Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39352e302f32342d3234203d3e203533333536.roa
File:                     3139342e3139352e39352e302f32342d3234203d3e203533333536.roa (raw, json)
Hash identifier:          LzzmNa44vyDQMfwJzto+YZLPKFmlgScQzO0w4W28Myk=
Subject key identifier:   99:96:AA:8A:E0:23:04:02:E6:25:0F:38:8E:20:01:9E:48:4C:4B:D3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       13A99800D38BC3395BCDF26D8272881B04B7CF41
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39352e302f32342d3234203d3e203533333536.roa
Signing time:             Mon 16 Sep 2024 22:12:02 +0000
ROA not before:           Mon 16 Sep 2024 22:07:02 +0000
ROA not after:            Mon 15 Sep 2025 22:12:02 +0000
asID:                     53356
IP address blocks:        194.195.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:a9:98:00:d3:8b:c3:39:5b:cd:f2:6d:82:72:88:1b:04:b7:cf:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 16 22:07:02 2024 GMT
            Not After : Sep 15 22:12:02 2025 GMT
        Subject: CN=9996AA8AE0230402E6250F388E20019E484C4BD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:09:98:d4:14:e8:e4:21:13:4d:9c:45:ed:47:
                    06:5b:22:ae:42:49:eb:93:d2:fa:82:95:b4:05:78:
                    14:6b:e2:9e:52:df:f5:3f:76:48:0c:d9:79:f0:1e:
                    b5:57:88:72:3b:c3:8c:1e:a2:aa:0a:30:46:b3:f2:
                    39:6e:72:05:d2:a5:bc:cb:24:7c:fe:32:9f:df:c0:
                    51:42:08:31:91:50:c9:85:78:6d:7b:91:a5:ef:08:
                    1d:72:b3:94:b4:bd:f3:3f:fb:35:a6:78:04:90:a9:
                    68:9b:42:d1:09:4b:ff:85:4a:8a:fb:dc:c5:40:c8:
                    f4:d2:0c:20:5b:1a:aa:9e:88:5d:0f:77:67:53:7c:
                    20:12:bc:6b:58:99:95:95:9a:80:70:5b:98:d7:cf:
                    bb:8b:c0:df:bc:8c:3c:22:e1:ce:54:0d:5a:bb:d8:
                    24:35:db:c9:79:b7:e8:d6:7f:aa:11:9c:16:a6:72:
                    25:2e:01:c6:13:3b:c9:a1:66:55:07:5c:35:e3:0a:
                    10:c7:a0:8a:68:2e:b2:61:d0:9f:3e:76:17:5a:b9:
                    a1:aa:89:10:af:7b:f3:7a:ef:b8:e6:49:0d:45:f5:
                    6c:ef:f8:fc:df:4e:f2:f0:d4:b8:60:0b:21:c6:c5:
                    a1:ff:1a:3d:1c:cd:99:47:a8:34:9d:f6:b3:80:84:
                    45:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:96:AA:8A:E0:23:04:02:E6:25:0F:38:8E:20:01:9E:48:4C:4B:D3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39352e302f32342d3234203d3e203533333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:4e:7b:4b:c9:80:c6:38:e4:71:e4:a7:b5:5f:5b:21:44:a0:
         5b:dc:ec:7c:58:ea:0f:db:bb:1f:51:34:e7:c8:ea:90:51:62:
         94:26:1c:fe:71:76:0f:55:bc:86:71:47:0e:88:e6:6a:27:36:
         79:45:23:97:9b:72:3d:be:ff:cb:40:a4:5e:1b:1b:42:b0:fd:
         a8:38:87:a2:f6:bc:cf:80:ca:d8:ca:9e:a2:ff:f9:f5:7b:78:
         52:a4:76:58:fe:54:7e:e1:04:c8:d8:39:66:0f:f8:9f:15:2c:
         d2:d6:a5:b9:8d:88:d1:3e:e0:e7:22:a5:53:b2:dd:33:32:b2:
         90:1b:4e:3f:e5:01:c1:f7:c0:ba:d2:2e:a1:86:d4:0e:88:5d:
         1b:a0:ec:44:10:4d:98:bd:43:a6:3c:06:b7:7f:be:f2:1e:72:
         81:d3:00:48:b4:3a:e0:9b:52:be:93:05:a6:6d:b8:eb:e6:10:
         c6:7b:e6:43:8b:f3:73:c9:cf:8d:45:cf:d1:d0:a2:54:a0:6f:
         cb:7c:6d:a3:a6:89:33:71:9f:01:ba:fe:21:ef:62:a6:11:9d:
         e8:bf:69:ea:82:a9:9c:2a:eb:d1:f3:e8:55:c1:c3:74:ab:54:
         f6:71:6a:e5:da:9f:3c:96:55:f2:05:2f:12:ba:ee:b9:81:72:
         07:03:bc:8f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUE6mYANOLwzlbzfJtgnKIGwS3z0EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MTYyMjA3MDJaFw0yNTA5MTUyMjEyMDJaMDMxMTAvBgNV
BAMTKDk5OTZBQThBRTAyMzA0MDJFNjI1MEYzODhFMjAwMTlFNDg0QzRCRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1CZjUFOjkIRNNnEXtRwZbIq5C
SeuT0vqClbQFeBRr4p5S3/U/dkgM2XnwHrVXiHI7w4weoqoKMEaz8jlucgXSpbzL
JHz+Mp/fwFFCCDGRUMmFeG17kaXvCB1ys5S0vfM/+zWmeASQqWibQtEJS/+FSor7
3MVAyPTSDCBbGqqeiF0Pd2dTfCASvGtYmZWVmoBwW5jXz7uLwN+8jDwi4c5UDVq7
2CQ128l5t+jWf6oRnBamciUuAcYTO8mhZlUHXDXjChDHoIpoLrJh0J8+dhdauaGq
iRCve/N677jmSQ1F9Wzv+PzfTvLw1LhgCyHGxaH/Gj0czZlHqDSd9rOAhEVBAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUmZaqiuAjBALmJQ84jiABnkhMS9MwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM0MmUzMTM5MzUyZTM5
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMzMzMzNTM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wsNfMA0GCSqGSIb3DQEBCwUAA4IBAQCATntLyYDGOORx5Ke1X1shRKBb3Ox8WOoP
27sfUTTnyOqQUWKUJhz+cXYPVbyGcUcOiOZqJzZ5RSOXm3I9vv/LQKReGxtCsP2o
OIei9rzPgMrYyp6i//n1e3hSpHZY/lR+4QTI2DlmD/ifFSzS1qW5jYjRPuDnIqVT
st0zMrKQG04/5QHB98C60i6hhtQOiF0boOxEEE2YvUOmPAa3f77yHnKB0wBItDrg
m1K+kwWmbbjr5hDGe+ZDi/Nzyc+NRc/R0KJUoG/LfG2jpokzcZ8Buv4h72KmEZ3o
v2nqgqmcKuvR8+hVwcN0q1T2cWrl2p88llXyBS8Suu65gXIHA7yP
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:25 2024 by rpki-client on console-ams.rpki-client.org