Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e3136302e3131392e302f32342d3234203d3e203437353833.roa
File:                     3139332e3136302e3131392e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          EkpwJcfDFMY8J5B2I22ZknWPvb7q4f3jZdhgcisuALU=
Subject key identifier:   F8:D0:B1:94:F0:62:25:DD:A9:25:E3:31:9F:2E:EC:3E:CE:B4:58:03
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5E3348066DF41A14BAAAB12F0196E4AFA49BCB2A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e3136302e3131392e302f32342d3234203d3e203437353833.roa
Signing time:             Wed 01 May 2024 12:03:34 +0000
ROA not before:           Wed 01 May 2024 11:58:34 +0000
ROA not after:            Wed 30 Apr 2025 12:03:34 +0000
asID:                     47583
IP address blocks:        193.160.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:33:48:06:6d:f4:1a:14:ba:aa:b1:2f:01:96:e4:af:a4:9b:cb:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May  1 11:58:34 2024 GMT
            Not After : Apr 30 12:03:34 2025 GMT
        Subject: CN=F8D0B194F06225DDA925E3319F2EEC3ECEB45803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:59:18:5c:94:80:1c:ba:b0:39:98:3f:53:b7:
                    2c:f4:15:27:e6:af:ae:d8:94:41:21:81:8d:0a:d3:
                    fe:d1:37:53:0e:06:33:f4:35:0a:6a:96:03:55:a0:
                    aa:80:98:0c:d0:e4:d5:88:98:8e:97:dc:7e:22:ee:
                    41:c8:3e:16:ca:b0:9f:ef:22:fc:15:3d:11:42:c5:
                    e8:fd:06:e3:fd:21:58:d1:be:b5:46:b9:b6:60:ca:
                    18:67:a5:e4:40:c7:e6:17:b6:30:0e:f2:9e:a5:fe:
                    e5:4c:53:64:56:01:e6:a9:e0:9c:6f:49:17:f7:61:
                    2b:2f:95:6d:c5:55:4c:81:6a:c9:34:2a:06:72:e8:
                    f0:e7:c9:89:8e:cb:14:ab:53:e9:15:b3:4e:06:06:
                    ed:d3:3f:a4:7e:8b:44:87:6e:75:43:06:5b:d9:85:
                    c6:8c:a0:2f:13:28:27:6d:5c:26:ef:f3:67:3f:75:
                    12:85:1b:3e:b2:cf:e9:2f:c0:3a:cc:4e:4e:72:b9:
                    c4:f8:e2:8f:ae:09:16:9b:7c:18:7f:6b:78:b7:15:
                    72:67:d9:21:c8:ba:d4:52:8e:d2:38:8e:27:80:0f:
                    2a:d2:1f:68:ef:32:03:b4:01:2f:62:8e:61:fa:3c:
                    66:04:d9:c5:5e:c0:52:81:a9:80:13:d2:bb:cf:24:
                    4d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D0:B1:94:F0:62:25:DD:A9:25:E3:31:9F:2E:EC:3E:CE:B4:58:03
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e3136302e3131392e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:d4:6d:7c:22:72:88:8e:d2:51:fd:52:aa:3b:86:e2:4a:43:
         33:66:9f:fb:09:10:e0:a1:66:c8:07:85:ac:33:7a:2b:69:99:
         2d:df:4c:b0:fa:b5:27:9c:21:da:b1:ba:35:ea:26:84:87:02:
         db:b8:08:98:e8:3d:c1:18:de:cd:21:ed:bc:03:f0:3e:5c:7b:
         91:f3:1a:75:7e:51:e9:ca:5a:ef:36:18:72:74:8e:b1:50:58:
         1e:2f:91:31:ce:95:43:13:8b:bd:03:89:8c:5c:da:d4:8b:69:
         eb:76:3a:68:86:01:06:89:ad:94:bd:88:ef:7b:4f:97:08:96:
         62:21:ff:8a:31:90:a8:fc:5f:ea:76:b0:8a:6d:87:dc:d6:b7:
         c1:0d:3d:c1:62:05:3e:49:3c:5e:bc:2c:9b:e2:bf:9d:76:19:
         44:2d:4b:f8:e5:ee:ad:41:df:86:81:a9:48:77:76:40:ee:e5:
         3f:84:e3:b3:76:8b:c0:85:00:7c:60:cc:b6:04:75:32:02:b0:
         18:97:a3:c4:da:f0:02:03:f0:53:5b:30:6b:7a:f3:98:34:13:
         02:43:15:66:76:af:e0:9f:de:79:ba:37:48:fc:52:bc:da:08:
         9c:15:3f:a4:46:cb:12:43:e6:0f:ae:29:17:f9:65:5b:72:08:
         b2:80:aa:2a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUXjNIBm30GhS6qrEvAZbkr6SbyyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MDExMTU4MzRaFw0yNTA0MzAxMjAzMzRaMDMxMTAvBgNV
BAMTKEY4RDBCMTk0RjA2MjI1RERBOTI1RTMzMTlGMkVFQzNFQ0VCNDU4MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAWRhclIAcurA5mD9Ttyz0FSfm
r67YlEEhgY0K0/7RN1MOBjP0NQpqlgNVoKqAmAzQ5NWImI6X3H4i7kHIPhbKsJ/v
IvwVPRFCxej9BuP9IVjRvrVGubZgyhhnpeRAx+YXtjAO8p6l/uVMU2RWAeap4Jxv
SRf3YSsvlW3FVUyBask0KgZy6PDnyYmOyxSrU+kVs04GBu3TP6R+i0SHbnVDBlvZ
hcaMoC8TKCdtXCbv82c/dRKFGz6yz+kvwDrMTk5yucT44o+uCRabfBh/a3i3FXJn
2SHIutRSjtI4jieADyrSH2jvMgO0AS9ijmH6PGYE2cVewFKBqYAT0rvPJE13AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU+NCxlPBiJd2pJeMxny7sPs60WAMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzMTM2MzAyZTMx
MzEzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBoHcwDQYJKoZIhvcNAQELBQADggEBAE3UbXwicoiO0lH9Uqo7huJKQzNmn/sJ
EOChZsgHhawzeitpmS3fTLD6tSecIdqxujXqJoSHAtu4CJjoPcEY3s0h7bwD8D5c
e5HzGnV+UenKWu82GHJ0jrFQWB4vkTHOlUMTi70DiYxc2tSLaet2OmiGAQaJrZS9
iO97T5cIlmIh/4oxkKj8X+p2sIpth9zWt8ENPcFiBT5JPF68LJviv512GUQtS/jl
7q1B34aBqUh3dkDu5T+E47N2i8CFAHxgzLYEdTICsBiXo8Ta8AID8FNbMGt685g0
EwJDFWZ2r+Cf3nm6N0j8UrzaCJwVP6RGyxJD5g+uKRf5ZVtyCLKAqio=
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:25 2024 by rpki-client on console-ams.rpki-client.org