Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33342e302f32342d3234203d3e20313336373837.roa
File:                     3139332e392e33342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          5aA/8V4/k9OpPIdav4V5hp/Du3o1n3ax9JYqDEMDVDE=
Subject key identifier:   56:92:1B:63:30:4E:39:8C:61:D7:46:01:50:B6:CD:9D:E0:32:7E:00
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       53AF272408E837A93686040CB1FC60CDB1B9EC87
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33342e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 26 Jan 2024 19:02:26 +0000
ROA not before:           Fri 26 Jan 2024 18:57:26 +0000
ROA not after:            Fri 24 Jan 2025 19:02:26 +0000
asID:                     136787
IP address blocks:        193.9.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:af:27:24:08:e8:37:a9:36:86:04:0c:b1:fc:60:cd:b1:b9:ec:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 18:57:26 2024 GMT
            Not After : Jan 24 19:02:26 2025 GMT
        Subject: CN=56921B63304E398C61D7460150B6CD9DE0327E00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9e:80:8d:17:f9:f9:5c:41:ec:8d:aa:b1:84:
                    6a:67:53:03:6e:df:8e:29:b3:ee:17:25:59:8d:e2:
                    98:fc:5f:b9:0c:cc:95:de:92:0a:75:7d:2e:9b:60:
                    7d:e5:ca:76:90:07:19:2c:7b:34:dd:5f:8d:74:ad:
                    0b:03:54:23:da:a6:7d:8c:2e:53:06:8d:b7:cc:a4:
                    d9:1b:65:69:a0:14:ae:35:a7:e8:20:b2:fc:0c:30:
                    38:a7:ff:fe:17:7c:44:ed:11:b8:52:82:0c:f2:59:
                    2d:d5:8a:ce:67:e8:63:8f:fb:97:29:f1:7b:54:84:
                    bd:6a:68:69:c0:f3:91:00:2d:23:a7:85:4a:cd:29:
                    7a:81:cd:30:4f:16:9d:55:f3:5c:df:bf:61:7e:68:
                    74:cc:3b:f4:b3:60:25:d5:39:8a:68:50:ed:d8:5d:
                    c7:97:aa:4d:d7:55:69:c3:99:ff:d1:ca:90:e0:ce:
                    a5:35:82:4f:17:d1:c3:b2:4a:ba:10:3b:d2:37:07:
                    3d:76:7d:81:36:36:20:de:22:62:91:41:a3:f2:e2:
                    d5:e7:4e:36:5e:3a:74:17:81:0a:6e:c0:d8:83:52:
                    6f:70:bb:82:43:71:3d:47:ac:da:f1:06:03:22:7e:
                    b6:a4:c6:e4:e3:2f:de:87:1b:6a:ac:13:c4:d1:7e:
                    a0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:92:1B:63:30:4E:39:8C:61:D7:46:01:50:B6:CD:9D:E0:32:7E:00
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:e5:af:54:c6:2f:7f:86:80:45:fc:eb:d4:81:de:45:b6:d9:
         eb:4f:0c:00:4a:59:34:25:25:01:fe:d8:60:e1:ec:52:21:da:
         29:0c:0f:c4:fd:db:c5:6c:f6:ff:55:b0:c2:ce:1f:75:60:83:
         11:a4:44:93:dd:fb:b7:ad:65:3e:94:e6:19:e4:0e:86:b1:d3:
         fa:0d:75:54:85:4e:e9:db:a8:a6:5b:e6:ef:1b:c6:46:ed:95:
         82:63:ee:ae:01:37:b8:0b:2f:af:ba:34:1c:31:a6:03:eb:24:
         bc:35:ee:01:ad:60:2e:2a:b5:c2:1e:c6:e7:44:7a:9f:45:cd:
         57:cb:d3:55:97:f9:31:f7:3a:70:0d:eb:ab:b6:c9:7e:b5:15:
         d7:88:0d:a0:6c:5a:5f:8a:ea:69:64:35:78:d9:9a:d3:c9:d4:
         bd:20:24:7f:9e:b2:c5:48:17:89:6a:29:6e:82:a8:ae:fc:93:
         9c:0f:07:30:4e:a7:2c:bb:d8:d5:0f:79:7b:5d:f9:e9:4c:6a:
         ba:ae:f9:b2:bf:49:6a:fc:fa:83:85:b5:e3:83:fb:66:d1:79:
         58:70:f6:25:b9:39:22:64:55:84:29:3d:29:e5:83:63:7f:87:
         85:45:6f:a9:09:5a:5c:a5:c5:97:41:40:13:c9:59:fe:f8:c5:
         85:4b:7b:22
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUU68nJAjoN6k2hgQMsfxgzbG57IcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjYxODU3MjZaFw0yNTAxMjQxOTAyMjZaMDMxMTAvBgNV
BAMTKDU2OTIxQjYzMzA0RTM5OEM2MUQ3NDYwMTUwQjZDRDlERTAzMjdFMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLnoCNF/n5XEHsjaqxhGpnUwNu
344ps+4XJVmN4pj8X7kMzJXekgp1fS6bYH3lynaQBxksezTdX410rQsDVCPapn2M
LlMGjbfMpNkbZWmgFK41p+ggsvwMMDin//4XfETtEbhSggzyWS3Vis5n6GOP+5cp
8XtUhL1qaGnA85EALSOnhUrNKXqBzTBPFp1V81zfv2F+aHTMO/SzYCXVOYpoUO3Y
XceXqk3XVWnDmf/RypDgzqU1gk8X0cOySroQO9I3Bz12fYE2NiDeImKRQaPy4tXn
TjZeOnQXgQpuwNiDUm9wu4JDcT1HrNrxBgMifrakxuTjL96HG2qsE8TRfqCLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVpIbYzBOOYxh10YBULbNneAyfgAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzOTJlMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEJ
IjANBgkqhkiG9w0BAQsFAAOCAQEAeOWvVMYvf4aARfzr1IHeRbbZ608MAEpZNCUl
Af7YYOHsUiHaKQwPxP3bxWz2/1Wwws4fdWCDEaREk937t61lPpTmGeQOhrHT+g11
VIVO6duoplvm7xvGRu2VgmPurgE3uAsvr7o0HDGmA+skvDXuAa1gLiq1wh7G50R6
n0XNV8vTVZf5Mfc6cA3rq7bJfrUV14gNoGxaX4rqaWQ1eNma08nUvSAkf56yxUgX
iWopboKorvyTnA8HME6nLLvY1Q95e1356Uxquq75sr9Javz6g4W144P7ZtF5WHD2
Jbk5ImRVhCk9KeWDY3+HhUVvqQlaXKXFl0FAE8lZ/vjFhUt7Ig==
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:42:57 2024 by rpki-client on console-fra.rpki-client.org