Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3231372e3139382e3138372e302f32342d3234203d3e20323131343135.roa
File:                     3231372e3139382e3138372e302f32342d3234203d3e20323131343135.roa (raw, json)
Hash identifier:          E9SrdbvV51R1eNOoUQlzgnaJf+DNT0FpddD5qSljJvo=
Subject key identifier:   FD:13:63:E4:44:B7:A8:25:3B:D0:27:D3:B6:AE:54:F8:F8:55:19:37
Certificate issuer:       /CN=c79d02c618861ad45baf78ce39023cbcb494a7bf
Certificate serial:       0821455E3BA64000FA7374A024471BC4A3299F3E
Authority key identifier: C7:9D:02:C6:18:86:1A:D4:5B:AF:78:CE:39:02:3C:BC:B4:94:A7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3231372e3139382e3138372e302f32342d3234203d3e20323131343135.roa
Signing time:             Thu 11 Jan 2024 09:05:08 +0000
ROA not before:           Thu 11 Jan 2024 09:00:08 +0000
ROA not after:            Thu 09 Jan 2025 09:05:08 +0000
asID:                     211415
IP address blocks:        217.198.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:21:45:5e:3b:a6:40:00:fa:73:74:a0:24:47:1b:c4:a3:29:9f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c79d02c618861ad45baf78ce39023cbcb494a7bf
        Validity
            Not Before: Jan 11 09:00:08 2024 GMT
            Not After : Jan  9 09:05:08 2025 GMT
        Subject: CN=FD1363E444B7A8253BD027D3B6AE54F8F8551937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6c:1f:eb:e1:a3:78:9d:9c:93:08:82:d6:82:
                    60:bc:d7:2e:19:aa:52:8e:70:d9:2a:80:e0:f6:1d:
                    c6:77:ab:76:28:13:b9:89:d7:c8:00:0d:cf:e4:d8:
                    d4:78:68:7c:1b:87:18:43:6d:a8:61:71:6c:ca:d0:
                    6c:e7:8d:74:e9:e6:c3:14:bd:f7:22:52:cf:45:0d:
                    5f:85:35:86:21:d3:9b:bb:9d:04:c7:df:66:ec:51:
                    49:43:43:ea:10:5b:05:79:06:b6:d5:84:7e:0d:8b:
                    b7:34:ee:44:78:b1:3e:41:e6:2d:53:49:12:14:e2:
                    dd:79:25:8c:5e:d7:dc:69:a6:04:a2:53:4e:68:b2:
                    76:b1:fe:14:aa:70:58:18:68:9b:78:6b:a8:b2:24:
                    ec:5e:92:37:63:11:d1:a2:37:d6:cf:33:10:ba:71:
                    8e:de:36:c2:ba:7e:2a:98:c5:44:e5:22:89:e2:aa:
                    cb:b5:a8:38:76:7c:ac:b2:00:28:1f:54:19:50:89:
                    75:56:82:5c:5f:6f:26:d0:69:21:77:fb:62:0c:25:
                    fa:ad:fa:30:b2:67:60:3e:51:f6:9e:a4:c4:6d:e0:
                    6c:40:d2:06:17:c4:cd:2e:47:db:ed:8a:65:3f:56:
                    ec:cc:5f:5b:98:79:ea:94:79:c4:22:b6:a0:99:eb:
                    90:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:13:63:E4:44:B7:A8:25:3B:D0:27:D3:B6:AE:54:F8:F8:55:19:37
            X509v3 Authority Key Identifier:
                keyid:C7:9D:02:C6:18:86:1A:D4:5B:AF:78:CE:39:02:3C:BC:B4:94:A7:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3231372e3139382e3138372e302f32342d3234203d3e20323131343135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:ac:72:24:2e:de:67:16:4c:22:c6:dc:2d:df:d4:12:c3:38:
         f3:5e:f7:8c:7c:a7:ef:ea:46:a9:a6:d6:73:d3:27:77:16:a5:
         28:ef:4f:94:02:b8:fd:3a:f3:bc:db:09:f9:07:8c:05:ee:69:
         45:aa:c2:2b:8c:43:bc:b9:ad:50:70:f7:88:35:d7:9a:53:0f:
         ab:e8:9b:5d:e5:45:05:bd:4b:06:85:35:5c:b3:24:79:21:e5:
         14:7f:00:69:f4:4c:3a:e5:9a:24:8e:5a:ca:b3:a6:49:0a:c2:
         53:95:01:bb:46:6f:46:53:d2:4c:97:fb:0f:7c:b9:c3:00:c5:
         fd:9d:be:21:25:99:32:4e:1e:94:bd:cc:ec:b0:4a:e7:be:bb:
         13:fc:98:d2:38:76:99:44:d0:70:dc:d2:9f:3e:26:a7:5c:c2:
         c9:dd:c2:1d:91:bf:fd:8a:62:fa:9d:59:c8:fc:66:70:1d:ab:
         44:a1:56:41:67:48:e2:03:d1:40:21:56:e4:78:da:ab:87:79:
         4f:ee:dc:e2:a0:3b:a1:be:72:92:8c:f3:00:17:5d:76:35:4a:
         5e:8a:3e:14:64:7a:9e:9d:b3:6e:19:35:0e:47:68:de:f4:42:
         68:26:1d:bf:b9:3b:a3:f8:f6:0e:0c:c4:d6:fa:98:9f:60:3e:
         c2:34:4a:80
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUCCFFXjumQAD6c3SgJEcbxKMpnz4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc5ZDAyYzYxODg2MWFkNDViYWY3OGNlMzkwMjNjYmNi
NDk0YTdiZjAeFw0yNDAxMTEwOTAwMDhaFw0yNTAxMDkwOTA1MDhaMDMxMTAvBgNV
BAMTKEZEMTM2M0U0NDRCN0E4MjUzQkQwMjdEM0I2QUU1NEY4Rjg1NTE5MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpbB/r4aN4nZyTCILWgmC81y4Z
qlKOcNkqgOD2HcZ3q3YoE7mJ18gADc/k2NR4aHwbhxhDbahhcWzK0GznjXTp5sMU
vfciUs9FDV+FNYYh05u7nQTH32bsUUlDQ+oQWwV5BrbVhH4Ni7c07kR4sT5B5i1T
SRIU4t15JYxe19xppgSiU05osnax/hSqcFgYaJt4a6iyJOxekjdjEdGiN9bPMxC6
cY7eNsK6fiqYxUTlIoniqsu1qDh2fKyyACgfVBlQiXVWglxfbybQaSF3+2IMJfqt
+jCyZ2A+UfaepMRt4GxA0gYXxM0uR9vtimU/VuzMX1uYeeqUecQitqCZ65BTAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU/RNj5ES3qCU70CfTtq5U+PhVGTcwHwYDVR0j
BBgwFoAUx50CxhiGGtRbr3jOOQI8vLSUp78wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDkwYTkzNWEtYTc0ZC00Yjk4LTk0MzAtYmM3YWU1YzI0
ZjI4LzAvQzc5RDAyQzYxODg2MUFENDVCQUY3OENFMzkwMjNDQkNCNDk0QTdCRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3g1MEN4aGlHR3RSYnIzak9PUUk4dkxT
VXA3OC5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDkwYTkzNWEt
YTc0ZC00Yjk4LTk0MzAtYmM3YWU1YzI0ZjI4LzAvMzIzMTM3MmUzMTM5MzgyZTMx
MzgzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTM0MzEzNS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnGuzANBgkqhkiG9w0BAQsFAAOCAQEAAKxyJC7eZxZMIsbcLd/UEsM48173
jHyn7+pGqabWc9MndxalKO9PlAK4/TrzvNsJ+QeMBe5pRarCK4xDvLmtUHD3iDXX
mlMPq+ibXeVFBb1LBoU1XLMkeSHlFH8AafRMOuWaJI5ayrOmSQrCU5UBu0ZvRlPS
TJf7D3y5wwDF/Z2+ISWZMk4elL3M7LBK5767E/yY0jh2mUTQcNzSnz4mp1zCyd3C
HZG//Ypi+p1ZyPxmcB2rRKFWQWdI4gPRQCFW5Hjaq4d5T+7c4qA7ob5ykozzABdd
djVKXoo+FGR6np2zbhk1Dkdo3vRCaCYdv7k7o/j2DgzE1vqYn2A+wjRKgA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:41 2024 by rpki-client on console-fra.rpki-client.org