Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e33342e3233322e302f32342d3332203d3e203531313637.roa
File:                     3139342e33342e3233322e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          ugHAmAVwH4u/fTVnd3esPuPMclCkNl/+IPbsyLx7r0s=
Subject key identifier:   EC:F8:7D:89:74:EF:FE:E4:63:32:EA:62:96:C3:C6:AC:C7:CD:F3:AD
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       34C96F283939C55F9CEB715FB3E8942305B2C847
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e33342e3233322e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:47 +0000
ROA not before:           Mon 26 Feb 2024 08:47:47 +0000
ROA not after:            Mon 24 Feb 2025 08:52:47 +0000
asID:                     51167
IP address blocks:        194.34.232.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:c9:6f:28:39:39:c5:5f:9c:eb:71:5f:b3:e8:94:23:05:b2:c8:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:47 2024 GMT
            Not After : Feb 24 08:52:47 2025 GMT
        Subject: CN=ECF87D8974EFFEE46332EA6296C3C6ACC7CDF3AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f6:74:03:0e:96:04:f9:97:d6:a8:0d:4c:6c:
                    33:67:c9:73:a0:1a:9a:7f:00:e5:f0:b0:17:da:9d:
                    8a:a0:88:df:1d:89:54:04:bd:31:03:e7:41:e4:dc:
                    a0:98:5c:24:1b:99:93:e1:36:68:8e:0c:f3:15:9e:
                    d6:b3:96:91:0f:82:a5:a6:9c:9a:6d:37:f9:97:b8:
                    b6:63:48:d6:20:a5:81:70:88:0d:99:a2:10:ae:3b:
                    3c:25:0b:b6:6b:e9:81:12:58:7e:d6:32:53:a0:b7:
                    d7:60:a5:6b:33:c4:95:17:2f:9d:b2:ee:08:7f:d3:
                    4f:33:a2:f1:a1:fa:25:b9:8c:e8:d5:61:cc:8d:7b:
                    c8:b1:5f:76:90:d8:50:02:9a:f2:53:74:c0:3c:4a:
                    3a:b7:da:57:1e:8d:0b:98:f0:3e:92:f7:b5:31:f6:
                    22:a9:ca:c5:01:44:a3:bb:9d:84:d9:28:40:2f:cc:
                    b9:b4:54:d3:21:81:fb:92:28:13:9e:80:c3:61:75:
                    ed:05:af:d8:7f:c9:e4:a3:0b:fb:9d:7e:57:a9:a4:
                    22:82:12:67:d2:c7:c8:20:4e:9e:ed:e0:71:45:05:
                    be:09:a1:46:9e:0b:14:ef:65:42:bc:2c:a4:34:cd:
                    7d:21:5f:a1:98:f4:ba:15:98:b2:10:55:16:d7:f0:
                    76:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F8:7D:89:74:EF:FE:E4:63:32:EA:62:96:C3:C6:AC:C7:CD:F3:AD
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e33342e3233322e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:ce:c1:23:01:83:0e:92:15:e2:fb:53:a5:62:05:71:79:4e:
         e1:57:34:80:52:8c:5f:33:14:61:4e:11:9b:7a:a1:86:e6:29:
         41:50:47:a8:d8:0f:8f:9e:13:49:16:dc:d2:b3:9d:cb:0c:07:
         62:1b:dc:0a:4c:6b:45:ef:a8:06:38:fe:12:6b:73:ce:f0:41:
         0e:df:ab:e5:ec:16:5d:09:2e:6e:2e:c4:0d:ae:0d:05:72:1f:
         1d:c9:52:00:5c:32:dc:55:99:72:9e:2f:d5:55:01:17:3d:6f:
         5a:da:45:59:67:e1:d3:57:14:9a:c9:50:2c:fc:55:5f:3c:a3:
         80:35:b1:b7:be:02:9e:ba:43:bd:a6:c4:2b:09:eb:3a:25:5a:
         74:6f:22:7d:ba:40:07:90:78:f7:2b:9d:de:ee:bd:7b:9e:5f:
         d6:99:f8:10:cc:db:b8:27:f5:ca:c4:db:4e:0c:fa:c8:ca:3d:
         d4:b1:d1:93:9c:b4:47:39:29:89:86:0a:7b:0b:c4:50:73:72:
         5e:d9:1b:5d:89:af:32:3d:f1:34:db:3d:1e:d0:95:c9:ad:51:
         d8:39:21:c7:45:e6:30:77:4f:b7:89:fb:de:57:22:20:05:a8:
         de:28:79:2f:de:43:6c:be:e3:29:ce:1b:d9:a5:d9:f4:a6:56:
         2a:4c:14:13
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUNMlvKDk5xV+c63Ffs+iUIwWyyEcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDdaFw0yNTAyMjQwODUyNDdaMDMxMTAvBgNV
BAMTKEVDRjg3RDg5NzRFRkZFRTQ2MzMyRUE2Mjk2QzNDNkFDQzdDREYzQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe9nQDDpYE+ZfWqA1MbDNnyXOg
Gpp/AOXwsBfanYqgiN8diVQEvTED50Hk3KCYXCQbmZPhNmiODPMVntazlpEPgqWm
nJptN/mXuLZjSNYgpYFwiA2ZohCuOzwlC7Zr6YESWH7WMlOgt9dgpWszxJUXL52y
7gh/008zovGh+iW5jOjVYcyNe8ixX3aQ2FACmvJTdMA8Sjq32lcejQuY8D6S97Ux
9iKpysUBRKO7nYTZKEAvzLm0VNMhgfuSKBOegMNhde0Fr9h/yeSjC/udfleppCKC
EmfSx8ggTp7t4HFFBb4JoUaeCxTvZUK8LKQ0zX0hX6GY9LoVmLIQVRbX8HbhAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU7Ph9iXTv/uRjMupilsPGrMfN860wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTM0MmUzMzM0MmUzMjMz
MzIyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wiLoMA0GCSqGSIb3DQEBCwUAA4IBAQBlzsEjAYMOkhXi+1OlYgVxeU7hVzSAUoxf
MxRhThGbeqGG5ilBUEeo2A+PnhNJFtzSs53LDAdiG9wKTGtF76gGOP4Sa3PO8EEO
36vl7BZdCS5uLsQNrg0Fch8dyVIAXDLcVZlyni/VVQEXPW9a2kVZZ+HTVxSayVAs
/FVfPKOANbG3vgKeukO9psQrCes6JVp0byJ9ukAHkHj3K53e7r17nl/WmfgQzNu4
J/XKxNtODPrIyj3UsdGTnLRHOSmJhgp7C8RQc3Je2Rtdia8yPfE02z0e0JXJrVHY
OSHHReYwd0+3ifveVyIgBajeKHkv3kNsvuMpzhvZpdn0plYqTBQT
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org