Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e3131302e38352e302f32342d3234203d3e20313336373837.roa
File:                     3139342e3131302e38352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          1U7K4A/XAuhEUChdK8Ni9I2zf6FK5Efpt8OJPMItfBI=
Subject key identifier:   DD:C4:EC:88:17:4E:99:70:0D:BD:D5:14:D1:A0:C9:DC:43:79:BC:42
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       1AB07E03B80A8A34DBF1B5E5F51397D03E829EA4
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e3131302e38352e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:54 +0000
ROA not before:           Mon 26 Feb 2024 08:47:54 +0000
ROA not after:            Mon 24 Feb 2025 08:52:54 +0000
asID:                     136787
IP address blocks:        194.110.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:b0:7e:03:b8:0a:8a:34:db:f1:b5:e5:f5:13:97:d0:3e:82:9e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:54 2024 GMT
            Not After : Feb 24 08:52:54 2025 GMT
        Subject: CN=DDC4EC88174E99700DBDD514D1A0C9DC4379BC42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:19:d7:9a:67:38:1f:f6:63:4c:af:9c:91:94:
                    36:4c:19:aa:41:bb:65:5d:70:dd:1b:56:c2:83:63:
                    f6:d6:26:1a:8e:6e:41:69:25:30:3c:a0:c9:68:0c:
                    1c:8e:6c:6e:85:1a:fa:45:17:f3:a8:19:8a:23:7e:
                    f3:20:2f:d4:b3:ec:f7:b6:06:b5:b9:33:fe:17:d2:
                    81:c8:89:b5:bb:92:7d:de:3c:bc:d4:06:2d:75:1b:
                    f5:26:d9:23:e0:59:b1:34:cb:3d:73:48:1d:78:ee:
                    35:8b:9e:31:2b:d7:6e:8a:68:1e:21:f0:4c:87:42:
                    c3:0c:ef:fe:12:21:42:0d:2b:17:bf:be:6c:44:a4:
                    69:82:0d:18:25:f0:44:41:e3:5f:c9:b9:e5:1a:15:
                    96:04:f3:b1:c3:4c:47:42:61:6e:0a:7c:f2:39:5f:
                    22:ec:d9:7e:4c:09:0b:27:8a:0e:f4:be:a7:a0:ed:
                    d9:97:f3:1c:58:7a:d4:7b:6f:58:7c:7a:63:e2:49:
                    a8:2a:8f:4a:10:17:12:c5:1e:14:af:a3:52:a8:3d:
                    7f:57:9e:05:5b:e4:fd:24:34:22:38:3d:49:ef:b1:
                    c0:e6:da:fa:39:bf:00:40:99:6a:90:2d:c3:c7:8e:
                    6b:96:9e:2b:84:20:05:f9:74:95:d5:44:91:e1:c1:
                    37:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C4:EC:88:17:4E:99:70:0D:BD:D5:14:D1:A0:C9:DC:43:79:BC:42
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e3131302e38352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:6a:9d:ab:9e:a9:1b:a1:de:e8:96:f8:91:57:e1:22:06:24:
         3c:61:32:67:97:b5:73:94:8a:13:f9:1e:aa:fa:d3:dc:bb:12:
         0b:d0:dd:19:ad:9f:12:ac:11:6f:69:b8:88:7a:99:49:e2:25:
         8b:1c:df:3f:a7:02:57:1f:b0:02:e9:5f:7f:f8:13:e0:c6:cc:
         ee:97:5a:bf:d5:db:be:54:c0:9c:e9:ca:a6:89:9c:48:5b:12:
         5e:c2:39:d5:60:ab:b6:84:ab:2d:cf:45:df:6e:b5:09:98:76:
         89:11:ec:4c:70:1d:e5:18:20:0e:1c:e5:a4:a6:97:90:38:fa:
         1e:f8:0f:34:28:58:a7:1f:d4:bb:f2:fe:a7:8f:db:a6:11:99:
         10:0f:cd:56:a8:d6:98:42:67:5c:b6:c1:a8:56:e6:3e:02:ee:
         03:aa:fb:b1:df:a6:d6:90:81:f6:0a:28:ad:31:cf:9e:ef:99:
         61:75:01:fd:35:af:ac:b7:91:ac:3a:25:d3:75:7f:06:9d:6b:
         00:c6:c8:2f:8d:78:09:ca:09:7b:d4:ed:a7:41:cb:75:67:05:
         ca:15:43:b0:ac:c8:ad:0e:56:6b:d4:5e:cd:6c:c6:ad:32:3e:
         29:c4:18:13:dc:24:d2:30:66:67:5e:82:f2:0d:b8:53:78:22:
         ba:c1:3e:6a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUGrB+A7gKijTb8bXl9ROX0D6CnqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTRaFw0yNTAyMjQwODUyNTRaMDMxMTAvBgNV
BAMTKEREQzRFQzg4MTc0RTk5NzAwREJERDUxNEQxQTBDOURDNDM3OUJDNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuGdeaZzgf9mNMr5yRlDZMGapB
u2VdcN0bVsKDY/bWJhqObkFpJTA8oMloDByObG6FGvpFF/OoGYojfvMgL9Sz7Pe2
BrW5M/4X0oHIibW7kn3ePLzUBi11G/Um2SPgWbE0yz1zSB147jWLnjEr126KaB4h
8EyHQsMM7/4SIUINKxe/vmxEpGmCDRgl8ERB41/JueUaFZYE87HDTEdCYW4KfPI5
XyLs2X5MCQsnig70vqeg7dmX8xxYetR7b1h8emPiSagqj0oQFxLFHhSvo1KoPX9X
ngVb5P0kNCI4PUnvscDm2vo5vwBAmWqQLcPHjmuWniuEIAX5dJXVRJHhwTfvAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU3cTsiBdOmXANvdUU0aDJ3EN5vEIwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTM0MmUzMTMxMzAyZTM4
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCblUwDQYJKoZIhvcNAQELBQADggEBAJxqnaueqRuh3uiW+JFX4SIGJDxhMmeX
tXOUihP5Hqr609y7EgvQ3RmtnxKsEW9puIh6mUniJYsc3z+nAlcfsALpX3/4E+DG
zO6XWr/V275UwJzpyqaJnEhbEl7COdVgq7aEqy3PRd9utQmYdokR7ExwHeUYIA4c
5aSml5A4+h74DzQoWKcf1Lvy/qeP26YRmRAPzVao1phCZ1y2wahW5j4C7gOq+7Hf
ptaQgfYKKK0xz57vmWF1Af01r6y3kaw6JdN1fwadawDGyC+NeAnKCXvU7adBy3Vn
BcoVQ7CsyK0OVmvUXs1sxq0yPinEGBPcJNIwZmdegvINuFN4IrrBPmo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:44 2024 by rpki-client on console-ams.rpki-client.org