Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e203531353631.roa
File:                     3134312e39382e37332e302f32342d3234203d3e203531353631.roa (raw, json)
Hash identifier:          WkifR5B74bwTcxa4j7lOSyGvKXyUufG9Ou0vdIchcEg=
Subject key identifier:   63:24:B4:D8:15:10:3C:C4:52:18:66:E3:04:6F:E7:26:E5:B5:F8:0E
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       5D006EA8B152519BA4DDA7D02E318284805C3C7D
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e203531353631.roa
Signing time:             Thu 04 May 2023 10:56:22 +0000
ROA not before:           Thu 04 May 2023 10:51:22 +0000
ROA not after:            Thu 02 May 2024 10:56:22 +0000
asID:                     51561
IP address blocks:        141.98.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Jul 2023 14:08:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:00:6e:a8:b1:52:51:9b:a4:dd:a7:d0:2e:31:82:84:80:5c:3c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: May  4 10:51:22 2023 GMT
            Not After : May  2 10:56:22 2024 GMT
        Subject: CN=6324B4D815103CC4521866E3046FE726E5B5F80E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:70:a3:c8:c7:29:ed:39:2e:9e:73:88:94:13:
                    b0:dc:4f:08:a6:7c:99:cb:64:93:99:62:28:97:fd:
                    56:62:81:64:40:fc:32:6e:6b:2e:61:8c:dd:36:db:
                    d8:3a:1b:69:18:0e:b7:e0:17:8f:66:30:2a:47:b9:
                    fa:09:47:a0:c2:44:e7:90:86:dd:b1:42:b5:18:06:
                    a1:b0:f1:02:81:57:a8:6b:76:9e:62:96:77:32:62:
                    89:d6:ab:92:93:e8:57:c8:d4:96:6a:f7:8b:dd:ab:
                    44:ae:17:6d:8a:9d:b7:03:96:21:a9:7d:b8:7c:af:
                    b2:84:ad:5c:f7:22:b7:8a:2b:0e:a1:b7:a8:62:6e:
                    00:6c:bd:0d:16:d0:95:95:e9:b2:84:39:a0:a8:c5:
                    f3:18:37:ed:9a:fa:a8:c3:f0:a1:09:a9:f8:0c:bc:
                    b3:09:b5:ab:36:9c:3d:ef:68:0b:df:e5:bd:5a:75:
                    5a:35:d1:6c:d1:7b:a2:31:57:85:b3:2d:ee:ee:2c:
                    bd:f7:25:10:7b:17:fd:bc:47:61:a7:05:6e:2a:33:
                    ea:e7:fa:59:b1:3c:c0:bd:2c:ca:68:90:ab:e2:ef:
                    d1:e2:88:db:6f:79:5b:9f:4e:6e:39:2a:86:f7:2f:
                    b1:45:2d:3a:74:7c:6c:74:de:d0:be:b5:13:0a:09:
                    50:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:24:B4:D8:15:10:3C:C4:52:18:66:E3:04:6F:E7:26:E5:B5:F8:0E
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e203531353631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:94:2f:1b:4f:12:0b:fb:4b:20:a4:79:be:bd:f8:93:91:ee:
         8a:69:42:cd:16:de:58:27:2c:5e:ee:56:37:50:3d:66:97:4f:
         9f:4b:53:9b:57:51:f1:06:b2:5b:28:09:ef:60:33:d3:c1:84:
         b9:a1:66:bf:b7:1b:68:e9:65:ab:dd:48:ed:b0:f8:19:be:f9:
         5a:2a:9b:69:ef:9f:1f:f9:e1:7d:36:e0:12:6b:72:57:65:75:
         c0:f5:7b:d0:aa:0e:09:94:41:f4:36:b5:7e:08:81:74:48:cc:
         b6:62:b6:47:26:a4:0d:98:75:fb:a8:21:3c:a6:36:8b:d8:b5:
         d5:15:18:68:7f:43:33:76:61:10:08:89:07:e6:d2:1e:3e:f5:
         97:83:82:2e:64:8b:e9:4d:5d:80:d0:05:87:57:ce:f3:45:1b:
         33:9c:96:b0:5f:c8:98:8f:46:b2:b5:71:81:57:fc:63:63:60:
         13:72:37:d9:17:33:50:c4:95:f1:ce:e0:90:ec:70:a9:22:96:
         23:ad:8f:d8:4c:f4:c7:fd:5a:e4:32:64:c5:12:31:2e:1c:d9:
         0c:a4:1a:b1:1f:c0:ae:68:06:ac:8e:6f:46:bf:f5:89:b8:5d:
         a5:4f:93:02:f4:ef:a5:e1:9d:de:51:77:1d:d6:c0:f7:e3:01:
         9c:a7:fa:68
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXQBuqLFSUZuk3afQLjGChIBcPH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yMzA1MDQxMDUxMjJaFw0yNDA1MDIxMDU2MjJaMDMxMTAvBgNV
BAMTKDYzMjRCNEQ4MTUxMDNDQzQ1MjE4NjZFMzA0NkZFNzI2RTVCNUY4MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDScKPIxyntOS6ec4iUE7DcTwim
fJnLZJOZYiiX/VZigWRA/DJuay5hjN0229g6G2kYDrfgF49mMCpHufoJR6DCROeQ
ht2xQrUYBqGw8QKBV6hrdp5ilncyYonWq5KT6FfI1JZq94vdq0SuF22KnbcDliGp
fbh8r7KErVz3IreKKw6ht6hibgBsvQ0W0JWV6bKEOaCoxfMYN+2a+qjD8KEJqfgM
vLMJtas2nD3vaAvf5b1adVo10WzRe6IxV4WzLe7uLL33JRB7F/28R2GnBW4qM+rn
+lmxPMC9LMpokKvi79HiiNtveVufTm45Kob3L7FFLTp0fGx03tC+tRMKCVDlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYyS02BUQPMRSGGbjBG/nJuW1+A4wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzEzNDMxMmUzOTM4MmUzNzMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTM1MzYzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI1i
STANBgkqhkiG9w0BAQsFAAOCAQEAaZQvG08SC/tLIKR5vr34k5HuimlCzRbeWCcs
Xu5WN1A9ZpdPn0tTm1dR8QayWygJ72Az08GEuaFmv7cbaOllq91I7bD4Gb75Wiqb
ae+fH/nhfTbgEmtyV2V1wPV70KoOCZRB9Da1fgiBdEjMtmK2RyakDZh1+6ghPKY2
i9i11RUYaH9DM3ZhEAiJB+bSHj71l4OCLmSL6U1dgNAFh1fO80UbM5yWsF/ImI9G
srVxgVf8Y2NgE3I32RczUMSV8c7gkOxwqSKWI62P2Ez0x/1a5DJkxRIxLhzZDKQa
sR/ArmgGrI5vRr/1ibhdpU+TAvTvpeGd3lF3HdbA9+MBnKf6aA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:41 2023 by rpki-client on console-ams.rpki-client.org