Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e34382e302f32312d3234203d3e203437353833.roa
File:                     3134372e39332e34382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          A9LbZgFv7h5O9hN9y6hfnYAYvfuzPMR2rTTauFGRu7I=
Subject key identifier:   42:4F:6C:A7:2A:F9:6E:C7:FE:60:82:25:7A:EC:68:4B:0B:D5:85:8E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       452FACA8FE134B91B8F91B127B04F0794800C2B2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e34382e302f32312d3234203d3e203437353833.roa
Signing time:             Wed 11 Dec 2024 16:34:19 +0000
ROA not before:           Wed 11 Dec 2024 16:29:19 +0000
ROA not after:            Wed 10 Dec 2025 16:34:19 +0000
asID:                     47583
IP address blocks:        147.93.48.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:2f:ac:a8:fe:13:4b:91:b8:f9:1b:12:7b:04:f0:79:48:00:c2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Dec 11 16:29:19 2024 GMT
            Not After : Dec 10 16:34:19 2025 GMT
        Subject: CN=424F6CA72AF96EC7FE6082257AEC684B0BD5858E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9b:a4:28:7e:d3:e0:a7:11:6e:5e:6b:c2:42:
                    05:43:95:b9:05:55:61:47:87:53:f1:c8:20:13:41:
                    c6:c6:9c:05:05:f1:a0:ae:e1:70:75:43:f9:54:38:
                    cf:c6:d2:b4:c9:9c:e3:11:e7:a5:4b:9b:09:c8:32:
                    96:64:2f:b8:ef:70:e1:da:9e:b2:a2:a6:a1:a2:5d:
                    63:e4:7d:45:4d:25:8f:c0:57:75:9a:c9:5d:a7:60:
                    16:72:29:95:e3:70:22:b1:a7:54:ef:b9:85:dc:0f:
                    6b:2f:7b:26:40:d5:cb:26:0e:95:ce:f0:19:ed:4a:
                    40:fb:4f:aa:2a:19:36:d8:cb:6c:58:9b:d4:c8:71:
                    02:b0:75:74:2e:bd:95:63:c5:db:9f:6d:0f:5e:1d:
                    c0:17:df:0d:4d:e6:c0:0f:21:4d:c9:b3:97:a1:55:
                    65:ff:0c:db:a3:a9:11:e1:b9:7e:ce:3d:fb:44:93:
                    ff:96:f5:17:9a:7d:11:f4:99:ac:53:82:7c:ce:00:
                    5a:23:48:74:2c:31:b8:69:15:73:6d:8d:e8:28:5e:
                    f8:83:ab:48:1a:14:c8:ab:a4:87:6e:d9:2b:c0:f6:
                    37:9d:22:04:e0:e3:93:1a:39:3b:43:4a:16:92:7d:
                    7e:75:c4:16:ea:7e:d7:bf:ca:b4:95:07:88:d9:e7:
                    f5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:4F:6C:A7:2A:F9:6E:C7:FE:60:82:25:7A:EC:68:4B:0B:D5:85:8E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e34382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.93.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:0a:15:78:c9:d2:4b:e7:87:37:9a:af:d2:56:9a:99:0f:07:
         aa:8e:75:3e:d6:03:93:0a:70:aa:9b:63:c2:9a:c2:d4:17:98:
         db:02:48:fc:3b:2e:46:38:97:56:da:ee:de:b1:06:c3:03:b0:
         2e:57:92:d4:21:aa:9f:a3:03:96:ec:ab:11:b0:66:71:ae:e9:
         a9:fc:11:f1:ef:42:04:09:0d:07:f3:1b:ed:2c:9a:08:30:69:
         9f:86:5f:fa:ca:b8:8c:c8:b4:d7:37:2e:e2:ba:9e:6e:ef:01:
         b2:dd:b2:38:8e:d5:b7:a5:3d:d8:f5:4d:b9:0b:4d:65:55:b4:
         d6:e2:b8:ad:73:06:f7:10:0a:8c:19:8f:f3:d6:55:8f:30:25:
         60:c3:e9:a4:57:5a:6b:6c:ca:7d:47:80:3e:76:3f:9b:26:54:
         44:cd:a1:a8:54:97:72:81:7e:4b:a8:78:74:bb:e5:da:3e:03:
         fe:4e:0b:01:14:bb:27:24:84:46:61:86:c8:88:91:7e:37:e9:
         96:d7:db:9e:4d:89:97:f8:0e:58:ff:be:c2:85:b5:4c:20:0b:
         5d:40:ca:b9:28:5f:1b:77:d6:51:4d:51:5d:14:ce:94:28:55:
         54:e5:a4:65:52:eb:80:df:b8:8b:f2:45:26:8b:b4:7c:0b:c3:
         93:4c:39:e4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURS+sqP4TS5G4+RsSewTweUgAwrIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEyMTExNjI5MTlaFw0yNTEyMTAxNjM0MTlaMDMxMTAvBgNV
BAMTKDQyNEY2Q0E3MkFGOTZFQzdGRTYwODIyNTdBRUM2ODRCMEJENTg1OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWm6QoftPgpxFuXmvCQgVDlbkF
VWFHh1PxyCATQcbGnAUF8aCu4XB1Q/lUOM/G0rTJnOMR56VLmwnIMpZkL7jvcOHa
nrKipqGiXWPkfUVNJY/AV3WayV2nYBZyKZXjcCKxp1TvuYXcD2sveyZA1csmDpXO
8BntSkD7T6oqGTbYy2xYm9TIcQKwdXQuvZVjxdufbQ9eHcAX3w1N5sAPIU3Js5eh
VWX/DNujqRHhuX7OPftEk/+W9ReafRH0maxTgnzOAFojSHQsMbhpFXNtjegoXviD
q0gaFMirpIdu2SvA9jedIgTg45MaOTtDShaSfX51xBbqfte/yrSVB4jZ5/XzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQk9spyr5bsf+YIIleuxoSwvVhY4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM3MmUzOTMzMmUzNDM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA5Nd
MDANBgkqhkiG9w0BAQsFAAOCAQEAdwoVeMnSS+eHN5qv0laamQ8Hqo51PtYDkwpw
qptjwprC1BeY2wJI/DsuRjiXVtru3rEGwwOwLleS1CGqn6MDluyrEbBmca7pqfwR
8e9CBAkNB/Mb7SyaCDBpn4Zf+sq4jMi01zcu4rqebu8Bst2yOI7Vt6U92PVNuQtN
ZVW01uK4rXMG9xAKjBmP89ZVjzAlYMPppFdaa2zKfUeAPnY/myZURM2hqFSXcoF+
S6h4dLvl2j4D/k4LARS7JySERmGGyIiRfjfpltfbnk2Jl/gOWP++woW1TCALXUDK
uShfG3fWUU1RXRTOlChVVOWkZVLrgN+4i/JFJou0fAvDk0w55A==
-----END CERTIFICATE-----