Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37322e302f32342d3234203d3e203631333137.roa
File:                     3134312e39382e37322e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          FpJyNXPLkfx9FC5RwssYiYTLp5H62f4R1xk1IrS+WZQ=
Subject key identifier:   5B:7B:4F:C1:D7:8D:E0:B0:AC:B0:03:40:38:12:EB:37:0E:CA:DB:99
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       5226F3A401670802C416E5C03CF70D5D945BE0BE
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37322e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 04 May 2023 10:56:22 +0000
ROA not before:           Thu 04 May 2023 10:51:22 +0000
ROA not after:            Thu 02 May 2024 10:56:22 +0000
asID:                     61317
IP address blocks:        141.98.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:26:f3:a4:01:67:08:02:c4:16:e5:c0:3c:f7:0d:5d:94:5b:e0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: May  4 10:51:22 2023 GMT
            Not After : May  2 10:56:22 2024 GMT
        Subject: CN=5B7B4FC1D78DE0B0ACB003403812EB370ECADB99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:13:d9:08:d4:00:ea:da:20:4f:2f:34:21:0c:
                    0f:80:8d:8f:11:ff:22:ab:12:32:e7:1b:4b:0b:21:
                    a3:20:be:d0:36:2b:41:6a:5d:ec:95:b7:79:c3:3f:
                    2a:ed:4a:f1:b9:be:b2:9f:4a:d3:aa:4f:ff:c4:3c:
                    1f:2c:c2:12:8e:76:b5:5c:03:42:f3:b3:21:76:bf:
                    5a:53:28:75:d0:d9:08:16:7b:b1:b0:87:f2:11:42:
                    ed:7f:c5:3d:69:1a:83:d3:8c:7b:0a:09:29:67:74:
                    5d:13:1f:40:51:b8:c5:6a:cd:7b:18:e8:d5:23:c1:
                    04:86:04:6c:71:4a:9f:f9:c1:3a:d5:a3:5f:3e:81:
                    7f:bc:0f:c6:fb:84:00:70:fe:c7:d6:b2:1f:94:0f:
                    d2:62:b1:f2:8b:af:3b:c0:9e:04:74:15:60:da:99:
                    15:95:e4:01:9e:6d:f0:b8:09:57:68:3d:0c:e3:bb:
                    e3:ae:af:2c:52:a9:fd:bb:8b:03:fc:2d:48:22:12:
                    ec:f6:fa:56:57:cd:2d:b6:9f:0a:dc:30:72:75:c0:
                    b2:5f:1d:5f:35:e2:2b:3d:3a:0c:2d:97:b0:58:01:
                    41:0a:02:0d:69:b9:ad:af:93:f8:aa:4b:93:f6:47:
                    8e:11:8c:ce:11:bf:30:5d:53:67:16:ba:97:98:8c:
                    ac:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:7B:4F:C1:D7:8D:E0:B0:AC:B0:03:40:38:12:EB:37:0E:CA:DB:99
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37322e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:9b:ba:37:39:e2:79:fd:46:35:eb:4a:40:0a:e0:d4:71:43:
         79:1c:55:bf:95:d9:5a:6a:9f:93:36:4e:79:54:56:f0:56:fc:
         9e:25:5b:38:b8:54:a0:e6:04:39:f9:f1:8f:6a:8b:b8:bb:5b:
         7b:08:b8:3b:5a:dd:d0:51:49:7c:7c:78:af:d9:e9:04:e7:06:
         cd:4b:2a:5c:10:27:54:ca:a3:4a:77:49:ca:e0:64:47:47:76:
         83:e3:7a:48:db:06:46:5f:5b:01:e4:70:60:ee:d3:4e:72:a7:
         5d:b6:ae:2a:24:e2:25:d5:fd:59:e4:6a:22:26:33:cc:49:66:
         af:14:cb:24:a5:07:bd:b2:0e:5b:27:ff:6a:87:b7:6b:3d:48:
         c9:f9:69:40:9d:e1:9a:af:32:ae:61:41:d3:8c:82:59:f9:f6:
         92:41:92:15:5c:57:a4:8f:e0:2c:dd:7e:12:b0:fd:36:15:40:
         70:7a:c5:0b:10:ac:3f:3d:f9:a4:b0:54:e8:08:9d:3b:8d:d5:
         6d:c9:25:a8:40:be:ac:9e:de:bc:44:27:5a:4c:b5:f6:bd:84:
         8b:df:b2:31:87:05:1a:bb:77:92:61:b3:40:b1:84:42:65:78:
         4f:4a:b4:48:40:76:34:3b:3c:9f:51:61:c9:72:b0:3a:91:5e:
         53:9c:27:19
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUibzpAFnCALEFuXAPPcNXZRb4L4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yMzA1MDQxMDUxMjJaFw0yNDA1MDIxMDU2MjJaMDMxMTAvBgNV
BAMTKDVCN0I0RkMxRDc4REUwQjBBQ0IwMDM0MDM4MTJFQjM3MEVDQURCOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8E9kI1ADq2iBPLzQhDA+AjY8R
/yKrEjLnG0sLIaMgvtA2K0FqXeyVt3nDPyrtSvG5vrKfStOqT//EPB8swhKOdrVc
A0LzsyF2v1pTKHXQ2QgWe7Gwh/IRQu1/xT1pGoPTjHsKCSlndF0TH0BRuMVqzXsY
6NUjwQSGBGxxSp/5wTrVo18+gX+8D8b7hABw/sfWsh+UD9JisfKLrzvAngR0FWDa
mRWV5AGebfC4CVdoPQzju+OuryxSqf27iwP8LUgiEuz2+lZXzS22nwrcMHJ1wLJf
HV814is9Ogwtl7BYAUEKAg1pua2vk/iqS5P2R44RjM4RvzBdU2cWupeYjKzpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW3tPwdeN4LCssANAOBLrNw7K25kwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzEzNDMxMmUzOTM4MmUzNzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI1i
SDANBgkqhkiG9w0BAQsFAAOCAQEATJu6Nznief1GNetKQArg1HFDeRxVv5XZWmqf
kzZOeVRW8Fb8niVbOLhUoOYEOfnxj2qLuLtbewi4O1rd0FFJfHx4r9npBOcGzUsq
XBAnVMqjSndJyuBkR0d2g+N6SNsGRl9bAeRwYO7TTnKnXbauKiTiJdX9WeRqIiYz
zElmrxTLJKUHvbIOWyf/aoe3az1IyflpQJ3hmq8yrmFB04yCWfn2kkGSFVxXpI/g
LN1+ErD9NhVAcHrFCxCsPz35pLBU6AidO43VbcklqEC+rJ7evEQnWky19r2Ei9+y
MYcFGrt3kmGzQLGEQmV4T0q0SEB2NDs8n1FhyXKwOpFeU5wnGQ==
-----END CERTIFICATE-----
Generated at Fri Mar 29 03:45:31 2024 by rpki-client on console-fra.rpki-client.org