38:24:6f:d3:65:35:10:
                    86:49:31:fe:61:44:ec:60:2f:e4:b1:7d:02:84:87:
                    2d:e3:b9:9a:42:7a:d5:58:8a:1a:28:fb:81:5d:ff:
                    af:c3:ea:c5:f6:5f:41:d4:70:6c:f5:6a:ed:b1:e4:
                    5b:25:3f:f4:66:07:10:11:71:00:21:95:3c:81:1b:
                    a2:3f:b7:37:bf:2c:f4:b8:dc:da:66:83:41:69:25:
                    cd:9f:10:8a:da:95:79:90:05:88:6e:a3:bd:1e:be:
                    1f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:9F:7B:11:36:5F:07:8B:65:D8:02:58:ED:2F:01:A3:7F:62:5B:85
            X509v3 Authority Key Identifier:
                keyid:C7:9D:02:C6:18:86:1A:D4:5B:AF:78:CE:39:02:3C:BC:B4:94:A7:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3139332e3234362e3130332e302f32342d3234203d3e203134343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f1:d1:9b:04:51:ae:78:63:56:1a:28:5d:01:d6:7c:ee:3e:
         d5:23:9e:73:9a:66:27:f8:3c:6e:3f:5f:88:be:c0:d6:bc:42:
         d8:01:89:ec:a0:a9:b8:01:87:c7:89:6e:bd:06:48:7b:2d:2e:
         e9:48:d3:4b:86:1e:34:0e:9a:d2:97:95:b0:9e:60:05:85:88:
         fd:09:24:75:47:21:48:42:08:9e:97:cb:57:6e:05:6c:1d:4d:
         a9:13:20:af:b0:63:2b:a2:2a:19:bd:5a:20:bc:78:34:1a:18:
         a3:7c:9e:c0:61:13:55:e3:ad:cd:8d:8a:f9:10:1e:84:16:91:
         54:ba:ed:8c:59:eb:97:67:97:3f:d9:d6:40:c3:7d:90:b4:1e:
         40:1a:b0:6b:5a:56:b6:87:48:55:79:dc:fb:6e:ef:33:9f:fd:
         53:6f:10:5a:4d:08:14:4f:b3:84:3c:ad:ea:1b:20:f8:05:c8:
         27:a6:41:8d:67:29:99:b2:7b:25:a9:db:6f:45:33:fd:b6:9d:
         55:e4:b4:74:14:00:04:1d:4b:69:df:80:4d:17:8d:93:d4:59:
         18:9e:a2:3f:90:b6:13:66:e8:49:00:2e:a2:a7:00:b8:41:72:
         80:65:22:ee:ee:87:d5:7b:a0:c6:d8:b7:33:93:ae:83:4f:8e:
         03:78:44:3f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUWU3EoFG2mxS/USPRNhb7xoAW+VkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc5ZDAyYzYxODg2MWFkNDViYWY3OGNlMzkwMjNjYmNi
NDk0YTdiZjAeFw0yNDAzMjgxMTA1MjNaFw0yNTAzMjcxMTEwMjNaMDMxMTAvBgNV
BAMTKERBOUY3QjExMzY1RjA3OEI2NUQ4MDI1OEVEMkYwMUEzN0Y2MjVCODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiaHr8OYrS38sYq1w6/JcUfwwK
GZHeHCXpN0qHtGW5nzL+4nDVfz5BZhIimvwZbz8inX5W5qhO5/C0xkrY7HRZZU3f
IKmd+bfVsEkFnAb16UnLDItajjJvl7T4uEJoP0Z2bRQlppKMg67s6DzFzrMSw6yG
k2qHpduqILHVcUV8nakxM4kbMKX7VOIC1tBww+9erkknsC+IYlVaoEcUOCRv02U1
EIZJMf5hROxgL+SxfQKEhy3juZpCetVYihoo+4Fd/6/D6sX2X0HUcGz1au2x5Fsl
P/RmBxARcQAhlTyBG6I/tze/LPS43Npmg0FpJc2fEIralXmQBYhuo70evh81AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU2p97ETZfB4tl2AJY7S8Bo39iW4UwHwYDVR0j
BBgwFoAUx50CxhiGGtRbr3jOOQI8vLSUp78wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDkwYTkzNWEtYTc0ZC00Yjk4LTk0MzAtYmM3YWU1YzI0
ZjI4LzAvQzc5RDAyQzYxODg2MUFENDVCQUY3OENFMzkwMjNDQkNCNDk0QTdCRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3g1MEN4aGlHR3RSYnIzak9PUUk4dkxT
VXA3OC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDkwYTkzNWEt
YTc0ZC00Yjk4LTk0MzAtYmM3YWU1YzI0ZjI4LzAvMzEzOTMzMmUzMjM0MzYyZTMx
MzAzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzNDM0MzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADB9mcwDQYJKoZIhvcNAQELBQADggEBABHx0ZsEUa54Y1YaKF0B1nzuPtUjnnOa
Zif4PG4/X4i+wNa8QtgBieygqbgBh8eJbr0GSHstLulI00uGHjQOmtKXlbCeYAWF
iP0JJHVHIUhCCJ6Xy1duBWwdTakTIK+wYyuiKhm9WiC8eDQaGKN8nsBhE1Xjrc2N
ivkQHoQWkVS67YxZ65dnlz/Z1kDDfZC0HkAasGtaVraHSFV53Ptu7zOf/VNvEFpN
CBRPs4Q8reobIPgFyCemQY1nKZmyeyWp229FM/22nVXktHQUAAQdS2nfgE0XjZPU
WRieoj+QthNm6EkALqKnALhBcoBlIu7uh9V7oMbYtzOTroNPjgN4RD8=
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:41 2024 by rpki-client on console-fra.rpki-client.org