Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e32322e32342e302f32342d3234203d3e20313336373837.roa
File:                     3139332e32322e32342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          XqBlj+0+micK2rZ/atTqfEqkLyQOTTt5KZdgZUGPdws=
Subject key identifier:   0B:08:08:E4:E8:3A:6B:16:E9:27:51:BD:DD:9C:7A:E3:0E:46:0F:B6
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       7C441CEA58EB5C82AF0D82A6A4121EC703BF80A5
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e32322e32342e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 04 Mar 2024 19:44:56 +0000
ROA not before:           Mon 04 Mar 2024 19:39:56 +0000
ROA not after:            Mon 03 Mar 2025 19:44:56 +0000
asID:                     136787
IP address blocks:        193.22.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:44:1c:ea:58:eb:5c:82:af:0d:82:a6:a4:12:1e:c7:03:bf:80:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar  4 19:39:56 2024 GMT
            Not After : Mar  3 19:44:56 2025 GMT
        Subject: CN=0B0808E4E83A6B16E92751BDDD9C7AE30E460FB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:51:b8:9e:9b:c0:67:f0:ac:ce:78:18:53:bc:
                    27:2c:68:35:a0:10:4b:df:8c:d3:c0:d5:e8:0d:4d:
                    2f:ed:ea:bb:3a:6b:27:e6:dc:2d:d0:f4:73:fb:02:
                    c7:e3:81:a0:af:86:e9:eb:50:9e:f4:5e:e7:61:a6:
                    60:87:05:15:97:df:c3:76:87:10:80:78:fb:2e:80:
                    0f:14:27:51:1e:79:78:01:29:ac:8c:41:30:d5:d6:
                    0a:c1:ab:b2:71:58:96:d8:8f:2a:f8:01:7f:09:7f:
                    84:c9:dc:73:81:97:f7:99:c3:e7:60:b5:23:33:25:
                    a9:c2:05:34:ca:1a:e1:7e:58:f3:fe:62:c9:3c:63:
                    90:dd:22:cd:3a:0c:55:d5:3c:69:21:c5:fd:47:02:
                    e9:f3:b1:c7:75:93:b8:d5:61:a0:d9:6d:15:20:22:
                    02:94:dc:12:7b:fe:f1:3f:f4:40:ea:fc:db:d1:0f:
                    d1:22:00:d2:d4:3e:bf:22:60:2f:d6:93:94:58:03:
                    45:48:99:54:80:cb:2d:2f:b8:3d:4c:10:2f:09:b7:
                    c1:9d:a7:68:34:22:09:06:be:f3:b8:0c:65:3e:de:
                    56:5b:36:c6:31:1d:7c:5d:5e:29:80:43:34:e4:c2:
                    f2:ee:65:55:b2:cf:44:c7:dc:a0:b5:77:c9:42:7b:
                    14:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:08:08:E4:E8:3A:6B:16:E9:27:51:BD:DD:9C:7A:E3:0E:46:0F:B6
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e32322e32342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:9c:aa:01:a3:f4:4f:3e:8b:f1:51:c7:65:17:4b:77:68:41:
         58:82:ca:28:a4:7e:57:ef:cd:5b:12:1d:e0:5f:d9:ad:ee:47:
         2e:b9:5b:8a:46:5c:7b:a7:f5:0c:80:1d:17:dd:56:fa:0a:c3:
         af:7f:22:40:8a:09:b5:8d:a7:d8:40:03:ff:b6:5b:d3:6f:33:
         65:45:8b:f4:6d:6e:8c:1d:47:be:72:e3:db:80:56:79:4a:70:
         88:6f:05:59:1a:64:c6:68:e0:99:16:7f:bc:6a:ac:2b:ee:fa:
         28:9d:f4:3b:b1:e3:b8:a3:d1:e9:b1:7a:2f:7f:72:b5:d6:12:
         36:e3:c0:48:dc:e3:19:ac:d6:db:96:8b:87:54:3d:e4:bb:21:
         4a:fe:d6:10:7e:fd:ae:51:a9:5b:95:4a:c0:c0:cf:7a:f7:37:
         ab:93:fa:94:35:a5:1c:a8:ee:bc:c1:e9:33:b6:9a:eb:69:f9:
         bb:f7:7c:c6:c2:12:ed:1d:96:ce:a9:3b:4b:df:6c:c1:88:ae:
         3c:a2:ee:20:56:06:a9:1d:fa:e3:52:48:14:96:27:aa:5a:b7:
         2c:38:74:53:bb:b5:cf:da:2f:47:75:86:f7:b1:eb:48:81:cb:
         51:26:9f:b0:ff:d2:c9:44:cf:97:95:73:0e:3c:85:b5:91:16:
         d8:51:b7:39
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUfEQc6ljrXIKvDYKmpBIexwO/gKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMDQxOTM5NTZaFw0yNTAzMDMxOTQ0NTZaMDMxMTAvBgNV
BAMTKDBCMDgwOEU0RTgzQTZCMTZFOTI3NTFCREREOUM3QUUzMEU0NjBGQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Ubiem8Bn8KzOeBhTvCcsaDWg
EEvfjNPA1egNTS/t6rs6ayfm3C3Q9HP7AsfjgaCvhunrUJ70XudhpmCHBRWX38N2
hxCAePsugA8UJ1EeeXgBKayMQTDV1grBq7JxWJbYjyr4AX8Jf4TJ3HOBl/eZw+dg
tSMzJanCBTTKGuF+WPP+Ysk8Y5DdIs06DFXVPGkhxf1HAunzscd1k7jVYaDZbRUg
IgKU3BJ7/vE/9EDq/NvRD9EiANLUPr8iYC/Wk5RYA0VImVSAyy0vuD1MEC8Jt8Gd
p2g0IgkGvvO4DGU+3lZbNsYxHXxdXimAQzTkwvLuZVWyz0TH3KC1d8lCexRVAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUCwgI5Og6axbpJ1G93Zx64w5GD7YwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTMzMmUzMjMyMmUzMjM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wRYYMA0GCSqGSIb3DQEBCwUAA4IBAQBxnKoBo/RPPovxUcdlF0t3aEFYgsoopH5X
781bEh3gX9mt7kcuuVuKRlx7p/UMgB0X3Vb6CsOvfyJAigm1jafYQAP/tlvTbzNl
RYv0bW6MHUe+cuPbgFZ5SnCIbwVZGmTGaOCZFn+8aqwr7voonfQ7seO4o9HpsXov
f3K11hI248BI3OMZrNbblouHVD3kuyFK/tYQfv2uUalblUrAwM969zerk/qUNaUc
qO68wekztprrafm793zGwhLtHZbOqTtL32zBiK48ou4gVgapHfrjUkgUlieqWrcs
OHRTu7XP2i9HdYb3setIgctRJp+w/9LJRM+XlXMOPIW1kRbYUbc5
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:44 2024 by rpki-client on console-ams.rpki-client.org