Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3137392e3139342e302f32332d3233203d3e20323031333431.roa
File:                     3139352e3137392e3139342e302f32332d3233203d3e20323031333431.roa (raw, json)
Hash identifier:          wptn1zWXBX8dYiaHUinLg8xSRn0Fz+9qYqkAUfO62vw=
Subject key identifier:   43:C1:CB:CC:68:6B:B2:26:91:EC:E9:EA:74:4E:79:70:6A:9B:93:05
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2D4B6A764D9E3A7D04CA440D6706AAF9FCA3223D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3137392e3139342e302f32332d3233203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:15 +0000
ROA not before:           Mon 26 Feb 2024 08:48:15 +0000
ROA not after:            Mon 24 Feb 2025 08:53:15 +0000
asID:                     201341
IP address blocks:        195.179.194.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:4b:6a:76:4d:9e:3a:7d:04:ca:44:0d:67:06:aa:f9:fc:a3:22:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:15 2024 GMT
            Not After : Feb 24 08:53:15 2025 GMT
        Subject: CN=43C1CBCC686BB22691ECE9EA744E79706A9B9305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:46:53:d3:a3:a4:24:87:37:b2:d4:eb:24:b5:
                    6e:ad:a2:0a:8e:13:15:83:56:f7:9e:52:d3:02:1a:
                    00:a5:c3:63:55:7a:12:32:0d:58:10:70:3e:35:e3:
                    a1:8e:ab:1c:87:e2:01:a8:b1:60:75:1c:64:66:15:
                    bd:65:eb:fa:9d:74:44:f5:bd:ac:c7:7f:a0:f1:39:
                    73:84:8c:97:d6:42:74:ab:8b:4a:64:9e:14:40:69:
                    0d:fc:0d:69:5b:38:d2:d1:6c:93:f5:d0:0f:e4:b7:
                    a3:8b:4a:96:95:fe:4e:0a:cd:8b:4d:c0:e6:d5:38:
                    d4:47:ac:1a:e1:32:07:17:03:ae:fa:a6:71:7d:90:
                    f8:40:13:b8:e2:9f:ce:c8:a1:11:2a:f5:60:e1:44:
                    de:90:68:04:df:ad:12:ff:8b:cb:23:53:16:02:1d:
                    72:a7:c3:ac:60:23:1a:98:6f:59:da:f8:07:c2:a6:
                    1e:8e:14:e8:e9:5d:b1:2a:14:3c:cc:b2:a6:eb:ee:
                    6d:5f:12:cf:01:39:f1:4d:2b:4f:39:24:47:d3:1f:
                    05:d3:36:39:34:ac:59:6b:bb:a7:89:70:38:71:e8:
                    4c:d7:97:c5:54:76:48:fd:3b:57:57:d8:4e:b6:ce:
                    69:ad:99:1c:4a:d3:d0:24:40:d3:59:a8:c2:f9:64:
                    cd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C1:CB:CC:68:6B:B2:26:91:EC:E9:EA:74:4E:79:70:6A:9B:93:05
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3137392e3139342e302f32332d3233203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.179.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:df:21:03:2c:22:be:ac:8a:12:b3:69:5c:58:12:f3:7e:16:
         a8:c8:8d:2a:c7:30:0c:7e:e8:a3:d4:fc:d3:ec:f0:07:f6:c1:
         79:e9:a8:bf:4a:65:18:3b:a9:ab:34:ca:5a:78:3f:d6:d9:e8:
         ab:35:24:a8:53:ed:55:21:19:56:c5:cb:b0:93:02:01:7d:ea:
         50:b2:55:90:bd:3b:0b:9f:43:53:e1:e5:f8:ea:0f:9a:15:c0:
         e4:d1:2c:f6:94:73:29:7b:0e:7d:a2:36:bb:ce:3e:53:c4:3d:
         d8:ae:87:c8:1b:8c:1f:71:fc:33:41:ae:71:84:c1:ca:8f:3d:
         22:66:9e:d6:a7:77:c4:26:33:c6:bb:7c:29:df:30:3f:97:bd:
         00:75:f8:ba:55:40:4f:75:33:f5:85:67:29:66:58:22:54:0b:
         37:85:d8:80:69:bc:e2:1b:8a:84:66:ae:e9:a7:cc:63:87:3a:
         08:99:80:8e:c4:1c:ab:12:ff:67:eb:ac:fa:b6:01:44:6d:e9:
         86:48:ef:21:c9:41:8e:ba:31:aa:5e:d0:d7:29:b9:f1:1c:26:
         ee:e3:a9:84:8f:9b:16:28:ea:5f:b8:83:e2:56:d2:04:c0:cb:
         f9:ad:61:a5:9f:7d:02:1b:be:dc:33:77:5e:ca:cb:65:89:6f:
         f9:0d:10:29
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIULUtqdk2eOn0EykQNZwaq+fyjIj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTVaFw0yNTAyMjQwODUzMTVaMDMxMTAvBgNV
BAMTKDQzQzFDQkNDNjg2QkIyMjY5MUVDRTlFQTc0NEU3OTcwNkE5QjkzMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTRlPTo6Qkhzey1OsktW6togqO
ExWDVveeUtMCGgClw2NVehIyDVgQcD4146GOqxyH4gGosWB1HGRmFb1l6/qddET1
vazHf6DxOXOEjJfWQnSri0pknhRAaQ38DWlbONLRbJP10A/kt6OLSpaV/k4KzYtN
wObVONRHrBrhMgcXA676pnF9kPhAE7jin87IoREq9WDhRN6QaATfrRL/i8sjUxYC
HXKnw6xgIxqYb1na+AfCph6OFOjpXbEqFDzMsqbr7m1fEs8BOfFNK085JEfTHwXT
Njk0rFlru6eJcDhx6EzXl8VUdkj9O1dX2E62zmmtmRxK09AkQNNZqML5ZM2DAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUQ8HLzGhrsiaR7OnqdE55cGqbkwUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMTM3MzkyZTMx
MzkzNDJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAcOzwjANBgkqhkiG9w0BAQsFAAOCAQEAjN8hAywivqyKErNpXFgS834WqMiN
KscwDH7oo9T80+zwB/bBeemov0plGDupqzTKWng/1tnoqzUkqFPtVSEZVsXLsJMC
AX3qULJVkL07C59DU+Hl+OoPmhXA5NEs9pRzKXsOfaI2u84+U8Q92K6HyBuMH3H8
M0GucYTByo89Imae1qd3xCYzxrt8Kd8wP5e9AHX4ulVAT3Uz9YVnKWZYIlQLN4XY
gGm84huKhGau6afMY4c6CJmAjsQcqxL/Z+us+rYBRG3phkjvIclBjroxql7Q1ym5
8Rwm7uOphI+bFijqX7iD4lbSBMDL+a1hpZ99Ahu+3DN3XsrLZYlv+Q0QKQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:16 2024 by rpki-client on console-fra.rpki-client.org