Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3130392e3132332e3232382e302f32322d3332203d3e20313431393935.roa
File:                     3130392e3132332e3232382e302f32322d3332203d3e20313431393935.roa (raw, json)
Hash identifier:          JlUclJjPlZ+ClJHX6bCPA82jb3Y2P/lRm8RUDUhrZ8Y=
Subject key identifier:   36:69:60:90:C0:36:A8:BA:5F:D5:8F:A9:12:FF:75:1F:8E:2E:E8:53
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0F2A7B64E01A38328D563CC2314562FCE6748D05
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3130392e3132332e3232382e302f32322d3332203d3e20313431393935.roa
Signing time:             Mon 26 Feb 2024 08:53:18 +0000
ROA not before:           Mon 26 Feb 2024 08:48:18 +0000
ROA not after:            Mon 24 Feb 2025 08:53:18 +0000
asID:                     141995
IP address blocks:        109.123.228.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:2a:7b:64:e0:1a:38:32:8d:56:3c:c2:31:45:62:fc:e6:74:8d:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:18 2024 GMT
            Not After : Feb 24 08:53:18 2025 GMT
        Subject: CN=36696090C036A8BA5FD58FA912FF751F8E2EE853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e6:a4:eb:61:e9:61:e0:cb:1d:93:dc:c4:c3:
                    17:bc:c2:7c:a7:9a:a1:20:81:f9:a6:28:c2:62:c0:
                    ac:0e:6c:fd:f8:aa:e4:67:c1:4a:44:62:63:b2:8b:
                    a9:41:63:64:8d:12:e3:be:01:51:c1:66:f7:eb:db:
                    8f:71:d8:d2:ac:a7:8b:4f:df:a1:d2:79:f5:15:9c:
                    af:7c:90:2c:e4:cf:5c:87:d5:05:79:ef:11:36:6f:
                    5e:bb:1f:6c:80:02:37:81:39:43:10:b6:34:f3:6e:
                    f2:db:8e:99:52:69:ce:1d:cd:cc:88:2c:45:f4:40:
                    f0:ba:12:13:80:79:28:7e:1d:59:b9:0e:b9:5b:b6:
                    d1:a0:33:c9:99:17:31:50:39:a4:77:6b:23:43:b1:
                    fb:0e:c5:65:44:6f:c9:e3:7a:a2:05:4d:ac:37:08:
                    71:f2:42:5c:82:f4:4c:31:2e:5f:c6:35:32:c3:76:
                    6f:68:7e:08:73:ed:37:cb:3b:d2:11:28:c5:b6:92:
                    ae:91:bd:eb:dc:cb:90:ad:d7:7c:60:3b:03:e4:7c:
                    51:de:0e:32:7b:fc:da:33:02:35:38:67:ef:27:a3:
                    b2:07:a4:70:9b:13:14:7b:1f:74:95:3d:ba:89:99:
                    ea:ec:e9:9c:45:1f:9e:f4:7a:b3:1e:75:60:a4:a0:
                    65:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:69:60:90:C0:36:A8:BA:5F:D5:8F:A9:12:FF:75:1F:8E:2E:E8:53
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3130392e3132332e3232382e302f32322d3332203d3e20313431393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.123.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:fd:b4:8b:4e:a9:5c:dd:77:eb:fd:16:53:4f:65:7e:ba:5a:
         16:f0:04:d6:35:f0:24:df:80:c7:ae:bd:7b:b9:f9:14:db:1b:
         cc:fc:28:ee:5c:ac:8a:1e:f1:f8:36:ad:ac:b1:4e:73:80:e9:
         7d:37:ee:fd:40:20:73:b0:d0:1f:12:31:91:1c:3f:52:32:c8:
         61:2a:56:88:4c:8d:79:10:3d:29:96:f2:52:5d:6b:c0:f5:ee:
         89:8e:0f:89:6d:80:ff:ab:6a:aa:95:44:fa:fd:7f:9c:ed:86:
         56:e2:96:0f:33:16:96:da:72:d7:21:4c:e7:df:36:e2:e1:13:
         8e:25:b4:a5:d1:76:85:6a:dc:8c:e5:b7:fa:de:8d:c4:94:43:
         cf:42:66:3d:29:46:68:0f:ab:22:e1:0f:ac:6d:6f:b6:3c:a3:
         88:ce:73:9b:ef:46:d9:82:23:bf:09:cc:9b:4a:92:2c:98:09:
         d2:8f:d4:7a:b4:de:a1:ef:f4:31:c8:6c:d4:1e:84:03:31:10:
         01:61:5e:62:3a:f2:f9:6e:aa:b8:4c:bf:14:66:ac:ca:55:b3:
         9b:88:eb:ff:3d:70:38:59:ab:4a:ec:a5:f5:8c:2c:b4:90:9f:
         7a:3c:f9:b8:0b:c9:f4:16:b6:9c:c6:24:58:b2:f9:9c:2a:90:
         01:9e:2b:67
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUDyp7ZOAaODKNVjzCMUVi/OZ0jQUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MThaFw0yNTAyMjQwODUzMThaMDMxMTAvBgNV
BAMTKDM2Njk2MDkwQzAzNkE4QkE1RkQ1OEZBOTEyRkY3NTFGOEUyRUU4NTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz5qTrYelh4Msdk9zEwxe8wnyn
mqEggfmmKMJiwKwObP34quRnwUpEYmOyi6lBY2SNEuO+AVHBZvfr249x2NKsp4tP
36HSefUVnK98kCzkz1yH1QV57xE2b167H2yAAjeBOUMQtjTzbvLbjplSac4dzcyI
LEX0QPC6EhOAeSh+HVm5DrlbttGgM8mZFzFQOaR3ayNDsfsOxWVEb8njeqIFTaw3
CHHyQlyC9EwxLl/GNTLDdm9ofghz7TfLO9IRKMW2kq6Rvevcy5Ct13xgOwPkfFHe
DjJ7/NozAjU4Z+8no7IHpHCbExR7H3SVPbqJmers6ZxFH570erMedWCkoGXDAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUNmlgkMA2qLpf1Y+pEv91H44u6FMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzMDM5MmUzMTMyMzMyZTMy
MzIzODJlMzAyZjMyMzIyZDMzMzIyMDNkM2UyMDMxMzQzMTM5MzkzNS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAm175DANBgkqhkiG9w0BAQsFAAOCAQEAMP20i06pXN136/0WU09lfrpaFvAE
1jXwJN+Ax669e7n5FNsbzPwo7lysih7x+DatrLFOc4DpfTfu/UAgc7DQHxIxkRw/
UjLIYSpWiEyNeRA9KZbyUl1rwPXuiY4PiW2A/6tqqpVE+v1/nO2GVuKWDzMWltpy
1yFM59824uETjiW0pdF2hWrcjOW3+t6NxJRDz0JmPSlGaA+rIuEPrG1vtjyjiM5z
m+9G2YIjvwnMm0qSLJgJ0o/UerTeoe/0Mchs1B6EAzEQAWFeYjry+W6quEy/FGas
ylWzm4jr/z1wOFmrSuyl9YwstJCfejz5uAvJ9Ba2nMYkWLL5nCqQAZ4rZw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:02 2024 by rpki-client on console-fra.rpki-client.org