Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3138342e302f32322d3232203d3e203331313033.roa
File:                     39352e3136392e3138342e302f32322d3232203d3e203331313033.roa (raw, json)
Hash identifier:          kbKS1ODj6388T6KE2JJYFOAOr1BMUVOI9SkxE/iV4q4=
Subject key identifier:   A1:03:D0:D6:64:1A:44:91:EF:84:A4:AC:F2:47:CC:F8:F1:F3:C7:32
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       1D44BD7D313651BFFA448354B532AC58F8D5A5D5
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3138342e302f32322d3232203d3e203331313033.roa
Signing time:             Fri 31 May 2024 09:35:29 +0000
ROA not before:           Fri 31 May 2024 09:30:29 +0000
ROA not after:            Fri 30 May 2025 09:35:29 +0000
asID:                     31103
IP address blocks:        95.169.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:44:bd:7d:31:36:51:bf:fa:44:83:54:b5:32:ac:58:f8:d5:a5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: May 31 09:30:29 2024 GMT
            Not After : May 30 09:35:29 2025 GMT
        Subject: CN=A103D0D6641A4491EF84A4ACF247CCF8F1F3C732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b6:0b:cb:7a:8c:11:3d:be:6c:fa:a4:77:33:
                    02:ac:bc:a2:70:b7:47:47:4b:b2:a7:98:3c:2d:2b:
                    82:5b:80:8e:28:1a:ec:14:5c:38:b2:0d:17:d0:99:
                    11:6e:d1:f5:6b:f8:51:bf:c3:1b:d7:f9:5b:d7:9a:
                    04:69:ed:e2:fe:e0:ae:3f:65:ce:57:71:7d:19:b8:
                    f3:62:fb:fb:6e:ae:d6:a0:4a:6d:fd:4a:fa:ef:b5:
                    92:5a:0d:4f:94:0e:99:8e:a4:46:1b:18:96:1a:b8:
                    83:1f:25:51:b2:3e:67:5b:ba:e2:f1:87:27:bd:d7:
                    0b:16:92:1b:87:37:23:75:6f:77:23:b3:79:ab:21:
                    1a:1b:8a:ea:4b:f3:17:cf:4f:2f:c7:84:47:77:9f:
                    04:3c:69:c0:2d:14:7b:e7:9b:77:db:61:7e:76:c5:
                    d2:d1:fd:d2:52:8e:18:d0:5b:01:ed:8b:37:10:5f:
                    c2:e8:b6:4e:a8:f3:7a:f1:af:37:98:e6:76:31:86:
                    cc:3a:af:e8:c2:2f:f9:1b:50:15:6d:a1:5e:17:de:
                    b2:7c:6a:81:f3:5b:41:ef:57:4d:fb:ac:f8:b7:02:
                    c4:32:15:57:6c:f9:c5:69:92:d7:4b:2e:db:07:7e:
                    06:06:64:3f:76:02:43:9d:48:92:1f:9f:ce:3a:d0:
                    87:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:03:D0:D6:64:1A:44:91:EF:84:A4:AC:F2:47:CC:F8:F1:F3:C7:32
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/39352e3136392e3138342e302f32322d3232203d3e203331313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:c0:eb:5f:b1:1b:8e:8c:08:0e:ce:5d:2f:55:4f:90:3f:63:
         f3:8c:96:e7:a2:5d:25:d7:21:24:9a:d7:0d:bf:fd:fb:49:fa:
         f7:5b:36:4f:0c:5f:3a:08:89:56:62:32:39:77:37:bc:14:31:
         79:ca:85:6e:77:f4:a3:73:08:3a:f1:6c:b4:ef:08:8e:bd:f0:
         35:dc:55:6b:a5:db:ba:5c:f9:74:3c:74:c2:d2:4c:8a:57:b6:
         01:fd:02:24:db:fe:db:c8:52:f4:c3:dc:83:18:b1:cb:80:23:
         d2:60:f4:40:b9:1f:2d:de:ab:e3:2c:57:8e:a7:ff:cd:7a:7f:
         9a:35:d0:b4:34:1d:c6:9b:4f:4f:5d:94:93:c8:e1:b5:b2:2f:
         af:86:5a:65:12:93:4c:56:45:04:35:0d:d1:41:cd:36:4e:5e:
         58:1c:b3:95:16:83:60:24:d7:6f:23:dd:28:e5:20:23:5d:e1:
         7f:aa:19:c0:2e:68:35:52:9b:16:34:76:78:30:6d:c8:7f:26:
         e2:18:d0:ac:31:5b:87:b2:da:85:27:b2:e5:97:36:b1:9a:51:
         39:a0:19:64:f8:3c:5c:23:9c:47:cf:e2:ff:00:85:8a:c7:4a:
         24:a7:19:f9:37:5d:bb:8e:0c:e7:57:01:a2:b0:82:2b:2b:67:
         ac:6c:8f:e6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUHUS9fTE2Ub/6RINUtTKsWPjVpdUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNDA1MzEwOTMwMjlaFw0yNTA1MzAwOTM1MjlaMDMxMTAvBgNV
BAMTKEExMDNEMEQ2NjQxQTQ0OTFFRjg0QTRBQ0YyNDdDQ0Y4RjFGM0M3MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUtgvLeowRPb5s+qR3MwKsvKJw
t0dHS7KnmDwtK4JbgI4oGuwUXDiyDRfQmRFu0fVr+FG/wxvX+VvXmgRp7eL+4K4/
Zc5XcX0ZuPNi+/turtagSm39SvrvtZJaDU+UDpmOpEYbGJYauIMfJVGyPmdbuuLx
hye91wsWkhuHNyN1b3cjs3mrIRobiupL8xfPTy/HhEd3nwQ8acAtFHvnm3fbYX52
xdLR/dJSjhjQWwHtizcQX8Lotk6o83rxrzeY5nYxhsw6r+jCL/kbUBVtoV4X3rJ8
aoHzW0HvV037rPi3AsQyFVds+cVpktdLLtsHfgYGZD92AkOdSJIfn8460IftAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUoQPQ1mQaRJHvhKSs8kfM+PHzxzIwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzkzNTJlMzEzNjM5MmUzMTM4
MzQyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzMzMxMzEzMDMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
X6m4MA0GCSqGSIb3DQEBCwUAA4IBAQA2wOtfsRuOjAgOzl0vVU+QP2PzjJbnol0l
1yEkmtcNv/37Sfr3WzZPDF86CIlWYjI5dze8FDF5yoVud/Sjcwg68Wy07wiOvfA1
3FVrpdu6XPl0PHTC0kyKV7YB/QIk2/7byFL0w9yDGLHLgCPSYPRAuR8t3qvjLFeO
p//Nen+aNdC0NB3Gm09PXZSTyOG1si+vhlplEpNMVkUENQ3RQc02Tl5YHLOVFoNg
JNdvI90o5SAjXeF/qhnALmg1UpsWNHZ4MG3IfybiGNCsMVuHstqFJ7LllzaxmlE5
oBlk+DxcI5xHz+L/AIWKx0okpxn5N127jgznVwGisIIrK2esbI/m
-----END CERTIFICATE-----
Generated at Fri Nov 22 08:14:20 2024 by rpki-client on console-ams.rpki-client.org