Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e203531353631.roa
File:                     3134312e39382e37332e302f32342d3234203d3e203531353631.roa (raw, json)
Hash identifier:          yrcKecJBJeZCEciW8lKQypFnDe7HrdQmKZ6e+6FoDYM=
Subject key identifier:   92:3E:C0:AA:C9:7E:AB:00:4C:8C:6D:8F:04:B0:84:0E:7E:73:1E:55
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       562082270CB57C67CA7F3BE32DFB94D5E319BE58
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e203531353631.roa
Signing time:             Thu 04 Apr 2024 11:05:15 +0000
ROA not before:           Thu 04 Apr 2024 11:00:15 +0000
ROA not after:            Thu 03 Apr 2025 11:05:15 +0000
asID:                     51561
IP address blocks:        141.98.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:20:82:27:0c:b5:7c:67:ca:7f:3b:e3:2d:fb:94:d5:e3:19:be:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:15 2024 GMT
            Not After : Apr  3 11:05:15 2025 GMT
        Subject: CN=923EC0AAC97EAB004C8C6D8F04B0840E7E731E55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:21:07:26:97:33:50:63:fe:fe:6a:2a:11:af:
                    6f:79:7e:3d:ca:25:14:1d:53:ed:9a:50:c3:23:b6:
                    81:0d:1e:65:05:db:88:5a:24:8e:58:60:b1:f2:8c:
                    44:9b:21:c7:35:1c:dd:01:1b:d7:c8:0f:bb:b6:ac:
                    73:f6:01:b3:b2:65:e9:0e:41:67:ac:40:b8:a8:cd:
                    8f:8b:fb:29:fe:56:70:c5:db:c9:9d:f1:b9:a2:59:
                    14:d7:e7:ef:34:ec:2f:61:0c:df:82:a7:44:b1:3e:
                    d0:52:ff:f6:9c:83:94:20:cf:6e:79:f8:4a:47:0b:
                    31:d4:97:16:e6:00:dd:73:82:f2:90:4d:65:cf:19:
                    c3:c7:96:e7:92:70:b9:c0:e6:95:d4:15:b8:4d:b6:
                    4d:a1:3f:5e:bb:27:e1:38:0f:e8:71:d5:8c:40:5d:
                    6f:73:67:ee:46:38:fb:ce:d5:26:d2:c3:13:5a:8a:
                    30:f3:45:3d:57:47:9e:b1:53:c3:75:61:58:84:de:
                    33:d8:ed:8e:fa:2e:ce:c8:2b:3d:af:bc:38:06:c7:
                    d3:a1:f8:dc:af:49:86:76:63:c6:af:0a:42:3a:e7:
                    cd:35:f0:76:45:87:ea:17:8e:b6:7c:47:1f:71:0e:
                    b4:9f:82:3b:6e:19:f7:ef:7c:1a:e4:a0:04:18:b2:
                    e7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3E:C0:AA:C9:7E:AB:00:4C:8C:6D:8F:04:B0:84:0E:7E:73:1E:55
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e203531353631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:30:4b:af:10:d3:67:0e:f7:21:d4:fd:c7:74:a9:7f:b1:38:
         b6:fc:7b:34:c3:63:bb:d2:70:a4:4a:99:82:d0:d4:4e:76:1f:
         26:f3:4f:42:69:12:99:15:a5:45:28:75:58:73:ce:3c:35:af:
         c4:bc:e5:16:10:27:88:c1:67:42:4e:15:6e:a0:08:8f:bf:ee:
         c3:72:84:b8:a8:78:fa:8b:53:63:b6:91:da:26:f6:7b:e5:1b:
         f7:3d:64:ec:c8:bc:87:0f:50:69:9a:78:0a:4f:02:5b:d1:0d:
         e8:64:e5:cb:4e:4a:84:a8:da:28:16:bb:b1:8c:04:29:ec:fb:
         2f:6a:b3:c9:56:4b:ee:a5:d8:3d:0f:24:91:37:5b:ac:ae:70:
         1d:15:fe:1e:75:76:32:68:bf:20:62:9f:97:6a:92:6d:83:3c:
         00:ac:24:95:3b:9a:a8:85:75:51:a9:47:ba:6d:5b:5a:5d:43:
         a6:37:ec:ec:52:fc:34:4f:7d:3b:8c:3f:26:82:6b:64:74:1d:
         f8:40:aa:5b:00:5a:37:f2:96:98:3f:fb:d0:14:89:a9:0a:43:
         65:38:57:68:c0:d6:fe:ca:1d:ab:66:38:fa:d3:3a:77:6a:ab:
         ef:1e:d6:dc:49:3a:8c:4d:68:2f:b2:78:9b:ff:e3:76:a4:f2:
         bb:d9:80:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUViCCJwy1fGfKfzvjLfuU1eMZvlgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTVaFw0yNTA0MDMxMTA1MTVaMDMxMTAvBgNV
BAMTKDkyM0VDMEFBQzk3RUFCMDA0QzhDNkQ4RjA0QjA4NDBFN0U3MzFFNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfIQcmlzNQY/7+aioRr295fj3K
JRQdU+2aUMMjtoENHmUF24haJI5YYLHyjESbIcc1HN0BG9fID7u2rHP2AbOyZekO
QWesQLiozY+L+yn+VnDF28md8bmiWRTX5+807C9hDN+Cp0SxPtBS//acg5Qgz255
+EpHCzHUlxbmAN1zgvKQTWXPGcPHlueScLnA5pXUFbhNtk2hP167J+E4D+hx1YxA
XW9zZ+5GOPvO1SbSwxNaijDzRT1XR56xU8N1YViE3jPY7Y76Ls7IKz2vvDgGx9Oh
+NyvSYZ2Y8avCkI658018HZFh+oXjrZ8Rx9xDrSfgjtuGffvfBrkoAQYsuc1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkj7Aqsl+qwBMjG2PBLCEDn5zHlUwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzEzNDMxMmUzOTM4MmUzNzMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTM1MzYzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI1i
STANBgkqhkiG9w0BAQsFAAOCAQEAfjBLrxDTZw73IdT9x3Spf7E4tvx7NMNju9Jw
pEqZgtDUTnYfJvNPQmkSmRWlRSh1WHPOPDWvxLzlFhAniMFnQk4VbqAIj7/uw3KE
uKh4+otTY7aR2ib2e+Ub9z1k7Mi8hw9QaZp4Ck8CW9EN6GTly05KhKjaKBa7sYwE
Kez7L2qzyVZL7qXYPQ8kkTdbrK5wHRX+HnV2Mmi/IGKfl2qSbYM8AKwklTuaqIV1
UalHum1bWl1Dpjfs7FL8NE99O4w/JoJrZHQd+ECqWwBaN/KWmD/70BSJqQpDZThX
aMDW/sodq2Y4+tM6d2qr7x7W3Ek6jE1oL7J4m//jdqTyu9mAPA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 07:03:46 2024 by rpki-client on console-fra.rpki-client.org