Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e35392e3235342e302f32342d3234203d3e20313336373837.roa
File:                     3139342e35392e3235342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          sq799XcT97wOQgl9WaDnMkXf+Z9npUssPN30nHRA1To=
Subject key identifier:   20:A4:20:51:33:D0:F0:97:6E:E1:06:13:70:64:46:3E:91:4D:49:F9
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       446C0BD7E99EF832A9191A1D1251BDD15D99DC99
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e35392e3235342e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:34:12 +0000
ROA not before:           Wed 07 Feb 2024 12:29:12 +0000
ROA not after:            Wed 05 Feb 2025 12:34:12 +0000
asID:                     136787
IP address blocks:        194.59.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:6c:0b:d7:e9:9e:f8:32:a9:19:1a:1d:12:51:bd:d1:5d:99:dc:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:29:12 2024 GMT
            Not After : Feb  5 12:34:12 2025 GMT
        Subject: CN=20A4205133D0F0976EE106137064463E914D49F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:d6:5a:be:de:88:10:93:e6:8b:16:4e:86:27:
                    4a:9f:cb:b8:06:a0:e7:11:b0:e2:d7:00:c1:8e:c7:
                    99:b7:82:09:83:a9:19:8e:dd:53:f3:42:84:ca:da:
                    97:c6:ab:1d:0d:f5:63:db:57:5b:67:94:b3:ac:68:
                    36:fe:c6:57:a0:82:1c:52:db:97:85:3f:f0:20:46:
                    8c:99:d6:55:0b:0a:3d:6c:f9:1b:ee:e7:68:23:8e:
                    c0:24:e4:78:02:25:79:73:94:98:9d:ad:b6:cd:7c:
                    37:50:1c:e2:05:18:92:65:6e:b0:58:23:d2:09:78:
                    dd:72:76:c2:4a:89:91:6f:3f:54:00:3b:52:a1:d6:
                    26:37:0b:ec:0f:a9:76:cd:d2:b5:30:06:78:c3:3e:
                    19:20:6e:88:64:63:45:56:17:f7:b9:bb:12:a4:08:
                    a1:fd:41:c3:7e:71:cf:b5:66:2e:e3:9a:47:d6:15:
                    c2:8b:dc:f9:6a:e0:00:4e:43:7b:00:4c:50:61:3f:
                    18:3d:d6:0b:7f:5d:23:8e:3f:8b:43:01:43:b0:1a:
                    9c:47:09:42:92:9f:79:f9:33:9f:57:cf:39:a6:e6:
                    6d:36:2f:6e:49:25:22:2c:24:6a:69:c9:4f:17:7f:
                    46:20:e8:65:0a:37:5d:fa:20:27:6d:d4:4a:e9:96:
                    d9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A4:20:51:33:D0:F0:97:6E:E1:06:13:70:64:46:3E:91:4D:49:F9
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e35392e3235342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:ec:90:3f:13:9d:93:99:fe:56:02:e8:d7:bf:6f:5f:5d:54:
         6c:c3:d5:c8:76:35:63:e0:32:ec:2d:6c:17:75:51:62:35:48:
         d3:46:79:dc:86:dd:9a:27:01:97:d4:31:85:42:3c:79:df:b9:
         d8:e5:cb:77:9c:e8:2f:16:b5:d5:66:c0:98:42:8e:fd:75:16:
         79:da:a5:ca:0c:68:ba:bd:b9:58:a7:2c:27:55:56:04:cf:95:
         17:d0:63:8e:5e:d2:dc:3a:7c:d2:34:f4:49:dd:bb:e9:19:09:
         54:8a:48:7a:18:44:16:f4:ab:a3:1b:38:48:d5:4c:95:b5:16:
         5a:03:6e:cd:70:61:29:93:32:d3:17:44:ab:1c:6d:e0:41:78:
         da:52:2f:83:85:7c:44:9c:7e:2b:d4:51:f3:bd:79:67:c7:03:
         34:31:85:88:e1:92:d3:41:02:62:3b:51:fc:3e:4e:1b:fb:ae:
         3e:55:d6:e2:f4:dd:ea:81:1a:1c:37:9b:af:2b:ea:ba:67:6b:
         aa:0f:4f:ae:73:1b:b4:3c:9e:5b:8c:8b:ce:b8:45:d6:62:b2:
         c7:a3:f1:dd:6b:bf:a6:f8:4d:d7:28:83:35:ff:7e:ce:9c:5f:
         ed:25:de:82:32:e0:be:26:4c:09:db:e1:12:ae:19:5c:bc:1f:
         71:a4:cd:35
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIURGwL1+me+DKpGRodElG90V2Z3JkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI5MTJaFw0yNTAyMDUxMjM0MTJaMDMxMTAvBgNV
BAMTKDIwQTQyMDUxMzNEMEYwOTc2RUUxMDYxMzcwNjQ0NjNFOTE0RDQ5RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDy1lq+3ogQk+aLFk6GJ0qfy7gG
oOcRsOLXAMGOx5m3ggmDqRmO3VPzQoTK2pfGqx0N9WPbV1tnlLOsaDb+xlegghxS
25eFP/AgRoyZ1lULCj1s+Rvu52gjjsAk5HgCJXlzlJidrbbNfDdQHOIFGJJlbrBY
I9IJeN1ydsJKiZFvP1QAO1Kh1iY3C+wPqXbN0rUwBnjDPhkgbohkY0VWF/e5uxKk
CKH9QcN+cc+1Zi7jmkfWFcKL3Plq4ABOQ3sATFBhPxg91gt/XSOOP4tDAUOwGpxH
CUKSn3n5M59Xzzmm5m02L25JJSIsJGppyU8Xf0Yg6GUKN136ICdt1Erpltk9AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUIKQgUTPQ8Jdu4QYTcGRGPpFNSfkwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTM0MmUzNTM5MmUzMjM1
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCO/4wDQYJKoZIhvcNAQELBQADggEBAFTskD8TnZOZ/lYC6Ne/b19dVGzD1ch2
NWPgMuwtbBd1UWI1SNNGedyG3ZonAZfUMYVCPHnfudjly3ec6C8WtdVmwJhCjv11
FnnapcoMaLq9uVinLCdVVgTPlRfQY45e0tw6fNI09Endu+kZCVSKSHoYRBb0q6Mb
OEjVTJW1FloDbs1wYSmTMtMXRKscbeBBeNpSL4OFfEScfivUUfO9eWfHAzQxhYjh
ktNBAmI7Ufw+Thv7rj5V1uL03eqBGhw3m68r6rpna6oPT65zG7Q8nluMi864RdZi
ssej8d1rv6b4TdcogzX/fs6cX+0l3oIy4L4mTAnb4RKuGVy8H3GkzTU=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:10 2024 by rpki-client on console-fra.rpki-client.org