Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3137302e302f32342d3234203d3e203239303134.roa
File:                     39352e3136392e3137302e302f32342d3234203d3e203239303134.roa (raw, json)
Hash identifier:          2241pWO+OaijNOXHiReQmtgqIszge6N3EI0Rcc6SvX0=
Subject key identifier:   CD:F1:95:8E:2F:9B:24:49:F4:09:DF:C9:CE:A4:93:53:D4:3A:04:AC
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       5876E25BE41B3354DDB23D4D505BCBEDC3A038D7
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3137302e302f32342d3234203d3e203239303134.roa
Signing time:             Thu 01 Aug 2024 16:42:30 +0000
ROA not before:           Thu 01 Aug 2024 16:37:30 +0000
ROA not after:            Thu 31 Jul 2025 16:42:30 +0000
asID:                     29014
IP address blocks:        95.169.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:76:e2:5b:e4:1b:33:54:dd:b2:3d:4d:50:5b:cb:ed:c3:a0:38:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: Aug  1 16:37:30 2024 GMT
            Not After : Jul 31 16:42:30 2025 GMT
        Subject: CN=CDF1958E2F9B2449F409DFC9CEA49353D43A04AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9d:c4:d7:f6:29:cb:d7:fe:92:19:1b:fd:79:
                    c3:04:ec:8d:0c:ae:ce:6b:36:6c:f8:d8:24:1a:f5:
                    17:10:96:dd:cd:4d:f7:b9:2f:e6:fc:d7:8c:f9:6a:
                    7a:3c:0d:45:a1:47:c8:01:e7:f6:95:f1:1a:d1:1b:
                    62:21:81:87:76:29:3d:ea:91:e5:2e:63:1f:eb:55:
                    bf:9f:b4:fa:0a:8a:7f:d8:d0:c8:97:fa:8d:98:db:
                    6b:2c:ae:15:30:9d:c8:17:29:9d:76:2a:26:52:d6:
                    17:de:7f:cc:18:2b:14:3c:0f:63:b6:3b:09:d8:0c:
                    9a:17:4f:0e:a5:7e:1c:47:35:3e:36:77:91:55:d5:
                    41:be:c1:10:4d:65:d0:8a:0f:1b:d3:a2:4f:83:70:
                    78:9d:07:83:46:98:b9:1e:5d:db:c8:21:4e:11:cc:
                    67:01:5e:a3:ed:d4:0e:27:66:bf:66:62:8b:44:77:
                    36:d5:ca:1f:97:3b:6d:6e:04:30:91:b1:84:0b:de:
                    66:99:a5:f2:9c:6a:f7:05:91:a5:34:a9:8c:49:59:
                    24:c4:16:9e:9e:d7:c2:66:8b:ed:22:38:dd:7f:d8:
                    05:fb:70:0b:4f:e0:87:f2:c7:d4:25:80:0d:4c:d4:
                    9b:65:f6:95:e2:42:93:5a:2e:0a:09:70:1c:6d:de:
                    d3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F1:95:8E:2F:9B:24:49:F4:09:DF:C9:CE:A4:93:53:D4:3A:04:AC
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3137302e302f32342d3234203d3e203239303134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:72:d8:3d:3f:8f:ff:62:03:3b:47:bd:d5:ca:88:45:5a:54:
         26:e4:e4:ae:74:50:08:24:01:11:2c:66:1f:2f:1c:a3:c9:49:
         a2:af:34:e8:08:78:b3:bb:90:6d:d8:62:80:b2:2a:c1:aa:7c:
         c0:6f:e7:cf:29:58:fa:c8:5f:f1:fa:df:db:fe:f9:ee:7a:de:
         af:d0:59:15:3d:7d:66:b5:85:07:40:28:2e:5f:31:71:03:c5:
         d8:ee:05:2e:7f:4e:f5:8b:01:3b:7d:64:2d:fb:52:0f:91:81:
         a1:b9:2c:a6:44:14:9a:b8:90:ad:c5:1c:99:d2:8d:be:b2:43:
         7d:1d:55:38:11:a4:2e:7a:5f:e0:8e:c9:57:c3:4c:ec:dd:71:
         1d:72:dc:32:95:13:78:58:0b:10:80:aa:01:a2:21:14:6a:a4:
         c1:cf:9a:9e:1f:49:cb:0b:6d:33:3c:ed:fc:76:c9:44:22:3e:
         53:5b:1d:fb:4f:5d:1e:83:a1:14:40:5c:fc:27:a7:55:c1:23:
         33:0e:11:13:7d:92:6c:04:8b:3c:b8:3c:ef:c6:a3:d9:ef:0d:
         05:a7:ce:de:57:34:64:05:66:0e:61:43:a4:4c:6e:2e:5e:2e:
         1c:d9:8a:c4:c3:9e:a1:58:b9:44:07:d1:2e:28:03:0a:79:02:
         4c:64:d7:9c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUWHbiW+QbM1Tdsj1NUFvL7cOgONcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNDA4MDExNjM3MzBaFw0yNTA3MzExNjQyMzBaMDMxMTAvBgNV
BAMTKENERjE5NThFMkY5QjI0NDlGNDA5REZDOUNFQTQ5MzUzRDQzQTA0QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKncTX9inL1/6SGRv9ecME7I0M
rs5rNmz42CQa9RcQlt3NTfe5L+b814z5ano8DUWhR8gB5/aV8RrRG2IhgYd2KT3q
keUuYx/rVb+ftPoKin/Y0MiX+o2Y22ssrhUwncgXKZ12KiZS1hfef8wYKxQ8D2O2
OwnYDJoXTw6lfhxHNT42d5FV1UG+wRBNZdCKDxvTok+DcHidB4NGmLkeXdvIIU4R
zGcBXqPt1A4nZr9mYotEdzbVyh+XO21uBDCRsYQL3maZpfKcavcFkaU0qYxJWSTE
Fp6e18Jmi+0iON1/2AX7cAtP4Ifyx9QlgA1M1Jtl9pXiQpNaLgoJcBxt3tNlAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUzfGVji+bJEn0Cd/JzqSTU9Q6BKwwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzkzNTJlMzEzNjM5MmUzMTM3
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzAzMTM0LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
X6mqMA0GCSqGSIb3DQEBCwUAA4IBAQBnctg9P4//YgM7R73VyohFWlQm5OSudFAI
JAERLGYfLxyjyUmirzToCHizu5Bt2GKAsirBqnzAb+fPKVj6yF/x+t/b/vnuet6v
0FkVPX1mtYUHQCguXzFxA8XY7gUuf071iwE7fWQt+1IPkYGhuSymRBSauJCtxRyZ
0o2+skN9HVU4EaQuel/gjslXw0zs3XEdctwylRN4WAsQgKoBoiEUaqTBz5qeH0nL
C20zPO38dslEIj5TWx37T10eg6EUQFz8J6dVwSMzDhETfZJsBIs8uDzvxqPZ7w0F
p87eVzRkBWYOYUOkTG4uXi4c2YrEw56hWLlEB9EuKAMKeQJMZNec
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:14:20 2024 by rpki-client on console-ams.rpki-client.org