Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/39342e3132362e3233322e302f32342d3234203d3e203438303730.roa
File:                     39342e3132362e3233322e302f32342d3234203d3e203438303730.roa (raw, json)
Hash identifier:          QSf1f4sZpmKAqesOD+5GkB0Z3X1d4jZecHW/qgpOz7c=
Subject key identifier:   55:94:42:8E:16:59:75:C6:C1:0B:6E:0E:9D:15:21:17:CB:6E:DC:66
Certificate issuer:       /CN=98a87cad5b710890a9528f166f4202393824e6b8
Certificate serial:       28123A7931BB3C646312274E712E3C35182BE842
Authority key identifier: 98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/39342e3132362e3233322e302f32342d3234203d3e203438303730.roa
Signing time:             Tue 25 Jun 2024 15:49:18 +0000
ROA not before:           Tue 25 Jun 2024 15:44:18 +0000
ROA not after:            Tue 24 Jun 2025 15:49:18 +0000
asID:                     48070
IP address blocks:        94.126.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:12:3a:79:31:bb:3c:64:63:12:27:4e:71:2e:3c:35:18:2b:e8:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a87cad5b710890a9528f166f4202393824e6b8
        Validity
            Not Before: Jun 25 15:44:18 2024 GMT
            Not After : Jun 24 15:49:18 2025 GMT
        Subject: CN=5594428E165975C6C10B6E0E9D152117CB6EDC66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f3:c6:73:7b:14:c1:7f:36:67:1d:dd:91:cc:
                    76:0e:74:59:f2:ee:fe:c2:b7:ab:6d:20:6d:47:e2:
                    0b:00:59:32:86:92:d9:0d:32:95:74:12:4c:c9:dc:
                    dc:3f:7c:76:51:53:15:3c:a2:aa:18:fe:b9:3d:1d:
                    e8:57:03:20:34:57:9f:9e:d8:f7:00:73:1e:73:30:
                    09:3f:e9:0a:d5:76:93:86:7b:11:55:8b:32:b1:2f:
                    73:cc:7e:83:d2:ab:71:8e:c8:02:bc:1e:10:76:51:
                    e8:fd:db:ce:06:ef:3d:83:aa:d8:de:93:56:05:5a:
                    aa:2b:1f:90:89:5f:03:ab:26:aa:9e:cc:44:55:ff:
                    b0:06:2c:35:82:bf:3f:dd:72:02:97:5a:ed:aa:cb:
                    e7:7a:e5:1b:78:22:64:7a:08:71:82:3e:96:55:e6:
                    20:c6:b4:8e:47:24:fa:0e:ca:0a:48:83:80:51:49:
                    45:6f:bc:d8:42:bd:29:c8:1e:69:22:41:c8:a0:91:
                    87:fb:4c:f6:16:d0:f6:de:4c:97:22:84:cb:96:59:
                    17:08:fb:1c:d4:b2:45:1b:65:09:8d:00:30:6d:6e:
                    44:85:58:c4:f1:fd:94:c8:3a:41:3b:75:85:a2:5f:
                    ac:72:0b:25:0b:96:09:7c:e2:eb:19:29:37:93:6a:
                    60:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:94:42:8E:16:59:75:C6:C1:0B:6E:0E:9D:15:21:17:CB:6E:DC:66
            X509v3 Authority Key Identifier:
                keyid:98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/39342e3132362e3233322e302f32342d3234203d3e203438303730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.126.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:86:58:f9:03:2b:36:38:13:e1:34:7d:5b:54:53:de:f4:5a:
         5f:36:98:d1:2e:74:eb:3e:ba:d5:dc:73:0d:7a:de:d9:e2:56:
         e4:d3:68:16:09:8e:f5:ec:cf:75:5d:5f:2e:9a:a7:84:79:bb:
         fd:19:82:47:6b:d4:c0:b8:ac:1b:39:b9:56:58:78:2b:0a:56:
         15:b6:10:1d:18:44:51:42:ea:1b:fa:c8:36:ed:03:3a:e3:21:
         78:2e:0d:f1:5f:e7:d5:2e:52:fd:18:6a:3b:d8:13:65:cf:cf:
         91:7e:5d:14:cb:a1:37:30:3f:76:10:47:c8:a0:16:2a:b8:0f:
         05:41:8f:d7:51:bd:5d:44:7a:47:a9:5d:6d:07:74:f8:2c:c4:
         65:e4:7b:91:7b:58:53:c4:a7:ac:c3:86:f9:b5:9a:fe:c0:e7:
         57:1f:e2:4a:b8:17:29:10:e1:92:08:74:4e:ab:84:db:05:f2:
         93:7d:89:62:bd:f6:31:ea:98:8d:71:93:5e:64:37:f4:24:13:
         c4:36:11:c2:a7:62:66:1e:85:3d:bd:c0:5c:6f:62:7d:87:c4:
         7f:30:5d:c3:30:ae:ba:01:ec:d9:0c:9d:3a:57:ef:44:26:1f:
         b7:0c:a2:43:1d:a6:ee:aa:57:1b:70:79:ce:98:4c:ff:2c:8d:
         f6:cc:78:a9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUKBI6eTG7PGRjEidOcS48NRgr6EIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOThhODdjYWQ1YjcxMDg5MGE5NTI4ZjE2NmY0MjAyMzkz
ODI0ZTZiODAeFw0yNDA2MjUxNTQ0MThaFw0yNTA2MjQxNTQ5MThaMDMxMTAvBgNV
BAMTKDU1OTQ0MjhFMTY1OTc1QzZDMTBCNkUwRTlEMTUyMTE3Q0I2RURDNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk88ZzexTBfzZnHd2RzHYOdFny
7v7Ct6ttIG1H4gsAWTKGktkNMpV0EkzJ3Nw/fHZRUxU8oqoY/rk9HehXAyA0V5+e
2PcAcx5zMAk/6QrVdpOGexFVizKxL3PMfoPSq3GOyAK8HhB2Uej9284G7z2Dqtje
k1YFWqorH5CJXwOrJqqezERV/7AGLDWCvz/dcgKXWu2qy+d65Rt4ImR6CHGCPpZV
5iDGtI5HJPoOygpIg4BRSUVvvNhCvSnIHmkiQcigkYf7TPYW0PbeTJcihMuWWRcI
+xzUskUbZQmNADBtbkSFWMTx/ZTIOkE7dYWiX6xyCyULlgl84usZKTeTamBvAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUVZRCjhZZdcbBC24OnRUhF8tu3GYwHwYDVR0j
BBgwFoAUmKh8rVtxCJCpUo8Wb0ICOTgk5rgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUtNGIxYS00NmVhLTljOTUtNGFmMTI5NjRh
NDlkLzAvOThBODdDQUQ1QjcxMDg5MEE5NTI4RjE2NkY0MjAyMzkzODI0RTZCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL21LaDhyVnR4Q0pDcFVvOFdiMElDT1Rn
azVyZy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUt
NGIxYS00NmVhLTljOTUtNGFmMTI5NjRhNDlkLzAvMzkzNDJlMzEzMjM2MmUzMjMz
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM4MzAzNzMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
Xn7oMA0GCSqGSIb3DQEBCwUAA4IBAQBihlj5Ays2OBPhNH1bVFPe9FpfNpjRLnTr
PrrV3HMNet7Z4lbk02gWCY717M91XV8umqeEebv9GYJHa9TAuKwbOblWWHgrClYV
thAdGERRQuob+sg27QM64yF4Lg3xX+fVLlL9GGo72BNlz8+Rfl0Uy6E3MD92EEfI
oBYquA8FQY/XUb1dRHpHqV1tB3T4LMRl5HuRe1hTxKesw4b5tZr+wOdXH+JKuBcp
EOGSCHROq4TbBfKTfYlivfYx6piNcZNeZDf0JBPENhHCp2JmHoU9vcBcb2J9h8R/
MF3DMK66AezZDJ06V+9EJh+3DKJDHabuqlcbcHnOmEz/LI32zHip
-----END CERTIFICATE-----
Generated at Wed Nov 20 20:46:08 2024 by rpki-client on console-fra.rpki-client.org