Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135332e39322e3139312e302f32342d3234203d3e20323031333431.roa
File:                     3135332e39322e3139312e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          3o03baGM/KtuL/lDXeQ5eUh23FS/VFJZ3WS2zmKX/jI=
Subject key identifier:   3D:19:A6:39:77:10:CE:83:3E:7E:83:DD:2C:5F:76:60:5D:72:6D:C1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       061157E693B4FBFF7266EF7284C24E7ABC31D5CA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135332e39322e3139312e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:17 +0000
ROA not before:           Mon 26 Feb 2024 08:48:17 +0000
ROA not after:            Mon 24 Feb 2025 08:53:17 +0000
asID:                     201341
IP address blocks:        153.92.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:11:57:e6:93:b4:fb:ff:72:66:ef:72:84:c2:4e:7a:bc:31:d5:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:17 2024 GMT
            Not After : Feb 24 08:53:17 2025 GMT
        Subject: CN=3D19A6397710CE833E7E83DD2C5F76605D726DC1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ef:13:85:b1:25:ae:51:4a:d3:b7:06:e7:f8:
                    00:89:eb:af:0d:e6:20:0c:1c:22:68:f4:41:02:3c:
                    da:8f:8e:60:a8:8e:85:e5:f1:0f:03:db:59:ca:e1:
                    5d:de:7c:ab:2e:df:37:48:c5:54:1c:30:ef:22:1e:
                    19:bc:99:ba:47:97:89:1a:02:1a:2f:34:c0:4a:12:
                    36:6a:7b:ef:27:d2:f8:72:4d:01:3c:0e:a3:a9:6b:
                    46:dc:c7:da:6c:fa:49:1d:3b:ac:e4:6c:00:a5:f7:
                    c3:3f:61:c5:25:ee:74:1f:04:b5:db:5a:12:83:96:
                    52:2c:58:58:fd:07:94:d6:12:8e:ae:fe:15:ef:87:
                    6d:e0:d7:77:a5:f3:a1:43:2f:9e:df:b4:5c:05:12:
                    bb:e3:9a:d3:a4:15:45:23:89:61:a2:2a:2a:07:1a:
                    2a:7a:26:64:38:02:9d:03:87:61:c8:0e:12:d4:ef:
                    e4:43:9e:ef:07:74:49:d7:b4:60:b8:d2:82:a1:09:
                    0c:f2:91:64:46:1f:81:a2:cd:ef:81:bc:52:0e:ce:
                    b9:0c:4e:8b:1b:9f:be:7f:fd:04:40:62:1d:df:55:
                    1f:56:e2:84:39:65:08:4a:a4:b9:8a:d1:6b:49:6c:
                    1e:af:22:47:ae:24:61:4d:6e:a5:f1:9f:0e:52:ea:
                    ca:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:19:A6:39:77:10:CE:83:3E:7E:83:DD:2C:5F:76:60:5D:72:6D:C1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135332e39322e3139312e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.92.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:3d:dd:ad:a0:18:4c:c5:77:ba:23:99:68:7d:d0:75:c7:14:
         f1:fe:cd:76:6f:b2:eb:1e:3a:5f:66:00:56:06:86:8b:1a:7a:
         df:df:be:74:46:6f:d5:6a:ac:e6:7e:f2:99:79:77:bb:78:59:
         97:f9:27:c3:ca:4e:f1:ad:43:92:7d:0b:e8:d9:52:70:86:81:
         56:db:1a:8a:39:91:df:26:11:9f:10:d4:2c:4a:ff:81:67:83:
         1e:55:ff:95:e9:f4:2c:9b:84:56:9c:e1:2c:a1:c0:05:3a:bc:
         74:ac:e0:fe:0c:db:0e:47:48:5e:d2:ec:40:dc:f2:15:be:70:
         6c:20:4c:88:9a:5a:d9:18:54:b6:20:47:5a:81:f1:6e:a0:66:
         98:6b:c3:77:d5:a2:96:a4:2e:c3:f4:a7:b1:62:a0:5f:26:c1:
         be:79:1f:25:17:d0:76:9d:e3:a5:7f:07:b1:07:15:c6:96:a3:
         ee:9c:16:ff:d3:3f:a9:dd:20:80:86:95:dd:53:7c:6c:49:7f:
         53:b6:ef:8d:cc:dc:6d:18:1f:0c:e5:4c:1b:59:5f:86:08:f7:
         e4:ee:ac:34:34:5c:e1:82:92:5a:ee:cd:14:fe:19:67:76:33:
         cc:55:60:88:ed:7e:4b:c8:4a:f9:07:91:8d:52:d2:d2:17:b7:
         4b:38:93:a5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUBhFX5pO0+/9yZu9yhMJOerwx1cowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTdaFw0yNTAyMjQwODUzMTdaMDMxMTAvBgNV
BAMTKDNEMTlBNjM5NzcxMENFODMzRTdFODNERDJDNUY3NjYwNUQ3MjZEQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC07xOFsSWuUUrTtwbn+ACJ668N
5iAMHCJo9EECPNqPjmCojoXl8Q8D21nK4V3efKsu3zdIxVQcMO8iHhm8mbpHl4ka
AhovNMBKEjZqe+8n0vhyTQE8DqOpa0bcx9ps+kkdO6zkbACl98M/YcUl7nQfBLXb
WhKDllIsWFj9B5TWEo6u/hXvh23g13el86FDL57ftFwFErvjmtOkFUUjiWGiKioH
Gip6JmQ4Ap0Dh2HIDhLU7+RDnu8HdEnXtGC40oKhCQzykWRGH4Gize+BvFIOzrkM
Tosbn75//QRAYh3fVR9W4oQ5ZQhKpLmK0WtJbB6vIkeuJGFNbqXxnw5S6soZAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUPRmmOXcQzoM+foPdLF92YF1ybcEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTMzMmUzOTMyMmUzMTM5
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACZXL8wDQYJKoZIhvcNAQELBQADggEBACQ93a2gGEzFd7ojmWh90HXHFPH+zXZv
suseOl9mAFYGhosaet/fvnRGb9VqrOZ+8pl5d7t4WZf5J8PKTvGtQ5J9C+jZUnCG
gVbbGoo5kd8mEZ8Q1CxK/4Fngx5V/5Xp9CybhFac4SyhwAU6vHSs4P4M2w5HSF7S
7EDc8hW+cGwgTIiaWtkYVLYgR1qB8W6gZphrw3fVopakLsP0p7FioF8mwb55HyUX
0Had46V/B7EHFcaWo+6cFv/TP6ndIICGld1TfGxJf1O2743M3G0YHwzlTBtZX4YI
9+TurDQ0XOGCklruzRT+GWd2M8xVYIjtfkvISvkHkY1S0tIXt0s4k6U=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:15 2024 by rpki-client on console-fra.rpki-client.org